arxi is a personal ai agent that lives inside your messenger. one agent, one user, one isolated micro-vm that reads, decides and acts on your behalf. we're a tiny team that ships to production multiple times a day. our product holds people's real data, calendars, credentials and browsers, so security is not a feature, it's the substrate.

you'll own the security of a system that runs autonomous agents on behalf of real people, with access to their data, their accounts and a live browser. the threat surface is unusual: it's not just our infrastructure, it's the agent itself. prompt injection, tool-call abuse, data exfiltration between tenants, and a host root that we'd like to be unable to read user data even if it wanted to. this is a build-and-defend role, not a policy role. you'll write code, model threats, run red-team exercises against the live product, and harden the runtime, at our shipping pace.

how we work

our stack

typescript (grammy, fastify), python (fastapi), next.js with trpc and prisma, gemini via vertex ai behind our own llm proxy, firecracker micro-vms (one per user), self-hosted linux (hetzner, nginx, systemd), sqlite, prometheus and grafana, polar for payments. heavily automated tooling and a fast deploy pipeline, so engineers spend their time on the hard problems rather than the plumbing.

in this role you will

you might be a great fit if you have