Angie Valentine Agee

I build security tools and research workflows for the places where traditional defense starts to strain: AI assistants, agentic workflows, cloud identity, retrieval pipelines, and detection programs that need to make sense to both analysts and leaders.

My current work centers on AI threat hunting. I am interested in how defenders investigate systems where the evidence is split across identity logs, tool-call traces, retrieval records, model outputs, and human approvals. That means looking at AI security as an operational problem, not just a model problem.

Current Work

• Security R&D Toolkit. A live, browser-based workbench for threat modeling, ATT&CK research, AI threat hunting, cloud attack-path simulation, red team planning, and incident investigation workflows.
• AI Threat Hunt Field Lab. Companion tools for AI asset blast-radius mapping, structured hunt briefs, and AI-agent evidence reconstruction.
• AI agent telemetry research. Practical requirements for seeing what AI agents did, which identity they used, what tools they called, and which controls should have constrained them.
• Detection engineering operating models. Patterns for making detection work durable enough for audits, incidents, and executive tradeoff discussions.

How I Think

• Start with the investigation question, then decide which telemetry matters.
• Model blast radius before trusting an AI system's intended behavior.
• Turn research into tools people can actually use under pressure.
• Write plainly enough for leaders and precisely enough for analysts.

Where To Start

If you want the fastest read on my work, start with the Security R&D Toolkit, then read When half your evidence is a model's chain-of-thought and Blast radius for AI agents.

Contact

I am easiest to reach on LinkedIn. My longer public writing is on Medium, and my public code lives on GitHub.