About Luis E. Ramirez

AppSec for AI systems with real authority.

I work where product security meets AI-enabled action: language interfaces, agents, tools, identity flows, approval boundaries, and systems that can mutate real state. My focus is helping teams turn ambiguous AI/product risk into clear architecture, bounded automation, reusable evidence, and controls engineers can operate.

Working thesis

Turn security drag into infrastructure.

I am strongest in environments where the security function is still being formed: the controls are not all mapped, the AI workflows are still fluid, and the organization needs someone who can define what safe action looks like without slowing engineering to a crawl.

Bounded automation

I combine manual security judgment with automation that stays bounded, reviewable, and evidence-backed. Repeated work such as questionnaires, vulnerability routing, AI feature review, and evidence collection should become a reusable system with human accountability at the final decision point.

High-trust product teams

I fit teams building high-trust software: SaaS platforms, AI-enabled workflows, regulated products, and organizations that need practical security leadership before they have a large formal security department.

Strengths

Program builder. Product security engineer. AI boundary reviewer.

Founding AppSec programs

AI feature threat modeling

Agent and tool permission review

Compliance evidence systems

Background

Consulting. SaaS. AI/ML. Regulated systems.

2025 to present

Founder / Principal, Yugen Risk Advisors

Advises early-stage and growth organizations on application security, AI systems security, compliance readiness, agent/tool permission boundaries, and practical control implementation.

2022 to 2024

Senior Application Security Engineer, Webflow

Built Webflow's initial AppSec function, integrated security tooling into developer workflows, and partnered on secure design review for product and GenAI feature work.

2021 to 2022

Senior Application Security Engineer, DataRobot

Reviewed Python services and ML platform workflows, threat modeled AI/ML product features, and supported cloud migration security work.

2015 to 2019

Security Engineer, NCC Group

Delivered hands-on security assessments across web, mobile, infrastructure, cloud, and application environments for enterprise clients.

Contact

AI security. Product security. AppSec leadership.

Available for focused security leadership, advisory, and implementation work around AI-enabled products and workflows.

Contact Luis