offensive security · ai/llm red team · remote, india

I break production systems before attackers do.

Security researcher. I authored CVE-2026-5189 — a source-level pre-auth RCE in Sonatype Nexus — and spend my weeks finding criticals on hardened, well-tested targets: cross-tenant takeovers, blind SQLi, full-read SSRF, multi-turn prompt-injection chains.

view résumé github twitter
locationRemote · India
roleSecurity Engineer @ AppSecure
focusweb · android · ai/llm · red team
cves1 critical (9.8)
reports115+ valid · 13 critical · 27 high
status open to global roles
shreyas@kali — ~/targets
shreyas@kali:~$ whoami --verbose
Offensive security researcher · AI/LLM red-teamer
B.E. Computer Engineering, IIIT Pune · CGPA 8.82
 
shreyas@kali:~$ ./recon.sh --target "production llm agent"
[+] multi-turn prompt-injection chains
[+] invisible prompt injection via zero-width chars
[+] full-read SSRF via LLM web-scrape tooling
[+] guardrail bypass across 4 production chatbots
 
shreyas@kali:~$ cat /etc/latest

A critical in the wild.

§01 · cve disclosure
9.8
CVSS · Critical
network / no auth / no UI
CVE-2026-5189 · Sonatype Nexus Repository Manager

Pre-authenticated Remote Code Execution chain in a globally-deployed artifact repository.

A source-level RCE chain reaching Java deserialization through the request path — a system that sits at the center of global Java & CI/CD pipelines. Discovered during independent research; coordinated disclosure with Sonatype.

source review deserialization java pre-auth supply chain ci/cd

Selected engagements.

§02 · experience
security engineer
Oct 2025 — present

AppSecure Security

remote · enterprise offensive security
  • Solo-owned 20+ engagements across ~17 enterprise clients (web, android, red-team, purple-team) — 13 Critical and 27 High severity findings; 115+ total, incl. multiple CVSS 10.0 attack chains.
  • Led end-to-end AI/LLM security assessments for production agent platforms — multi-turn prompt-injection, multi-step guardrail bypass, invisible prompt injection, full-read SSRF via scrape tooling.
  • Cross-tenant admin takeover on a Fortune 500 CIAM platform; 5 blind SQLi (time + boolean, WAF-bypassing) across an Indian NBFC; ATO via stored XSS on a major SE-Asian marketplace; mass PII enumeration on a listed insurance aggregator.
  • Engineered AppSecure's "Write with AI" report generator — prompt architecture + system-prompt iteration. Per-report time ~90 min → 5–10 min (≈9× speedup), adopted company-wide.
independent researcher
Aug 2023 — Sep 2025
(part-time: Mar 2026 —)

Offensive Security Research

independent · bug bounty · private programs
  • CVE-2026-5189 (9.8) — pre-auth RCE chain in Sonatype Nexus Repository Manager.
  • 8 high-severity findings (4 Critical, 4 High) across private programs in the past 90 days — 4 RCEs + full-read SSRF. Avg impact score 33.33 on HackerOne.
  • 108+ vulnerability reports across 40+ enterprise apps — Microsoft, Stripe, Quora. 41% of validated findings rated High/Critical.
  • Averted a platform-wide incident on Quora (400M+ MAU). Earned a critical patch from Microsoft by weaponizing an RCE despite scope limits.
  • Featured on Critical Thinking (Justin Gardner & Joel Margolis) and Bug Bounty Reports Explained (gregxsunday).
9.8
cvss authored
115+
valid findings
41%
high / critical rate
400M
users protected

Open-source & notes.

§03 · github.com/shreyaschavhan
all repositories on github →

The résumé, rendered in-browser.

§04 · recruiters — no download required
~/shreyas-chavhan-resume-2026.pdf
↓ download ↗ open

Shreyas Chavhan

Offensive Security & AI/LLM Security Researcher
· LinkedIn · Remote (India) — Open to Global Roles

Professional Summary

Offensive security researcher. Authored CVE-2026-5189 CVSS 9.8 Critical — a source-level Remote Code Execution chain in Sonatype Nexus Repository Manager, a widely-used artifact repository across global Java and CI/CD pipelines. Specializes in AI/LLM agent security — prompt injection, guardrail bypass, and privilege escalation in production LLM systems.

