Spaces:
Running
Running
| info=""" | |
| # Rajesh Yarra | |
| * **GitHub:** [github.com/Rajesh9998](https://github.com/Rajesh9998) | |
| * **Email:** [rajesh.yarra1241@gmail.com](mailto:rajesh.yarra1241@gmail.com) | |
| * **LinkedIn:** [linkedin.com/in/rajesh-yarra-850b40254](https://linkedin.com/in/rajesh-yarra-850b40254) | |
| * **Portfolio:** [rajesh-yarra.vercel.app](https://rajesh-yarra.vercel.app) | |
| --- | |
| ## Summary / About Me | |
| *(From Resume)* | |
| Generative AI Engineer specializing in Large Language Models (LLMs), Retrieval Augmented Generation (RAG), Agents, and intelligent systems. Passionate about building innovative AI-powered applications that address real-world challenges. Proven ability in leveraging diverse AI models (GPT, Gemini, Claude, Llama) and creating multi-agent architectures. Strong foundation in computer science principles and software development. | |
| *(From Portfolio Website)* | |
| Hey, I'm Rajesh Yarra. I'm a Generative AI engineer specializing in LLMs, RAG, and intelligent systems. Passionate about building AI-powered applications that solve real-world problems. | |
| I'm passionate about Generative AI and developing intelligent systems. Currently, I'm pursuing my B.Tech in Information Technology at Andhra Loyola Institute of Engineering and Technology (CGPA: 8.01 as per resume). My technical journey focuses on building AI-powered applications using Large Language Models (LLMs), Retrieval Augmented Generation (RAG), and creating multi-agent systems. I have experience working with various AI models like GPT, Gemini, Claude, and Llama to create intelligent applications. | |
| I've developed several projects including Pentester's Copilot, an AI assistant for cybersecurity professionals, and EduLlama, an AI math tutor that provides step-by-step solutions to complex math problems. I'm currently working on advancing my expertise in developing AI agents and automated systems. | |
| **GitHub Stats (from Portfolio):** | |
| * 14 stars | |
| * 213 commits | |
| * 1 repository fork | |
| * 1 GitHub follower | |
| --- | |
| ## Skills | |
| * **Programming Languages:** C, C++, Java, Python, R | |
| * **Generative AI:** LLMs, Retrieval Augmented Generation (RAG), Agents, LangChain, Graph RAG | |
| * **Vector Database:** Pinecone | |
| * **Frameworks/Libraries:** LangChain, Agno, CrewAI, Streamlit, Next.js, React, Mem0, Supabase | |
| * **Course Work:** Problem Solving, Data Structures and Algorithms, OOPS, Database and Management Systems, Operating Systems, Computer Networks, Cyber Security, Generative AI, Artificial Intelligence & Machine Learning | |
| * **Soft Skills:** Leadership, Communication, Adaptability, Time Management | |
| * **Languages:** English (Full Professional Proficiency), Hindi (Full Professional Proficiency), Telugu (Native Proficiency) | |
| --- | |
| ## Education | |
| * **Andhra Loyola Institute of Engineering and Technology** - Vijayawada, India | |
| * B.Tech in Information Technology; CGPA: 8.01 | |
| * 2021 – 2025 | |
| * **Sri Chaitanya Junior College** - Mangalagiri, India | |
| * Class XII; Marks: 865/1000 | |
| * 2021 | |
| * **Nirmala EM High School** - Atmakur, India | |
| * Class X; GPA: 9.3 | |
| * 2019 | |
| --- | |
| ## Experience | |
| **Supraja Technologies** | |
| *Ethical Hacking & Cyber Security Intern* | |
| *May 2023 - Jul 2023* | |
| * Performed Assessment Tasks Like conducting XSS attacks, SQL Injections and vulnerability scans on websites | |
| * Performed Penetration testing on vulnerable websites using tools like Nmap, Nessus, and Burp Suite | |
| * Worked on a final project creating a Python application called Audio Steganography to embed/hide images and text in audio without external detection | |
| * Tech Used: Python, LSB Algorithm, Fernet & tkinter libraries | |
| --- | |
| ## Research Experience & Publications | |
| ### Pentester's Copilot: Context Aware, Agent Powered, Pentest Perfected | |
| *(From Resume)* | |
| * Introduced a novel framework leveraging LLMs to enhance skills and efficiency of cybersecurity professionals performing offensive security tasks | |
| * Implemented a persistent memory layer using Mem0 and Supabase enabling personalized, context-aware interactions across sessions | |
| * Built on the ReAct (Reasoning and Action) framework with LangChain orchestrating autonomous planning and tool interaction | |
| * Leveraged state-of-the-art LLMs including Meta Llama 3.1-405b, Google Gemini 2.0 Flash, and DeepSeek R1 for generating recommendations, crafting exploit payloads, and analyzing target environments | |
