$ whoami Robert Prast

Independent research on vulnerabilities, agents, and philosophy of the machines we are increasingly letting think for us.

Last Humanity is my research lab to explore new ideas, share my insights, and be devoid of outside influence. This is fully unaffailiated with my day job in any way. I have been hacking all my life for the sheer joy of it. I live by the ethos of PoC or GTFO from 90s hacker cowboys but have had to submit most of my work anonymously. Well that has changed...

## track record

A decade of building and breaking at scale:

I do stuff and things in various corporate capacities. Its unrelated to this but its cool stuff.
Active across Hackerone, Bugcrowd, MSRC, Google VRP, and Github Security Advisories. MSRC Top 100 Researcher in 2023 before stopping all public work. Have vulns across Apache, Anthropic, Google, Microsoft, Zoom, etc ...
Co-creator and architect of Ocular (crashappsec/ocular) — an open-source code-scanning orchestration framework battle-tested at scale inside a Fortune 500, and now open-sourced under Crash Override. It powers my homelab to automate millions of security scans, AI and traditional alike.
SREcon 2022 Americas speaker on real-time threat tracking with eBPF and syscall tracing (talk, slides).
Computer-vision tinkerer — Arduino, ESP32, custom SoCs and the like. Earlier in my career I did embedded systems and computer-vision R&D at DFRobot on AI cameras like the HuskyLens. That meant writing our own embedded C/C++ RTOS and training our own models to run entirely on-device (face recognition, object tracking, object classification for example) accelerated by Kendryte K210's SOC. At its core it was edge AI when it was just starting to kick off, now I dabble at home just for fun.

## selected writing

Long-form work on security, observability, and AI:

Featured author on BetterAppSec — An AI Primer for Application & Cloud Security, How Automated AI Code Analysis Can Scale Application Security, and The AppSec AI Challenge: Authorized & Intended.
Featured: funreliable on h4x0r.org.
Early career work — Detecting SQL injection with Pixie & its New Relic counterpart, catching injection attacks at runtime with eBPF.

## find me

The fastest ways to follow the work or get in touch:

GitHub — code, PoCs, and disclosures.
LinkedIn — professional background.
RSS — every new post, no algorithm in the way.