Professional Experience

AppSecure Security — Security Engineer, Remote

Oct 2025 – Present
  • Solo-owned 20+ offensive security engagements across ~17 enterprise clients (web, android, red team, purple team) — delivering 13 Critical and 27 High severity findings (115+ total), incl. multiple CVSS 10.0 attack chains.
  • Led end-to-end AI/LLM security assessments for production LLM agent platforms: (i) multi-turn prompt-injection chains (ii) multi-step guardrail bypasses (iii) invisible prompt injections (iv) full-read SSRF via LLM web-scrape tooling.
  • Found criticals on hardened targets — cross-tenant admin ATO on a Fortune 500 CIAM platform; 5 blind SQLi (time + boolean, WAF-bypassing) across an Indian NBFC fintech; ATO chains via stored XSS on a major SE-Asian marketplace; mass PII enumeration on a publicly-traded insurance aggregator.
  • Engineered AppSecure's internal "Write with AI" report generator — designed prompt architecture, iterated system prompts to balance cost and accuracy. Reduced per-report writing time from ~90 min to 5–10 min (≈9× speedup), adopted company-wide.

Independent Security Research — Offensive Security Researcher

Full-time: Aug 2023 – Sep 2025 · Part-time (alongside AppSecure): Mar 2026 – Present
  • CVE-2026-5189(9.8 Critical) — pre-authenticated RCE chain in Sonatype Nexus Repository Manager.
  • 8 high-severity findings (4 Critical, 4 High) across private programs in the past 90 days, incl. 4 RCEs and a full-read SSRF — avg impact 33.33 on HackerOne.
  • Submitted 108+ vulnerability reports (Aug 2023 – Sep 2025) across 40+ enterprise apps, working with Fortune 500 programs incl. Microsoft, Stripe, and Quora. 41% of validated findings High or Critical.
  • Averted a platform-wide incident on Quora (400M+ MAU). Earned a critical patch from Microsoft by weaponizing an RCE despite scope limits.
  • Featured on Critical Thinking Bug Bounty Podcast (Justin Gardner & Joel Margolis) and Bug Bounty Reports Explained (gregxsunday).

Technical Skills

Offensive Security & Pentesting — Web App · Android App · API Security · Source Code Review · Red Team · Purple Team · OWASP Top 10 · OWASP ASVS

AI / LLM Security — Prompt Injection · Guardrail Bypass · LLM Security · Agent Security · System-Prompt Extraction · AI Red Teaming · OWASP Top 10 LLM

Vulnerability Classes — RCE · SSRF · SSTI · IDOR · SQLi (Blind / Time / Boolean) · Stored, Reflected & DOM XSS · CSRF · XXE · Unsafe Deserialization · Hard-coded Creds · JWT · OAuth 2.0 Flaws · Cross-Tenant Access Control · Web Cache Deception / Poisoning · GraphQL · CORS · Path Traversal · WAF Bypass

Tools — Burp Suite Pro · OWASP ZAP · SQLMap · SSTIMap · ffuf · katana · httpx · nmap · Frida · MobSF · JADX · adb · custom Python/Bash tooling

Education

International Institute of Information Technology, Pune

Aug 2019 – Jun 2023 · B.E. Computer Engineering · CGPA 8.82 / 10

Writing & signal.

§05 · blog — shreyaschavhan.notion.site
full blog on notion →

Have a target that hasn't broken yet?

I take on a limited number of offensive engagements outside AppSecure. If you're running a product with real users and care about the hard bugs — send a note.

or email directly —
github
@shreyaschavhan · 427 followers
twitter / x
@shreyas_chavhan
linkedin
in/shreyaschavhan
blog
notion · security & research
email

tweaks

accent
density
cve banner