Malachi Jones — Co-Founder

Dr. Malachi Jones is a Principal Cybersecurity AI/LLM Researcher and Manager at Microsoft, where he currently leads a team advancing red team agent autonomy within Microsoft Security AI (MSECAI). His present focus is on building autonomous red team agents, while his earlier work centered on fine-tuning large language models (LLMs) for security tasks and developing reverse engineering capabilities in Security Copilot. With over 15 years in security research, Dr. Jones has contributed to both academia and industry. At MITRE, he advanced ML- and IR-based approaches for automated reverse engineering, and at Booz Allen Dark Labs, he specialized in embedded security and co-authored US Patent 10,133,871. In addition to his work at Microsoft, Dr. Jones is the founder of Jones Cyber-AI, an organization dedicated to independent research and teaching initiatives. Through Jones Cyber-AI, he has developed and taught his specialized course, Automating Reverse Engineering Processes with AI/ML, NLP, and LLMs, at premier conferences including Black Hat USA (2019, 2021, 2023–2025) and RECON Montreal (2023–2025). His independent research in AI/ML, Graphs, and LLMs agents ensures his courses remain cutting-edge and aligned with the latest advances in cybersecurity and reverse engineering. He previously served as an Adjunct Professor at the University of Maryland, College Park, and holds a B.S. in Computer Engineering from the University of Florida, as well as an M.S. and Ph.D. from Georgia Tech, where his research applied game theory to cybersecurity. His expertise continues to drive innovation in AI-driven cybersecurity and automated reverse engineering.

Stackforce AI infers this person is a Cybersecurity expert specializing in AI-driven solutions and reverse engineering.

Location: Atlanta, Georgia, United States

Experience: 13 yrs 11 mos

Skills

Artificial Intelligence (ai)
Machine Learning
Reverse Engineering
Natural Language Processing (nlp)
Ai/ml
Embedded Security
Cyber Security

Career Highlights

Pioneered autonomous red team agents at Microsoft.
Developed cutting-edge AI/ML courses for cybersecurity.
Co-authored a US Patent in embedded security.

Work Experience

Microsoft

Principal Security Research Manager - MS Security AI (MSECAI) (11 mos)

Principal Cyber Security AI/LLM Researcher (2 yrs 9 mos)

MITRE

Principal Embedded Security & ML Researcher (2 yrs 2 mos)

Lead Embedded Security & ML Researcher (2 yrs 4 mos)

University of Maryland at College Park

Adjunct Professor (1 yr 4 mos)

Jones Cyber-AI

Founder (7 yrs 8 mos)

Booz Allen Hamilton

Embedded Security Researcher (1 yr 11 mos)

Harris Corporation

Cyber-Security Vulnerability Researcher (1 yr 2 mos)

Cyber-Security Software Engineer (2 yrs 7 mos)

Intel Corporation

Cyber-Security Software Engineering Intern (3 mos)

Texas Instruments

Embedded Software Engineering Intern (3 mos)

GE

Software Engineering ITLP Intern (3 mos)

Harris Corporation

Software Engineering Intern (3 mos)

Education

Doctor of Philosophy (PhD) at Georgia Institute of Technology

Master's Degree at Georgia Institute of Technology

Bachelors at University of Florida

Malachi Jones

Co-Founder

Atlanta, Georgia, United States13 yrs 11 mos experience

Most Likely To SwitchAI Enabled

Key Highlights

Pioneered autonomous red team agents at Microsoft.
Developed cutting-edge AI/ML courses for cybersecurity.
Co-authored a US Patent in embedded security.

Stackforce AI infers this person is a Cybersecurity expert specializing in AI-driven solutions and reverse engineering.

Contact

Skills

Core Skills

Artificial Intelligence (ai)Machine LearningReverse EngineeringNatural Language Processing (nlp)Ai/mlEmbedded SecurityCyber Security

Other Skills

Graph-based reasoningCode analysisRed team agentsDeep LearningLarge Language ModelsGraph-based analysisLLMsNLPC++PythonStatic analysisDynamic analysisTool DevelopmentC/C++Cryptography

About

Experience

13 yrs 11 mos

Total Experience

1 yr 9 mos

Average Tenure

3 yrs 8 mos

Current Experience

Microsoft

2 roles

Principal Security Research Manager - MS Security AI (MSECAI)

Promoted

May 2025 – Present · 11 mos · Atlanta Metropolitan Area · Remote

Lead a research team of 11 direct reports developing autonomous, AI-powered red team agents for adversarial threat simulation across the full attack kill chain.
Drive end-to-end attack campaign execution by integrating memory, graph-based reasoning, and tool execution to support realistic security evaluation.
Lead the development of code analysis capabilities for identifying hard-coded secrets, credentials, and sensitive configuration artifacts using LLM- and agent-based workflows with graph reasoning over abstract syntax trees (ASTs), leveraging graph platforms such as Neo4j.

Artificial Intelligence (AI)Machine LearningGraph-based reasoningCode analysisRed team agents

Principal Cyber Security AI/LLM Researcher

Aug 2022 – May 2025 · 2 yrs 9 mos · Atlanta Metropolitan Area · Remote

Lead initiatives within the Microsoft Security AI (MSECAI) team to apply and fine-tune small and large language models (SLMs and LLMs) for cybersecurity, with a focus on reverse engineering (RE) and malware analysis.
Supported the initial GA release of ScriptAnalyzer, a core Security Copilot skill for script analysis, in April 2024. Led the fine-tuning of the model to significantly improve the accuracy of MITRE ATT&CK technique identification compared to the base model, and shipped the improved model in May 2025.
Designed, developed, and launched FileAnalyzer as a generally available (GA) feature with Security Copilot in April 2024, providing file assessments with detection names for malicious or potentially unwanted files, certificate and signer metadata, and summaries of file contents including extracted strings, API calls, and certificate details
Developed a proof of concept for static code-based vulnerability reachability analysis, combining LLM reasoning, tree-sitter code parsing, and NVD API integration to identify reachable vulnerabilities and prioritize remediation efforts; transitioned the solution to the Microsoft Defender for Cloud (MDC) team for further development and integration.
Spearhead RE capability development for Security Copilot by integrating static and dynamic analysis with AI-driven automation to improve cybersecurity workflows, efficiency, and accuracy.

