Technical Program Manager · AI Security

I am a TPM at Microsoft. I build security for AI agent communication protocols, and I own ML pipelines end to end (evaluation design, data generation, model training, iteration).

PM who ships code. Hands on the ML pipeline.

Lima → New York → San Francisco

MS Featured Speaker: Win32 Isolation
01

About

/about

I work on AI security at Microsoft. Both sides of it: AI for security (detecting threats with ML) and security for AI (defending agent communication protocols).

I am not a typical TPM. I own the ML pipeline end to end for security agents: evaluation scenario design, synthetic data generation, model training, iterative evaluation. I also consult with researchers on parameter-efficient fine-tuning (LoRA / QLoRA) because the pipeline decisions are mine to make.

My path here was not straight. I started in corporate finance in Peru, pivoted to CS at Indiana University (3.86 GPA), and joined Microsoft in 2023. The finance years taught me to read the business behind the tech: where time and resources go, what's worth building, what actually matters. That lens still shapes how I ship software.

I also build things on the side. Small personal technical explorations. I do them because I like shipping code and because a TPM who writes code makes better decisions than one who does not.

02

Experience

/work
MicrosoftMay 2023 — Present
San Francisco, CA

Technical Program Manager

Current
Agent evaluation

Expanded evaluation frameworks across additional agent services, building on the end-to-end ML pipeline pattern.

EvaluationBenchmarks
Prompt injection & adversarial input detection

Built multi-layered prompt injection detection (deterministic patterns plus fine-tuned models) for multi-agent AI environments. Led threat modeling, evaluation design, and fine-tuning strategy end to end. Now shipping in Windows agent security.

Threat modelingPrompt injectionShipped
Microsoft: Windows platform security for AI agents
AI agent protocol security & observability

Led cross-functional design of an OS-level framework for inspecting and enforcing AI agent tool-call traffic, with agent observability (which AI agents run on a given endpoint) and MCP tooling.

Agent protocolsMCPObservabilityShipped
Package revocation workflow

Built a package revocation workflow that integrates real-time security signals to block malicious packages and enable clean rollback. Usable by third-party security vendors to enforce signals on MCPs.

ShippedThird-party integration
AI-powered threat detection

Designed and drove a detection system using fine-tuned Small Language Models on system telemetry. Defined confidence thresholds and human-in-the-loop workflows to balance precision with scaled coverage.

SLMHITL
Win32 App Isolation

Shipped from technical design to production. OS-level traffic filtering and identity-bound policy enforcement. Achieved first-party app adoption. Featured on the Microsoft YouTube channel.

OS securityShippedPublic
End-to-end ML pipeline ownership

Owned the full ML pipeline as PM for two security agents: evaluation scenario design, synthetic data generation, model training, iterative evaluation. Consulted researchers on parameter-efficient fine-tuning (LoRA / QLoRA) for large-scale security data.

End-to-endLoRA/QLoRA
Cross-functional leadership

A constant across the programs above: cross-functional teams of 7+ engineers and 20+ stakeholders per initiative. Not one team, a pattern.

Leadership
MicrosoftMay 2022 — Aug 2022
Redmond, WA

Program Manager Intern

Cloud asset telemetry

Designed and shipped a telemetry pipeline surfacing cloud asset visibility from internal studios to SecOps teams. Enabled centralized monitoring and incident response.

Valero Energy Corp.Oct 2020 — Jan 2021
Lima, Peru

Commercial Analyst

Capital planning

Built financial models for capital investment projects exceeding $300M. Market analysis to support executive decision-making.

Commercial modeling

Built financial models for gas-station and mining clients that the sales team used to shape commercial proposals. Daily Excel reports (pivot tables, macros) the sales team ran in the field.

BAT (British American Tobacco)Jun 2019 — Oct 2020
Lima, Peru

Financial Planning & Marketing — Finance Assistant

Financial modeling

Modeled financial impacts of business strategies. Identified marketing optimizations that delivered approximately £2M in savings.

P&L ownership

Controlled expenses and P&L reporting for the marketing finance area against business targets.

03

Projects

/side

AI coaching prototype

Personal technical project
2024 — Present
Serverless RAG with structured retrieval, on-device computer vision, and an LLM-as-judge eval harness.
A proving ground for retrieval, context injection, multi-provider portability, and on-device computer vision. I also built the eval harness I use to decide whether the system is actually working.
Serverless on AWS (Lambda, API Gateway, WebSockets) with Supabase for structured context and token-streamed responses
Structured retrieval via direct database queries (no embedding layer) drives sub-0.3s context injection
On-device image recognition from screenshots via HSV color-histogram retrieval; benchmarked against DINOv3 ViT-S/16 and ConvNeXt encoders, the classical approach won top-1 accuracy (97% vs 73%) at 170x lower latency and 4000x smaller footprint
LiteLLM abstraction swaps providers without code changes; exercised across Anthropic, Gemini, and Cerebras
Cross-platform surfaces: Next.js web app and Electron desktop client
LLM-as-judge eval harness with four grounding suites (faithfulness, factual accuracy, matchup reasoning, generalization across contexts)
Playwright end-to-end test coverage across both web and desktop surfaces
AWS LambdaWebSocketsSupabaseComputer VisionLiteLLMElectronPython

Networking-marketplace prototype

Personal technical project
2025 — Present
What happens to online networking when reaching someone in-demand carries an economic incentive.
Solo build. A testbed for real-time sync, 60fps native animation, and incentive design: you stake currency to reach someone in-demand, who earns it by engaging back. Professional networking with skin in the game.
Escrow-based incentive economy: staked currency held and released to the recipient on engagement
Real-time AI content moderation with an LLM (Claude): flags harassment and misconduct as conversations happen, safety detection most consumer apps skip
Live subscriptions with Convex, JWT-propagated auth across client and backend
Custom 3D card animations in React Native Reanimated, running on the native thread
Particle system (burst, shimmer, ripple, rain) driven by SVG primitives
Cascade-delete user-data flow across Convex tables for account-removal compliance
Expo (RN)ConvexClerkClaudeReanimatedNativeWind
04

Education

/edu
BS Computer ScienceIndiana University BloomingtonGPA 3.86 / 4.00
May 2023
BA EconomicsIUPUI, Indianapolis
Dec 2018
Maven · Hamel Husain & Shreya ShankarAI Evals For Engineers & PMsSponsored by Microsoft
April 2026
View certificate
05

Skills

/skills
Focus
AI Security & Threat Detection
ML Pipeline Design (End-to-End)
Prompt Injection Defense
AI Agent Protocol Security
SLM Fine-Tuning & Evaluation
Cross-Functional Program Leadership
Stack
PythonTypeScriptSQLAWSNext.jsReact NativeComputer VisionLoRA / QLoRA
06

Contact

/ping

Get in touch.

I like hearing about AI security work, ML pipeline problems, and well-crafted side projects. I wish you are doing well.

© 2026 · Christian ChavezBuilt in San Francisco · served from AWS