Security-minded engineering leader — building the backbone that makes AI agents reliable, safe, and genuinely useful.

What I'm building toward is an AI agent that's genuinely useful — one you can hand real work and trust the result. Making large systems trustworthy — building capabilities for and securing device fleets, shipping agentic AI at scale, and now building features for AI that keeps customers safe at Google Cloud SecOps — taught me that usefulness lives or dies on the backbone underneath: agentic memory so it gains experience, verification so it stays right, guardrails so it stays safe. I build that backbone and lead teams to adopt it — because "useful enough to depend on" and "safe" are the same problem.

I spend a lot of my own time in personal R&D because it's important that we get these things right, a few examples are below.

• Usability over complexity: The most resilient systems are often also easy to use. Good security doesn't come from artificial friction — asking someone to approve rarely makes anything safer. It comes from engineering intelligent boundaries that self-correct and make the safe path the natural one.
• Unlocking creativity: Boilerplate and config are boring. Remove the repetitive engineering and you make room for the human kind — engineers spend their time creating. Engineering can be art, and it should be fun!
• Systems that gain experience: I'm interested in self-reinforcing systems that remember — an agent that's more than today's eager junior engineer, that recalls the last session you paired on and is better in the next. That takes persistent memory working more like ours does, and it's what turns an assistant into one that's genuinely useful.

For AGENTS.md-aware environments — Claude Code and Antigravity in particular — built to get more useful every day we work together.

The memory and structure that turn a capable model into an agent you'd actually depend on: persistent, vault-backed memory that learns from you and self-improves, a phase-gated workflow that keeps it on rails, and on-disk state so a fresh session continues instead of starting blank. It carries your projects, files, and knowledge across any agent surface — and gets better the more you work together.

Small primitives that punch far above their weight. Native plugins for Claude Code and Antigravity that arm an agent with production-grade, dev-lifecycle capabilities — today kill-switches, fresh-context evaluators, PII guardrails, and dependency-PR repair; working toward phase-gated workflows, testing, and code review. The execution engine behind Agent M, and the layer that makes it safe enough to actually rely on.

My applied-AI testbed for financial markets: what does a trading engine look like built AI-first? A self-hosted engine pairing an isolated predictive-planning subsystem with a mandatory human-in-the-loop gate for execution safety — seeing how far smart, safe AI can go when there's real money on the line. (v2 in active design.)

Per-machine bootstrap for deterministic, portable dev environments — how I tie my tools together so I can make great things.

[ LEADERSHIP ]   Building teams + making them efficient / cross-functional strategy / mentorship + career growth
[ PRODUCT ]      User-facing features / making capabilities genuinely useful / simpler, more intuitive products
[ AI / AGENTS ]  Agent harnesses / agentic memory / verification + guardrails / human-in-the-loop autonomy
[ SECURITY ]     Threat detection / cryptography / zero-trust boundaries / safe-by-default design
[ PLATFORMS ]    Cross-platform software at fleet scale / GCP / automated CI/CD / safe, frequent rollouts
[ LANGUAGES ]    Go / C++ / PowerShell / SQL / gRPC

• LinkedIn: alex-m-herrero
• Blog: coming soon — writing on agent reliability, memory, and verification
• GitHub: @alexherrero