London, UK · UK right to work · no sponsorship needed
Tong Zhao
Independent researcher on LLM security and multi-agent workflow design. Five years inside UK tax advisory before this — close to the kind of regulated, messy professional work where internal tools either save the team hours or quietly waste them.
Currently looking at agent-runtime mechanics — context compaction, progressive disclosure, skill loading, tool-use boundaries, and behaviour under adversarial input.
Selected projects
Click into any card for the full writeup — architecture, technical decisions, and what I learned. Bug-bounty findings are presented as redacted methodology only: no endpoints, customer names, PoC payloads, or credentials.
-
Multi-agent security research workstation
Self-hosted system that runs the whole loop — recon, hypothesis generation, evidence accumulation, adversarial chain-of-reasoning audit, and report drafting. One core decision: the adversarial reviewer never sees the positive agent's conclusion, only its thinking trace. Sycophancy is anchoring; don't give the model the anchor.
Output: an Intigriti 10.0 / 10.0 Exceptional report against CM.com's admin API (cross-tenant broken object-level authorization). Plus disclosures across Cambium Networks, Venly, Bild.de NewsBot, and AI/ML supply-chain (MLflow / Keras / Vanna).
Neo4jPostgres + pgvectorAnthropic SDK / MCP multi-model routingChrome DevTools Protocol
Read the architecture →
-
TaxPilot — UK Self Assessment AI agent
Three-layer knowledge architecture: Skill (procedure, extracted from ATT/CTA syllabi as decision trees) + RAG (HMRC Manuals and legislation.gov.uk for citable authority) + Updates (Finance Act, case law, professional journals as continuous-update sources). Tax-rate placeholders so rate-table changes never require re-writing logic. ATT/CTA past papers used as a regression test set.
Next.jsAnthropic SDKPostgres + pgvector HMRC Developer Hub
Read the architecture →
-
Hengo (Selfloom.ai) — AI job search for international graduates
Solo end-to-end build — user interviews, PRD, three-tier pricing, visa-driven LTV mapping, multi-agent product structure (Career Strategist / Resume Optimizer / Interview Coach / Visa Advisor). Held back from public launch pending broader validation.
Next.js 16Claude Agent SDK Prisma + PostgresCapacitor
Open the live site →
-
UK Capital Gains Tax calculator (share disposals)
A working CGT calculator for share disposals, built independently to assist real client computations. Multi-broker CSV / Excel import, Section 104 holding pool, same-day and 30-day matching rules, rate banding across basic / higher / additional. Hard tax rules translated into deterministic logic, then unit-tested against HMRC examples.
Next.jsTypeScriptpapaparse xlsxTailwind
Read the writeup →
Background, briefly
- 2026 – present. Independent — full-time on LLM agent security, multi-agent workflow design, and vertical AI products. Active responsible-disclosure across web, AI/ML, and frontier-LLM targets.
- 2021 – Feb 2026. Senior, Tax — Blick Rothenberg (London). Senior Associate, Global Mobility Tax — PwC / Vialto Partners (London). UK personal tax, expatriate tax-equalisation, employer compliance. Built internal workflow tools on the side, including a 2022 GPT-3 internal billing-coordination tool — pre-ChatGPT, pre-tool-calling, pre-MCP.
- Tax credentials. ATT (Association of Taxation Technicians, full). CTA partially qualified — Taxation of Individuals paper passed.
- LLM history. Working with LLMs since the GPT-3 era (2020+). Multi-year exposure across pre-Agent / pre-MCP, the early ChatGPT period, and the current frontier-model and agent generation.