Jimmy Kong

Project log

~/projects/index.md 5 entries

$ ls projects/

Selected projects from my CV

The projects below reflect the strongest parts of the CV: security automation, monitoring systems, red-team experimentation, and secure full-stack application development.

Government Environment · 2025

Legislative Council Election Website Defacement Detection System

Designed, developed, and deployed an automated monitoring system to safeguard official election webpages during the 2025 Hong Kong Legislative Council election period.

  • Scheduled page capture with baseline comparison for text, image, and hyperlink changes
  • Real-time alerting for rapid investigation and response
  • Ran on an internal government security network and received commendation from the Cyber Security Manager
Monitoring Detection Internal Deployment
Security Automation · 2025 - 2026

Automated Threat Intelligence Monitoring and AI Analysis Platform

Built a Python and Flask platform that continuously collected advisories and CVE updates from more than 20 major technology vendors.

  • Integrated LLM-based parsing for affected products, CVEs, severity, and remediation guidance
  • Developed dashboards, editing workflows, and export or distribution features
  • Reduced manual SOC triage and reporting effort
Python Flask LLM
Research & Development · 2026

Local LLM Red-Team Automation System

Developed an on-premise red-team automation system using vLLM, locally hosted Gemma 4, and LangGraph for planning, tool calling, and attack-chain orchestration.

  • Integrated vulnerability scanning, payload generation, and result parsing
  • Kept sensitive testing data fully local for security and privacy compliance
  • Focused on offensive security workflows for local AI systems
vLLM Gemma 4 LangGraph
Full-Stack Project · 2026

AI Study Planner and Progress Tracking System

Built a student productivity platform with React, TypeScript, FastAPI, Supabase, and PostgreSQL for task management, calendar views, learning plans, and progress visualization.

  • Implemented JWT and API-key authentication, rate limiting, and row-level security
  • Added API-key hashing and AI usage quota management
  • Balanced product usability with secure backend controls
React FastAPI PostgreSQL
Research Presentation · 2026

Hijacking Local Low-Parameter Multi-Agent Systems

Delivered a technical presentation on offensive and defensive security considerations for local multi-agent LLM systems.

  • Covered inter-agent trust abuse, MCP tool poisoning, memory attacks, and runtime mitigations
  • Focused on realistic failure modes in local agent architectures
  • Bridged research thinking with practical security recommendations
LLM Security Agents Presentation