| *(From Portfolio Blog Post / Research Summary)* | |
| **Pentester's Copilot: Context-Aware, Agent-Powered, Pentest Perfected.** | |
| *RAJESH YARRA - Generative AI Engineer & Developer* | |
| *Rajesh Yarra / April 20, 2025* | |
| *449 words • 3 min read* | |
| (By Yarra Neeli Venkata Rajesh) | |
| I'm excited to share a preview of my recent research paper presenting Pentester's Copilot, a novel framework designed to enhance the capabilities and efficiency of cybersecurity professionals and learners engaged in offensive security tasks. This work explores the integration of Artificial Intelligence, specifically Large Language Models (LLMs), into the penetration testing lifecycle. | |
| **The Core Contribution** | |
| The research introduces Pentester's Copilot as an intelligent assistant that offers both interactive guidance and autonomous task execution through AI agents. A key differentiator highlighted in the paper is the framework's persistent memory layer. Implemented using Mem0 and Supabase, this layer enables personalized, context-aware interactions that adapt to user preferences, goals, and past activities across sessions – a crucial advancement for complex, multi-stage testing scenarios. | |
| **Key Aspects of the Framework** | |
| Our paper details several distinguishing features of the Pentester's Copilot framework: | |
| * Offensive Security Specialization: Designed specifically to handle offensive security queries, aiming to overcome limitations found in general-purpose LLMs. | |
| * Persistent, Context-Aware Memory: Leverages Mem0/Supabase and Retrieval-Augmented Generation (RAG) for stateful, personalized assistance across sessions. | |
| * Agentic Architecture for Autonomy: Employs an agent mode built on the ReAct (Reasoning and Action) framework and orchestrated by LangChain. This enables autonomous planning and execution of pentesting workflows using integrated tools. | |
| * Leveraging State-of-the-Art LLMs: Utilizes models like Meta Llama 3.1-405b, Google Gemini 2.0 Flash, and DeepSeek R1 for tasks including recommendation generation, exploit crafting, and environment analysis. | |
| * Multimodal Input Support: Capable of processing text, images, and documents, enhancing its analytical capabilities. | |
| **Experimental Validation** | |
| The research includes experimental evaluations demonstrating the framework's potential: | |
| * Interactive Chat Mode: Successfully assisted in a standard CTF scenario (TryHackMe "Blue"), showcasing its ability to provide accurate guidance, interpret tool outputs (Nmap, Metasploit), identify vulnerabilities (MS17-010), and troubleshoot user errors contextually. | |
| * Autonomous Agent Mode: Demonstrated the agent's capacity to autonomously execute tasks (Nmap scan on DVWA), select tools, formulate commands, and critically, analyze results to generate a structured report with security recommendations, utilizing the ReAct framework. | |
| **Significance of the Research** | |
| This research signifies a notable advancement in applying AI to offensive security. The combination of persistent personalization via memory, multimodal understanding, and self-directed agentic processes presents a solid foundation for future investigation into more sophisticated LLM-enabled automated penetration testing. Pentester's Copilot demonstrates a practical approach to bridging the gap between manual testing limitations and the potential of AI automation. | |
| This post provides a high-level overview of the research presented in the paper. For full details, methodology, and comprehensive results, please refer to the complete publication. | |
| **Keywords from the paper:** Penetration Testing, Cybersecurity, Large Language Models (LLMs), AI Agents, ReAct Framework, Memory Layer, Offensive Security, Ethical Hacking, LangChain, Mem0, Supabase. | |
| ### LLMPatronus: Leveraging Large Language Models for Advanced Vulnerability Analysis | |
| *(From Resume)* | |
| * Research exploring the potential of LLMs in identifying vulnerabilities while addressing limitations such as hallucinations and limited context length | |
| * Proposed a robust AI-driven approach using innovative methodologies combining Retrieval-Augmented Generation (RAG) and Mixture-of-Agents (MoA) | |
| * Focused on mitigating limitations of traditional static and dynamic analysis tools that suffer from high false positive rates | |
| * Leveraged strengths of LLMs while addressing their weaknesses to provide dependable and efficient AI-powered solutions for software security | |
