I'm Ali Mohammadi Ruzbahani — an AI security researcher and PhD student in Electrical and Computer Engineering, working across decentralized AI security, post-quantum cryptography, and trustless distributed systems.
I build systems that stay trustworthy under adversaries — from language models to quantum-era cryptography.
I am a PhD student in Electrical and Computer Engineering in the Smart Cyber-Physical Systems Lab at the University of Calgary, where my research sits at the intersection of artificial intelligence and security, with a focus on decentralized AI security. My work spans the security of large language model agents, post-quantum cryptographic primitives, and Byzantine-resilient federated learning.
Alongside academic research I build complete systems end to end — from Rust cryptographic implementations and Solidity smart contracts to full-stack platforms. I co-founded two Alberta-incorporated ventures bridging Web3 and AI security, and teach quantum computing and quantum key distribution at the graduate level.
I care about distinctive design and rigorous, evidence-based engineering. If it touches intelligence or trust, I want to understand how it breaks.
I began my studies in Computer Engineering but soon shifted to Engineering Physics, where I graduated top of my class. As a recognized gifted student, I was admitted to a Master's program in Condensed Matter Physics. Seeking to explore emerging technologies, I moved to Canada and continued my studies in Electrical and Computer Engineering with a focus on Decentralized AI Security. After one year, I transferred to the Ph.D. program, where I am currently pursuing my research.
// Full list & Google Scholar · View profile ↗
Project details are currently being updated.
View project ↗Project details are currently being updated.
View project ↗Project details are currently being updated.
View project ↗Project details are currently being updated.
View project ↗Project details are currently being updated.
View project ↗Project details are currently being updated.
View project ↗
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24A short take on indirect prompt injection and what defenders keep getting wrong. Replace with your post.
Read post →Lattices, NTT, and why your encryption needs an upgrade before quantum computers arrive. Replace with your post.
Read post →Honest negative results, and what they reveal about detecting malicious clients. Replace with your post.
Read post →Beyond research, I design and build production systems and advise organizations on the hard problems where AI, security, and cryptography meet.
Architecture and development of web frameworks and full-stack applications, from data model and APIs to a polished production interface.
Designing, implementing, and integrating AI and LLM systems into real organizational workflows, with security and reliability built in from the start.
Threat modeling, AI and LLM security review, and hardening for products and organizations facing modern attack surfaces.
Advisory on cryptographic design, post-quantum migration strategy, and secure protocol engineering.
Smart contract development, decentralized architecture, and Web3 product strategy for trustless systems.
Founder-level technical guidance for early-stage ventures: architecture, roadmap, security posture, and team direction.
Open to research collaboration, speaking, advisory work, and bold projects at the intersection of AI and security.
If we have not met before, please read this before sending a message or email. I promise it prevents a lot of fruitless back and forth.
If your question is about one of my papers, projects, or writing in AI security, LLM agent security, RAG security, federated learning, post-quantum cryptography, distributed systems, Web3, or smart infrastructure security, I am glad to read it. Please say exactly which work, paper, project, or idea you have seen, and what your specific question is. Messages that show you actually read the material tend to move toward the front of the queue, like someone who bought their ticket early.
I work at the intersection of AI, security, cryptography, and decentralized systems. If your research idea relates to LLM security, prompt injection, RAG poisoning, federated learning, Byzantine resilience, post-quantum cryptography, blockchain, zero-knowledge, or trustless distributed systems, please reach out. Write the core problem, the research background, the role you propose for the collaboration, and why you think it could be meaningful, briefly and clearly. "I have a great idea" is not a bad start, but on its own it is not enough.
If you have questions about learning paths, research, applications, cybersecurity, AI, cryptography, web, Web3, DevOps, software deployment, or building a product, you are welcome to write. Please keep in mind that I cannot offer long term mentorship, regular sessions, private tutoring, or a full life roadmap for everyone. If your question is specific, short, and comes with enough context, the chances that I can give a useful answer go up a lot.
I enjoy serious ideas at the intersection of AI, security, cryptography, Web3, infrastructure, and product. If you want to talk about a startup idea, please write the problem, the target market, the solution, the current status of the project, the role you expect from me, and why you think talking to me would help. Please do not message simply for "a quick chat", "a coffee", or "a fast call" unless there is a clear topic, a clear goal, and a definable outcome. Coffee is good, but coffee without context usually turns into a meeting nobody remembers starting.
For consulting on cybersecurity, LLM and AI security, software architecture, web development, production deployment, Web3, smart contracts, post-quantum migration, threat modeling, or product hardening, please describe your problem precisely from the start. If the matter is commercial or organizational, please state clearly that you are asking for professional consulting. A short note on the product, current status, constraints, access level, timeline, and your expectations helps me quickly understand whether I can help, and it also prevents risky guessing.
If you have a product, website, API, application, agent, RAG system, language model, smart contract, or infrastructure that needs a security review, please define the authorized scope precisely. I cannot help with penetration testing, bypassing systems, exploiting vulnerabilities, or analyzing systems that you do not own or are not officially authorized to test. For legal and authorized projects, please write the goal, the scope, the access level, and the expected outcome. Security is not the place for "let us hit it and see what happens".
If you are inviting me to an event, panel, podcast, interview, workshop, or talk, please include the topic, the date, the format, whether it is in person or online, the duration, the audience, the language of the program, and why you are inviting me. Topics like AI security, LLM security, post-quantum cryptography, Web3, the research path, building a startup, product deployment, and working at the intersection of academia and industry are the most interesting to me. If you send all of this up front, I will behave much less like a slow queueing system.
Beyond research, I have experience designing and building complete systems end to end, from architecture, backend, frontend, and database to deployment, security, user experience, and scalability. If you have a project in web, AI integration, multilingual platforms, enterprise systems, Web3, or digital product, please specify the requirements, the current status, the approximate budget, the timeline, and the level of collaboration you expect. "I want a site like X, just better and cheaper and ready by tomorrow" is usually not a good sign for starting work together.
I am happy to meet people who are active in research, technology, security, product, startups, and intelligent systems. Even so, please make your message specific from the start. Messages like "hi", "do you have a minute?", "I wanted to ask a question", or "can you help?" without a topic usually get a slower reply. It is better to state your main question or request in the very first message. A good message is like a good API: clear, documented, and free of strange side effects.
To show me that you read this, please write the word Arya in the subject line or at the start of your message. It is a small human CAPTCHA, with no traffic lights and no crosswalks.
My inbox is usually busy, divided between my PhD research, AI security projects, startup work, product development, and consulting. If you do not get a reply, it does not necessarily mean disrespect. I may not have enough time, the topic may be outside my area, or the request may need a commitment I cannot make at that moment. A reply is more likely if your message is short, respectful, precise, has one clear request, and includes the links or information needed.