ING FrancescoBarbato

◈ Challenge

Most development teams integrate hashing libraries without understanding the threat model differences between algorithms. The result: legacy systems still relying on broken MD5 and SHA-1, silent data integrity failures, and no practical migration framework. The risk is especially severe in authentication flows and document verification pipelines.

◆ Solution

Conducted a deep-dive analysis of cryptographic hashing properties — collision resistance, pre-image resistance and avalanche effect — across all three algorithms. Mapped each to real-world attack scenarios including rainbow tables, length-extension attacks and GPU-accelerated brute-force. Produced an architecture guide for integrity verification in modern API and storage layers with a step-by-step migration path.

◉ Result

The analysis informed the hardening of three production systems, fully eliminating MD5 from authentication flows. SHA-256 adoption improved tamper-detection reliability across document verification pipelines. Teams now have a reusable decision framework for algorithm selection in new projects.

◈ Challenge

Most people interact with AI models the same way they'd type a Google search — vague, context-free, one-shot. The result is generic output that requires extensive editing, misses the actual need, or confidently produces plausible but wrong answers. Teams adopting AI tools without a prompting framework see low return on the technology investment and growing frustration with model reliability.

◆ Solution

Researched and systematised the core principles behind effective prompt engineering: role framing, context injection, chain-of-thought elicitation, output format constraints, few-shot examples and negative prompting. Applied the framework across real client workflows — content production, code generation, data analysis and document summarisation — iterating prompts against measurable output quality benchmarks.

◉ Result

Documented 40+ reusable prompt patterns across six task categories. Client workflows saw a measurable reduction in prompt-to-usable-output iterations, with average output quality improving significantly across structured tasks. The framework has been applied across three client teams as a practical onboarding guide for AI tool adoption.

◈ Challenge

Deepfake technology has outpaced the biometric authentication systems most organisations rely on. Face verification APIs, liveness detection layers and voice authentication endpoints — all originally designed for fraud prevention — now face adversarial inputs generated by consumer-grade tools in minutes. The gap between what organisations believe their biometric systems can detect and what they actually stop is growing faster than most security teams realise.

◆ Solution

Analysed five major deepfake attack vectors against biometric systems: face-swap injection, replay attacks, voice cloning, GAN-generated synthetic identities and 3D mask spoofing. For each vector, mapped the specific failure modes of current detection approaches — passive liveness checks, texture analysis, frequency-domain anomaly detection — and evaluated the state of the art in adversarial-robust biometric pipelines.

◉ Result

Produced a structured analysis of detection reliability across attack categories, identifying the combinations of signals (frequency artifacts, physiological micro-signals, temporal consistency) that are hardest to simultaneously spoof. The research provides a prioritised mitigation framework for organisations deploying biometric authentication in high-stakes contexts.