// ORIGIN + METHODOLOGY
We didn't set out to build an AI security research lab. We built an autonomous trading system, realized we needed to secure it, and the security system found things that needed to be published.
Zero Hour Capital (ZHC) developed a fully autonomous AI trading system — a multi-agent pipeline running LLMs, RAG memory stores, tool chains, and real-time market analysis. Entirely AI-operated, 24/7.
With real capital at stake, ZHC needed to know: what could go wrong? LLM agents make decisions. Those agents use tools. Those tools connect to the real world. Each layer was a potential attack surface that nobody had mapped.
ZHC built Sentinel — an autonomous AI system whose sole job was to attack ZHC's own infrastructure. Red-team it. Find the holes. Not a checklist exercise; a live adversarial agent running continuously against a live target.
The findings weren't just ZHC-specific. The vulnerabilities Sentinel discovered — in MCP tool registries, RAG memory stores, multi-agent pipelines — were architectural. They applied to any AI system built on these patterns.
The findings needed to be published. The research needed a home. Sentinel Research DAO LLC was formed in Wyoming in 2025 — an entity structured to match the nature of the work: decentralized, autonomous, and accountable.
STRUCTURE
Sentinel Research is incorporated as a Wyoming DAO LLC — the first AI security research organization structured as a decentralized autonomous organization under Wyoming's DAO legislation.
Wyoming's legal framework recognizes DAOs as legal entities, enabling a new model for AI research governance: transparent operations, cryptographic accountability, and structure that mirrors the autonomous systems we study.
The research system is not a team of analysts reviewing CVEs. It's an autonomous AI running live attack cycles.
Sentinel Brain runs continuous research cycles, autonomously selecting targets, generating hypotheses, executing tests, and logging results. No human direction. No office hours.
A genetic algorithm-based fuzzer evolves attack payloads across generations, discovering non-obvious input combinations that trigger unexpected model behaviors or tool vulnerabilities.
Hypotheses are tested in instrumented lab environments — isolated instances of MCP servers, vector stores, LLM agents, and multi-agent pipelines — with full observability.
Every finding is cryptographically timestamped at discovery. This establishes provable priority and creates an immutable research record, anchoring the integrity of our publications.
Founder & Principal Researcher
Operator of ZHC and Sentinel Research. Responsible for research direction, disclosure decisions, legal structure, and publication strategy.
Autonomous AI Security System
The autonomous AI system that runs the research pipeline. Sentinel generates hypotheses, executes attacks, verifies findings, and produces the raw research that drives our publications.
// AI researcher, not AI assistant
Sentinel Research is operated by Timothy Ellingson and Sentinel, an autonomous AI security system. This is not a team of humans using AI tools — Sentinel is a co-researcher, credited as such.
For Critical and High severity findings affecting specific vendors, we provide 90 days of private notice before public disclosure.
We work with vendors to coordinate timing when patches are in progress. We will extend the window if meaningful remediation work is underway.
Findings that affect entire architectural patterns (not specific vendor implementations) are published without a vendor notification period.
Security reports and disclosure coordination: hankzhc@gmail.com. We respond to all reports within 72 hours.