| *(From Portfolio Blog Post / Research Summary)* | |
| **LLMpatronous: Harnessing the Power of LLMs For Vulnerability Detection.** | |
| *RAJESH YARRA - Generative AI Engineer & Developer* | |
| *Rajesh Yarra / April 15, 2025* | |
| *551 words • 3 min read* | |
| I'm pleased to share insights from our recent research paper, "LLMpatronous: Harnessing the Power of LLMs For Vulnerability Detection." This work delves into the capabilities and challenges of using Large Language Models (LLMs) to identify software vulnerabilities, proposing a novel approach to overcome inherent limitations. | |
| **The Challenge Addressed** | |
| Traditional static and dynamic analysis tools often struggle with high false positive rates and lack deep code comprehension. While LLMs offer exciting potential due to their advanced code understanding capabilities, they suffer from issues like hallucination, limited context windows, and knowledge cutoffs, which can compromise the reliability of vulnerability detection. Our research confronts these challenges head-on, particularly focusing on improving accuracy and reducing false positives without resorting to resource-intensive fine-tuning. | |
| **Our Proposed Approach: LLMpatronous** | |
| The paper introduces LLMpatronous, a framework designed to leverage the strengths of multiple LLMs while mitigating their weaknesses for vulnerability detection, specifically within the context of Android applications. Instead of relying on a single model, our core methodology combines three key techniques: | |
| 1. **Mixture of Agents (MoA):** We utilize a layered architecture where multiple LLMs (both open-source like Llama 3.1, Qwen2, and closed-source like Gemini, Claude) collaborate. Each agent refines the output of the previous one, harnessing collective intelligence to improve reasoning and significantly reduce the likelihood of hallucinations and false positives. | |
| 2. **Retrieval-Augmented Generation (RAG):** To combat knowledge cutoffs and context limitations, we integrate RAG. An external knowledge base (implemented using Pinecone) containing up-to-date information on vulnerabilities (definitions, code examples, mitigations) is queried, and relevant context is supplied to the LLMs during analysis. | |
| 3. **Strategic Prompt Engineering:** Careful crafting of prompts guides the LLMs, focusing their analysis and improving the relevance and accuracy of their outputs. | |
| **Experimental Validation on Vuldroid** | |
| We evaluated LLMpatronous using the Vuldroid vulnerable Android application codebase and a range of LLMs accessed via APIs (Google AI Studio, Together AI). Our experiments demonstrated: | |
| * Basic Prompting Limitations: Using a single LLM (Gemini 1.5 Pro) with basic prompting identified many vulnerabilities when given a specific, known list (Exp 1: 7/8 detected), but struggled with realism and potential false positives when the list was expanded to simulate real-world uncertainty (Exp 2: 9 TPs identified, but 2 likely FPs introduced). | |
| * RAG + MoA Effectiveness: Implementing the full LLMpatronous approach (Exp 3), combining the expanded list with RAG-supplied context and MoA-based collaborative verification, successfully eliminated the false positives observed in Experiment 2 while retaining the correctly identified true positives. This highlights the power of MoA in ensuring output quality and accuracy. | |
| **Significance of the Research** | |
| LLMpatronous demonstrates a practical and effective pathway for using LLMs in vulnerability detection. By strategically combining Mixture of Agents for collaborative verification and Retrieval-Augmented Generation for contextual enrichment, our research shows it's possible to significantly mitigate common LLM pitfalls like hallucination and knowledge gaps. This approach offers a more reliable and accurate alternative to relying on single LLMs or traditional analysis tools, paving the way for more dependable AI-powered security solutions. | |
| This post provides a summary of the research presented in the paper. For a comprehensive understanding of the methodology, detailed results, and analysis, please refer to the full publication. | |
| **Keywords from the paper:** Large Language Models (LLMs), Vulnerability Detection, Cybersecurity, Mixture of Agents (MoA), Retrieval-Augmented Generation (RAG), Prompt Engineering, Android Security, Static Analysis, False Positives, Vuldroid. | |
| *(From ArXiv)* | |
