Research & Publications
My research investigates how large language models can be attacked, manipulated, and defended. I work at the intersection of AI safety and practical software security, with a focus on prompt injection attacks across coding assistants, evaluation systems, and tool-integrated agents. This work is conducted as part of my PhD at Lomonosov Moscow State University and my role as AI Research Engineer at Zencoder, where I build production coding agents that reached #1 on SWE-bench Verified.
A common thread across my research is the gap between how AI systems perform in controlled settings and how they behave under adversarial or real-world conditions. In the AI safety domain, I study how prompt injection attacks exploit the inability of LLMs to distinguish between trusted instructions and untrusted input -- a fundamental vulnerability that persists across defended systems, evaluation pipelines, and tool-integrated agents. This line of work has produced findings on attack vectors specific to agentic coding assistants, the Model Context Protocol (MCP), and LLM-as-a-Judge evaluation systems. The methodology combines formal threat modeling with empirical attack validation, testing each vulnerability across multiple models and defense configurations to establish the generality of the findings.
My medical AI research applied deep learning to clinical problems at Burdenko Neurosurgery Institute, including non-invasive brain tumor classification from MRI scans and surgical instrument tracking for microsurgical skill assessment. These projects required working with limited labeled data, high-stakes classification tasks where errors have direct clinical consequences, and close collaboration with neurosurgeons to ensure that the models addressed genuine clinical needs. The experience of building AI systems for safety-critical medical applications directly informed my later focus on AI safety and adversarial robustness.
My earlier work in NLP covered generated text detection, low-resource language classification, and computer vision surveys. The research vision that connects these threads is a commitment to understanding AI systems not just by their average-case performance but by their failure modes -- whether those failures are caused by adversarial attacks, distribution shift, or the inherent limitations of the underlying architectures.
Full list and citation metrics on Google Scholar · ORCID: 0000-0001-9408-023X
AI Safety & LLM Security
- Prompt Injection Attacks on Agentic Coding Assistants. IJOIT 14(2), 2026. [paper]
- Breaking the Protocol: Security Analysis of MCP and Prompt Injection in Tool-Integrated LLM Agents. Modern Information Technologies and IT-education 21(3), 2026. [paper]
- Investigating LLM-as-a-Judge Vulnerability to Prompt Injection. IJOIT 13(9), 2025. [paper]
- Adversarial Attacks on LLM-as-a-Judge Systems. arXiv preprint arXiv:2504.18333, 2025. [paper]
- Prompt Injection Attacks in Defended Systems. DCCN, 2024. [paper]
- Trojan Detection in Large Language Models. Journal of Propulsion Technology 45(3), 2024. [paper]
Medical AI & Computer Vision
- Neurosurgical Instrument Segmentation. MIE, 2024. [paper]
- Noninvasive Glioma Grading with Deep Learning. MEDINFO, 2022. [paper]
- MR-guided Non-invasive Brain Glioma Typing. 2022. [paper]
NLP & Other
- Low-Resource Language Text Classification. SemEval, 2023. [paper]
- Blind Face Restoration Survey. IJOIT, 2023. [paper]
- Generated Text Detection (RuATD). CLITT, 2022. [paper]
- Synthesis of L-coordinate Parallel Mechanism. AIMEECS, 2020. [paper]