$ whoami

Avneesh
Kasture

secure-mcp engineer / professional services

I work in professional services, building secure MCP servers for clients — hardening the agentic layer against prompt injection, tool misuse, and privilege abuse. Alongside that I ship the internal apps that take friction out of my company's day-to-day.

I make the agentic layer safe to ship.

I'm a professional-services engineer focused on building secure MCP servers for clients — scoping tools tightly, defending against prompt injection and privilege abuse, and delivering agentic integrations they can actually run in production.

Alongside client work I build the internal apps that remove friction inside my own company — LLM-powered document generation, pricing, and analytics tooling designed so every output is fast, governed, and traceable back to its source. Security-trained, detection-minded, product-focused.

How I harden an MCP server

  1. 01

    Threat-model the agentic layer first

    Before any tool code: map what the model could be coerced into — prompt injection via tool results, tool misuse, privilege escalation, data exfiltration — and design controls against that, not against the happy path.

  2. 02

    Least privilege, enforced in code

    Scope the server to the minimum endpoints the use cases need, and reject everything else at runtime with a real allowlist — not a note in the prompt the model can be talked out of.

  3. 03

    Identity on every call

    Verify the caller's token — signature and claims — on every tool invocation, and bind that identity to every action so nothing runs anonymously.

  4. 04

    Untrusted output, scanned before the model sees it

    Tool output is structured, isolated from the system prompt, and DLP-scanned so PII and secrets never enter the conversation history.

  5. 05

    Audit every action to its cause

    Each tool call is a structured record — who, what, which endpoint, and a hash of the prompt that triggered it — so an incident can be reconstructed, not guessed at.

Where I've worked

  1. Professional Services · Solutions Engineer

    Gruve Apr 2026 — Present · Pune

    Design and deliver secure MCP servers for clients — scoping tools, hardening the agentic layer against prompt injection and privilege abuse, and shipping integrations they run in production. Alongside client delivery I build internal apps that remove business friction — including Helix, an AI sales-enablement platform (a GPT-4o SOW-generation pipeline, automated pricing calculator, engineering capability roadmap, and Service Navigator).

  2. Security Operations Center Analyst

    Gruve Apr 2025 — Apr 2026 · Pune

    Advanced triage and investigation of security alerts across network, endpoint, and authentication telemetry using Splunk and CrowdStrike Falcon. Conducted threat hunting that identified a vulnerability and led to a customer-wide advisory report.

  3. Digital Forensics Intern

    Deloitte Jul 2024 — Feb 2025 · Mumbai

    Forensic acquisition and analysis of digital media using industry-standard tools. Streamlined business-critical processes to cut processing time by 80%, and automated virus scanning and image documentation with Python (RPA).

Things I've built

01 agent-safety · provenance · Python

d2c-analyst

A working AI analyst plus an autonomous Margin Watch agent for D2C brands. Every number in an answer is server-side validated against a provenance model before it reaches the user; a gpt-4o-mini → gpt-4o router escalates on complexity, all over row-level-secure multi-tenant data. Built, tested, and documented end to end.

02 agentic-security · research · WIP

mcploitable

A work-in-progress agentic-security training lab — a deliberately vulnerable MCP server (“the Metasploitable of MCP”) that maps the OWASP Top 10 for Agentic Applications to hands-on scenarios with an insecure/hardened toggle. Early and actively in development.

03 platform · private

Helix @ Gruve

Internal AI sales-enablement platform. A GPT-4o SOW generation pipeline, automated pricing calculator, engineering capability roadmap, and Service Navigator — Express.js, PostgreSQL, Redis, Prisma on Azure.

04 security tooling · NLP · Python

PIIDetector

A filesystem-level PII detection tool that scans images, text, Word docs, and PDFs for sensitive-data exposure, enhanced with NLP-based entity recognition for structured and unstructured PII patterns.

05 research · cryptography

Randomness Testing Suites

A comparative analysis of randomness-testing algorithms and suites — methodology and results written up as a research draft.

· for fun

Seinfeld Excuse Rolodex

A tiny toy that generates an excuse for every day of the week. Kept around because it still makes me laugh.

Toolkit

Secure MCP & Agentic

  • MCP server design
  • OWASP Agentic Top 10
  • Prompt-injection defense
  • Tool scoping & sandboxing
  • Client delivery

AI & Automation

  • LLM workflow orchestration
  • Document-generation pipelines
  • Citation / provenance validation
  • Tool-use / function calling
  • SOAR / playbook automation

Build & Ship

  • Python
  • Docker
  • Internal app development
  • REST & API integration
  • LLM app plumbing

Security Foundations

  • Threat Hunting
  • Detection Engineering
  • Splunk · CrowdStrike Falcon
  • Windows Forensics
  • Malware Analysis

Certifications

Education

  • B.Tech, Computer Science & Engineering
  • Vellore Institute of Technology · 2024 · GPA 8.38 / 10

Community

  • Enactus — VIT Chennai Chapter

Let's build something secure.