| **LLMpatronous: Harnessing the Power of LLMs For Vulnerability Detection** | |
| *Rajesh Yarra* | |
| *Submitted on 25 Apr 2025* | |
| **Abstract:** Despite the transformative impact of Artificial Intelligence (AI) across various sectors, cyber security continues to rely on traditional static and dynamic analysis tools, hampered by high false positive rates and superficial code comprehension. While generative AI offers promising automation capabilities for software development, leveraging Large Language Models (LLMs) for vulnerability detection presents unique challenges. This paper explores the potential and limitations of LLMs in identifying vulnerabilities, acknowledging inherent weaknesses such as hallucinations, limited context length, and knowledge cut-offs. Previous attempts employing machine learning models for vulnerability detection have proven ineffective due to limited real-world applicability, feature engineering challenges, lack of contextual understanding, and the complexities of training models to keep pace with the evolving threat landscape. Therefore, we propose a robust AI-driven approach focused on mitigating these limitations and ensuring the quality and reliability of LLM based vulnerability detection. Through innovative methodologies combining Retrieval-Augmented Generation (RAG) and Mixtureof-Agents (MoA), this research seeks to leverage the strengths of LLMs while addressing their weaknesses, ultimately paving the way for dependable and efficient AI-powered solutions in securing the ever-evolving software landscape. | |
| * **Subjects:** Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI) | |
| * **Cite as:** arXiv:2504.18423 [cs.CR] (or arXiv:2504.18423v1 [cs.CR] for this version) | |
| * **DOI:** [10.48550/arXiv.2504.18423](https://doi.org/10.48550/arXiv.2504.18423) | |
| * **ArXiv Link:** [https://arxiv.org/abs/2504.18423](https://arxiv.org/abs/2504.18423) | |
| --- | |
| ## Projects | |
| *(Information combined from Resume and Portfolio Website)* | |
| **LLMPatronus** | |
| * **Date:** Sep 2024 / September 1, 2024 | |
| * **GitHub:** [View on Github](https://github.com/Rajesh9998/LLMPatronus) *(Link inferred from context, please verify actual URL)* | |
| * Python-based application using a multi-agent LLM system to identify vulnerabilities in Android apps. | |
| * Combined models like GPT-40-mini (Resume: ChatGPT-40-mini), Claude-3-haiku, Qwen-2-75B (Website: Qwen-2-75B), and Gemini-1.5 pro to create a Mixture of Agents (MoA) approach for comprehensive security analysis and automated vulnerability detection. (Website also lists: OpenAI-ol-preview, Meta Llama-3.1-405b & 70b, DBRX-Instruct) | |
| * Implemented Retrieval Augmented Generation (RAG) and Pinecone Vector Database for efficient data storage and retrieval. | |
| * Accurately detected 87.5% of predefined vulnerabilities by integrating with Google AI Studio API. | |
| * **Tech Used:** Python, LLMs (Gemini 1.5 Pro, Gemini 1.5 Flash, OpenAI-ol-preview, Meta Llama-3.1-405b & 70b, DBRX-Instruct, Qwen2-75b, ChatGPT-40-mini, Claude-3-haiku), Pinecone API (RAG), Mixture of Agents (MoA). | |
| **Business QA Bot** | |
| * **Date:** Aug 2024 / August 1, 2024 | |
| * **GitHub:** [View on Github](https://github.com/Rajesh9998/Business-QA-Bot) *(Link inferred from context, please verify actual URL)* | |
| * Developed an AI bot leveraging RAG and Firecrawl API for efficient data collection and Gemini-1.5-Flash LLM for complex business queries. (Website calls it: advanced RAG based Question-Answering bot). | |
| * Features efficient data collection with Firecrawl API, optimized chunk size, advanced LLM integration with Gemini-1.5-Flash, and high-speed inference. | |
| * Integrated Groq LPU™ to ensure rapid and accurate responses to user inquiries. | |
| * Tested on OpenAI's website, demonstrating adaptability to various business domains. | |
| * Designed for applications including customer support and internal knowledge management. | |
| * **Tech Used:** Python, RAG, Firecrawl API, Gemini-1.5-Flash, Groq LPU™ AI, Pinecone RAG (Website). | |
| **Pentester's Copilot** | |
| * **Date:** Apr 2024 / April 1, 2025 *(Note date discrepancy between sources)* | |
| * **GitHub:** [View on Github](https://github.com/Rajesh9998/Pentesters-Copilot) *(Link inferred from context, please verify actual URL)* | |
| * Built an AI-powered assistant for cybersecurity professionals leveraging LLMs, multi-modal capabilities, and a persistent memory layer. | |
