Adarsh Kyadige
Hello! I am a Lead Data Scientist at Sophos AI. I enjoy building Applied ML and GenAI systems for real-world, large-scale needle-in-a-haystack problems. I have a Master's degree in Computer Science with a specialization in AI and Machine Learning from UC San Diego. My current research interests are AI Security, Large-scale ML based detection of malicious and anomalous artifacts, and AI based SOC tooling.
Currently: Lead Data Scientist at Sophos AI (Denver / Remote). Managed ML/AI portfolio, led research strategy, built GenAI powered tools for the business, and mentored Data Scientists.
Ongoing Projects
Natural Language Playbook Authoring and Configuration
In this project, we're exploring how natural language can be used to safely author and configure structured security playbooks within the Taegis platform.
Automated Log Analysis for Network and Endpoint product support
This project focused on using Large Language Models to analyze large volumes of endpoint and network logs in order to assist product support engineers. The system surfaces likely failure modes, highlights anomalous behavior, and suggests plausible remediation steps, helping engineers move from symptoms to actionable hypotheses more quickly while remaining in control of final decisions.
AI Security: Protecting Agentic AI solutions by modeling prompt intent and relevance
In this work, we focused on designing systems that determine when an LLM should be used and how it should be constrained before generation begins. By categorizing user prompts and enforcing scope boundaries upstream, we reduced policy violations, irrelevant model behavior, and unintended data exposure, treating prompt understanding as a security and reliability problem rather than a pure NLP task. This approach reframes LLMs as components in a larger decision system, where controlled invocation is as important as model capability.
Past Projects
AI Security: Detecting LLM Backdoors, LLM Salting to protect against Jailbreaks
Detecting Backdoors in White-Box LLMs We studied how jailbreaks and hidden backdoors manifest inside trained language models by deliberately introducing new backdoors and identifying shared neuron activations across independent attacks. This work was presented at CAMLIS 2024. LLM Salting: Making Jailbreaks Non-Transferable We explored a defense strategy that breaks reuse of precomputed jailbreaks by rotating an LLM’s refusal direction, rendering existing prompts unreliable without retraining the model. This work was presented at CAMLIS 2025.
Book Chapter: Phishing and Social Engineering in the age of LLMs
In this work, we explored how large language models fundamentally change phishing and social engineering by enabling massive microtargeting at negligible cost. By combining synthetic user profiles with AI-generated campaign content, we demonstrated how LLMs can selectively fabricate claims, omit inconvenient facts, or tailor persuasive narratives to individuals who are most likely to agree, allowing misinformation and fraud to scale far beyond traditional bulk campaigns. This shifts social engineering from broad messaging to highly personalized influence, introducing new risks for political misinformation, scams, and societal polarization.
LLM Benchmarking and Evaluation for use in Cybersecurity
In this work, we evaluated how large language models can augment real security-operations workflows by measuring their performance on practical tasks such as translating analyst intent into structured queries, prioritizing incidents by severity, and summarizing complex security events. Rather than treating LLMs as general assistants, we focused on where they meaningfully reduce analyst effort and where their limitations introduce risk, comparing out-of-the-box behavior of several black box and open source models. This work was presented at CAMLIS 2023.
Living Off The Land Binary (LOLBin) Attack Detection
In this work we tackled the stealthiest class of adversarial behavior where attackers leverage legitimate system tools instead of traditional malware to evade detection. We developed machine-learning methods designed for noisy, highly imbalanced system telemetry, focusing on hands-on-keyboard command line executions that distinguish benign use of native tools from malicious abuse. We focused on building a system that enables scalable detection across millions of endpoints where classic signature-based methods fail due to the lack of explicit malicious artifacts. This research was presented at BSides Las Vegas in 2022.
Multi-View Deep Learning for Malware Detection: Using filepaths as additional context
In this project, we worked on improving large-scale malware detection by incorporating context alongside file content. Traditional static ML detectors focus almost entirely on features extracted from a file itself, but we showed that auxiliary signals like a file’s location on disk can meaningfully change how suspicious it should appear. We designed a multi-view deep learning architecture that jointly models PE file features and file-path context, evaluated on ~10 million real endpoint samples. The combined model significantly improved detection performance in low false-positive regimes where operational cost matters most, while remaining deployable at production throughput. We also used interpretability techniques (LIME) to verify that the model learned sensible, human-interpretable patterns rather than spurious correlations, reinforcing trust in its real-world use. This research was presented at the 2020 IEEE S&P DLS workshop.