DellaLib Security

Hi, I'm Alessio 👋

I'm a security researcher with a strong focus on application security — including code auditing, penetration testing, secure development practices, and supply chain threats.

Over the past 5+ years, I've worked on identifying and analyzing vulnerabilities across a wide range of codebases and ecosystems. This hands-on work has given me deep insight into common security flaws, secure coding practices, and tools for application security testing (e.g., static, dynamic, and runtime protection tools like SAST, DAST, RASP).

I've responsibly disclosed over security vulnerabilities (full list) and actively collaborated with open-source maintainers to help make their projects more secure. This collaborative, practical approach is what I find most rewarding about my work.

My journey into security began during my Bachelor's in Computer System and Network Security at the University of Milan, where I focused my thesis on Bluetooth Low Energy security in IoT devices. I spent months reverse engineering communication protocols, performing man-in-the-middle attacks, and intercepting traffic from healthcare and fitness devices using specialized hardware like the Ubertooth One. This research resulted in a published academic paper and gave me a solid foundation in wireless protocol analysis and IoT device security.

I then earned a Master's Degree in Artificial Intelligence from the University of Lugano (USI). During that time, I completed research internships in reinforcement learning (at Inria, France) and deep learning applied to behavioral biometrics (at Cleafy, Italy).

These experiences gave me a strong foundation in both AI theory and practical experimentation — knowledge that proves invaluable today when analyzing AI-generated code for security flaws and assessing the unique attack surfaces that AI-powered applications introduce, like prompt injection.

I'm driven by curiosity. Learning new technologies and understanding how they break is what keeps me motivated. Whether it's dissecting a new framework or exploring a novel attack surface, I enjoy being at the edge where innovation meets security.

In many ways, I behave exactly like the curious agents described in Jürgen Schmidhuber's Artificial Curiosity theory: motivated by uncovering learnable patterns, yet quickly bored by things that are either too predictable or completely random.

Basically, I'm wired to chase novelty — which keeps my work in security anything but dull.

Before all this, I was a basketball player 🏀 — an experience that taught me resilience, strategic thinking, and the value of teamwork. Those lessons still shape how I work today, whether independently or as part of a team.