Artificial Intelligence (AI)Natural Language Processing (NLP)Deep LearningLarge Language ModelsReverse EngineeringMachine Learning

Mitre

2 roles

Principal Embedded Security & ML Researcher

Promoted

Jun 2020 – Aug 2022 · 2 yrs 2 mos

Served as Principal Investigator for a research initiative titled "Automating Function Naming in Stripped Binaries via Neural Networks and NLP Techniques," focused on applying LSTM and Transformer-based models alongside word2vec embeddings to infer meaningful function names in binaries lacking symbol information.
Co-authored the white paper "Odyssey: A Systems Approach to Machine Learning Security," outlining principles and architectural approaches to systematically harden machine learning models and workflows against adversarial threats and operational risks.

Machine LearningNLPReverse Engineering

Lead Embedded Security & ML Researcher

Feb 2018 – Jun 2020 · 2 yrs 4 mos

Leading a team of security research on reverse engineering tasks across platforms that include iOS and architectures that include ARM
Principal Investigator for MITRE's automated reverse engineering framework research effort to perform (exact and partial) function/binary matching at scale for applications that include firmware analysis and software supply chain risk management

Reverse EngineeringMachine Learning

University of maryland at college park

Adjunct Professor

Jan 2019 – May 2020 · 1 yr 4 mos · College Park, Maryland

Developed and taught the course: “Machine Learning Applied to Cyber Security”
Introduced students to relevant unsupervised and supervised Machine Learning techniques (e.g. clustering and classification) and how they can be applied to address Cyber Security problems (e.g. Malware, Vulnerability, and Network Traffic)

Jones cyber-ai

Founder

Aug 2018 – Present · 7 yrs 8 mos · Atlanta Metropolitan Area · Hybrid

Founded Jones Cyber-AI to advance independent research and specialized training at the intersection of AI/ML, graph-based analysis, LLMs, agentic systems, and reverse engineering (RE), including development and instruction of a hands-on course at Black Hat USA (2019, 2021, 2023–2026) and RECON Montreal (2023–2026).
Created Blackfyre, an open-source framework that lifts binaries into VEX IR encoded as Protocol Buffers (protobuf) for scalable analysis and serves as the foundation for advanced RE automation workflows.
Introduced a 2025 fine-tuning module featuring hands-on training with LLaMA 3.2 models on cloud GPUs, covering supervised fine-tuning, LoRA, and quantization for adapting LLMs to security-focused RE tasks.
Expanded the curriculum in 2026 to include graph-based workflows, NL2GQL for insight-focused querying, transformer embeddings, RAG, KnowledgeRAG, the Model Context Protocol (MCP), agentic systems, and the introduction of BinQL as an open-source graph query and analysis framework.

AI/MLGraph-based analysisLLMsReverse Engineering

Booz allen hamilton

Embedded Security Researcher

Mar 2016 – Feb 2018 · 1 yr 11 mos · Annapolis Junction, MD

Leading a team of security researchers in developing automated static and dynamic analysis tools written in C++ and Python that performs data flow and control flow analysis to identify potential exploitable vulnerabilities in embedded device firmware via an llvm intermediate representation (IR)
Analysis tools being developed are capable of detecting memory corruption bugs that include stack/heap buffer overflows, Use-After-Free, and double free.
Organizing and leading embedded hacking workshops internally and at top universities that include Georgia Tech and University of Maryland at College Park
Organizing and developing technical talks on Memory Forensics, Machine Learning, and Binary analysis that are presented at venues in the Central Maryland area that include the University of Maryland at College Park
Instructor with Booz Allen’s internal reverse engineering training program where several classes are taught per year with 30+ attendees in each class

Machine LearningCyber Security

Harris corporation

2 roles

Cyber-Security Vulnerability Researcher

Promoted

Jan 2015 – Mar 2016 · 1 yr 2 mos

Reverse engineering
MIPS, ARM, and X86 architectures
Tool Development (e.g. Fuzzers)
Organized and created training material for an Embedded Hacking workshop open to SW engineers across the company that provided a hands-on experience/exposure to VR and software security principles

C++PythonStatic analysisDynamic analysisEmbedded Security

Cyber-Security Software Engineer

Aug 2013 – Mar 2016 · 2 yrs 7 mos

Developing crypto-sytem interfaces (C/C++) using cryptographic libraries that include openssl.
Kernel hardening Linux systems and utilizing vulnerability scanning tools that include Nessus.
Working with crypto algorithms that include AES (using different modes i.e. CBC and CTR) and SHA

Reverse EngineeringTool Development

Intel corporation

Cyber-Security Software Engineering Intern

May 2011 – Aug 2011 · 3 mos · Portland, Oregon Area

Designed an authentication method using QR codes that allows iOS and android smart phones to pair securely without explicitly using pins or passwords
Developed and tested design using a Windows 7 server and android smartphone client
Integrated authentication method into the Intel Cyber Security sdk suite

C/C++CryptographyCyber Security

Texas instruments

2 roles

Embedded Software Engineering Intern

May 2009 – Aug 2009 · 3 mos · Dallas/Fort Worth Area

Worked with customers, such as HTC, to develop solutions for smart phone integration issues related to multimedia hardware components including OMAP.
Camera and battery driver development and testing.