I'm Emmanuel — Senior Global IT Auditor at Martinrea International (Tier 1 automotive), and Data Security Initiative Co-lead of the OWASP GenAI Security Project. I'm a Candidate Expert on the Canadian mirror committee for ISO/IEC JTC 1/SC 42, the body shaping ISO/IEC 42001, 23894, and 42005.
I work where AI security meets enterprise audit reality. The repos here are open-source controls, mappings, and tooling that translate emerging GenAI risks into language CISOs, auditors, and regulators can act on.
Based in North America. Trilingual: English, Portuguese, Spanish.
- OWASP GenAI Security Project — Lead, Data Security Initiative (DSGAI). Contributor at large.
- ISO/IEC JTC 1/SC 42 (Canada Mirror Committee) — Candidate Expert on AI standards (42001 · 23894 · 42005).
- Threat Modeling Connect, Toronto Chapter — Co-founder & Contributor.
- Packt — AI Security Technical Reviewer (LLM security · adversarial ML · AI threat modeling).
Four sibling repos covering the governance, audit, offensive, and shadow-AI sides of enterprise AI security. Standards-aligned across ISO/IEC 42001, NIST AI RMF, EU AI Act, OWASP, and MITRE ATLAS. MIT-licensed code, CC-BY 4.0 content.
AI-Governance-Toolkit — Stand up AI governance by Friday. AI system inventory with EU AI Act risk classification, AI Impact Assessment per ISO/IEC 42005, risk register with heatmaps, ISO 42001 52-week roadmap, and 6 governance templates. Browser-only — data never leaves the client.
AI-Controls-Catalog — Audit-ready controls library for AI systems. 20 controls across 14 categories with Test of Design and Test of Operating Effectiveness guidance, sample-size direction, evidence requirements, and mappings to ISO/IEC 42001, NIST AI RMF, EU AI Act, OWASP, SOC 2, and MITRE ATLAS. PDF/CSV/JSON export.
AI-RedTeam-Framework — Stand up an AI red team at a regulated enterprise. 15-chapter playbook (charter → maturity model), 25 attack patterns mapped to OWASP LLM/Agentic Top 10, MITRE ATLAS, and NIST AI RMF, 15 candid tool reviews, OSFI E-21 crosswalk, and an interactive Engagement Planner that generates Word Rules of Engagement.
Shadow-AI-Defense — Detect and respond to Shadow AI in your enterprise. 20 cataloged AI services with network and client signatures, 16 detection rules (Microsoft Sentinel KQL, Defender for Cloud Apps, Purview DLP, CrowdStrike Falcon, generic network), 4 graduated response runbooks with RACI matrices, and a policy starter.
GenAI & Agentic AI Incidents — Curated database of 7,000+ publicly disclosed GenAI and agentic AI security incidents. Filterable by year, severity, and framework. Each entry cross-referenced to OWASP LLM Top 10 (2025), Agentic Top 10, NIST AI RMF, and MITRE ATLAS. Python package + CSV export.
GenAI-Security-Crosswalk — The most comprehensive open-source mapping of OWASP GenAI risks to 16 industry frameworks. LLM Top 10, Agentic Top 10, and DSGAI 2026 across 37 files — including NIST AI RMF, ISO/IEC 42001, EU AI Act, MITRE ATLAS, and OT/ICS guidance.
DSGAI — Interactive web guide for the OWASP GenAI Data Security Risks and Mitigations 2026 publication I co-lead — 21 risk entries (DSGAI01–DSGAI21), navigable.
GenAI-Security-Literature-Review — Community-driven, auto-updating literature review of GenAI/LLM security research, standards, tools, and resources. 100+ curated entries across 46 categories with mappings to OWASP LLM/Agentic Top 10, MITRE ATLAS, NIST AI RMF, and ISO/IEC 42001. Interactive webapp with weekly automated discovery from arXiv, Semantic Scholar, and CrossRef.
AgentVulnMitigator — Multi-agent tool for detecting and mitigating vulnerabilities in agentic AI systems.
- Data security for GenAI — DSGAI 2026 (training data governance, inference-time leakage, RAG, agentic workflows)
- LLM & agentic AI risk — prompt injection, tool misuse, autonomy scope, multi-agent threat modeling
- AI governance & audit — ISO/IEC 42001, NIST AI RMF, EU AI Act, MITRE ATLAS, audit-ready control mappings
- Shadow AI & enterprise controls — detection engineering, DLP, OT/ICS implications of AI deployment