Hey, I'm Jesse

Security engineer at Atlassian and core security maintainer on OpenClaw, focused on agent security, AI/LLM systems, threat modelling, and detection automation. I write and teach when the topic deserves more than a Slack thread.

What I work on Read my writing
Jesse Merhi
Scroll

Work

What I do day‑to‑day

Day job and the project on the side, in chronological order.

  1. OpenClaw

    April 2026 → Present

    Core Security Maintainer

    • Selected by executive leadership to work full-time on security for OpenClaw, one of GitHub's most-starred and fastest-growing open-source projects.
    • Shipped global application-level network proxying for observability and control over agent network behaviour.
    • Driving SAST rollout, command permission checks, and safer file handling across the agent execution surface.

  2. Atlassian

    2022 → Present

    Product Security Engineer

    • Lead security assurance for Atlassian's major AI product offerings: Rovo, Rovo Dev, Teamwork Graph, and related agentic capabilities.
    • Run two to three threat models a month, partnering with principals and engineering leaders on architecture, review, and remediation.
    • Identify high-severity and systemic issues with material product impact, then validate exploitability hands-on.
    • Architected and led Atlassian's internal SAST detection platform with a custom LLM triage layer (90 %+ accuracy on the initial finding set), continuously protecting 6000+ codebases including production and FedRAMP repos.
    • Mentor other security engineers in running rigorous, evidence-based security reviews.

  3. Uplinked

    2023 → Present

    Project & Development Lead

    • Lead a team of 5+ engineers building a full-stack workforce management platform.
    • Own technical direction, product decisions, and day-to-day execution.
    • Architected the end-to-end platform on AWS and Kubernetes.
    • Drive development across web and mobile using React, TypeScript, and React Native.

Beyond the day job

Talks, papers, and where I trained.

  1. Talk

    KawaiiCon · Nov 2025

    "Model Context Protocol is Insecure by Design"

    Why MCP is structurally vulnerable to prompt injection and related abuse, and what hardening it actually takes.

  2. Paper

    PST 2024 · Best Paper

    Synthetic Trajectory Generation Through Convolutional Neural Networks

    Reversible trajectory-to-CNN transformation enabling convolutional GANs to generate synthetic location data, benchmarked against an RNN baseline across two datasets.

  3. Education

    Sydney · 2019 → 2022

    University of New South Wales

    BE (Hons Class 1), Software Engineering

    • Faculty of Engineering Dean's Honours List, 2020, 2021, 2022.
    • 1st place in COMP6843, Extended Web Application Security.