| * Features multi-modal capabilities with three AI personalities, memory layers, real-time hacking assistance, and autonomous agent mode for automated security tasks. | |
| * Implemented interactive guidance and autonomous task execution for penetration testing workflows. | |
| * The system integrates advanced natural language processing with specialized security tools to provide comprehensive penetration testing support. | |
| * **Tech Used:** Next.js, React.js, FastAPI, Supabase, Mem0, LangChain, TailwindCSS. | |
| **EduLlama** | |
| * **Date:** August 15, 2024 | |
| * **GitHub:** [View on Github](https://github.com/Rajesh9998/EduLlama) *(Link inferred from context, please verify actual URL)* | |
| * Your AI-Powered Math Companion that helps with JEE Math Problems. | |
| * Features multiple LLM integration, image problem input, precise calculations, interactive voice assistant, and step-by-step solutions. | |
| * **Tech Used:** Python, Llama AI, Groq's Whispher, ElevenLabs, Streamlit. | |
| **AI Compiler** | |
| * **Date:** June 1, 2024 | |
| * **GitHub:** [View on Github](https://github.com/Rajesh9998/AI-Compiler) *(Link inferred from context, please verify actual URL)* | |
| * A powerful tool that leverages multiple AI models to assist with various coding tasks, including code debugging, documentation generation, and language translation. | |
| * Features Compiler AI for debugging, Coding Guru for complex code generation, and a Mixture of Agents architecture. | |
| * **Tech Used:** Python, Streamlit, MixTure of Agents (MoA). | |
| **Autopilot for Your Desktop** | |
| * **Date:** May 1, 2024 | |
| * **GitHub:** [View on Github](https://github.com/Rajesh9998/Autopilot-Desktop) *(Link inferred from context, please verify actual URL)* | |
| * An Intelligent Virtual Assistant Framework for Automating Your Mundane System Tasks and Web Task Automations. | |
| * Features Open Interpreter Integration, Web Task Automation with MultiOn, Speech-to-Text with OpenAI Whisper, and a Streamlit-Powered User Interface. | |
| * **Tech Used:** Python, Streamlit, OpenAI API, MultiOn API. | |
| --- | |
| ## Achievements | |
| * Participated in Andhra Pradesh State Skill Competition 2024 organized by APSSDC and made it to the Finals of State Level Round, demonstrating skills in Windows Hardening. | |
| * Participated in Capture The Flag Hackathon 2023 organized by Supraja Technologies and solved 8 problems related to Packet Capture Challenges and Cryptography, excelling as Best Student of the Hackathon. | |
| * Certified in C programming by NPTEL (July 2023) with 79% score. | |
| * Won 1st Place in a Technical Quiz Competition (Sep 2023) conducted in college, competing against many senior participant teams. | |
| * Ranked 13th in Accenture Innovation Challenge 2024 among many teams from India with the LLMPatronos project. | |
| --- | |
| ## Certifications | |
| * **Microsoft's Build an Azure AI Vision Solution (Feb 2024):** Demonstrated proficiency in creating computer vision solutions using Azure AI Vision, including analyzing images, creating custom models, and implementing vision-based AI applications. | |
| * **Microsoft's Azure AI Intelligent Document Processing Solution (Feb 2024):** Acquired skills in developing document intelligence solutions, including programmatic data analysis in forms, creating custom models, and extracting key-value pairs from documents using Azure AI services. | |
| * **Tata Consultancy Service's Cybersecurity Analyst Simulation (Jan 2024):** Acquired expertise in AIM Principles, Cybersecurity best practices, and strategic alignment with business objectives; delivered comprehensive documentation and presentations, showcasing the ability to communicate complex technical concepts effectively. | |
| --- | |
| ## Technologies I Use | |
| *(As listed on portfolio website)* | |
| LLMs, RAG, LangChain, Next.js, CrewAI, Agno, Docker, Pinecone, Groq, ElevenLabs, LiveKit, Vercel, Supabase, Python, SQL, HTML, CSS, JavaScript, Node.js, Git, Github, Streamlit... and many more! | |
| --- | |
| ## Personal Interests & Hobbies | |
| * I like to watch Web Series when I am free. Some of my favorites are Wheel of Time, Lucifer, The Vampire Diaries, Supernatural. All these are Fantasy genre. I love Fantasy, Supernatural and Sci-Fi genres. | |
| * I also love to build solutions and solve real-world problems by using the power of AI. | |
| * I test out new AI tools, get to know about what are some new things in the Generative AI domain, new tools and LLMs, and innovations in the Field of Generative AI. | |
| """ |