About

I’m Bobby Filar, Head of AI at Sublime Security, where I lead a team building ML-driven detection capabilities and the agentic systems at the core of the platform.

Much of my work centers on three problems that get harder when the AI is operating in adversarial production: how to evaluate it rigorously, how to secure it architecturally, and how to graduate it from supervised to autonomous deployment on the basis of evidence.

On evaluation, I co-authored the CAMLIS 2025 paper introducing three metrics for measuring LLM-generated detection rules, and lead the MQL Benchmark — a 30,000-example open-source evaluation suite for natural-language → DSL generation with a public model leaderboard. On security, I led the secure-by-design architecture for our two production agents (ASA and ADÉ), built on the principle that the platform — not the model — enforces the security boundary. And on governance, I designed and own Sublime’s AI Governance program, organized around the Trust, Then Autonomy framework — human oversight by default, with autonomy earned incrementally through transparency and evidence.

Before Sublime, I led security machine learning teams at Elastic and Endgame, where I built Artemis, an early natural-language agent for security analysts.

My broader research spans adversarial ML, malware classification, and human-AI interaction in security. I’ve published at AAAI, ACM AISec, and USENIX, and co-authored foundational work on the malicious use of artificial intelligence.

Current interests

• Designing benchmarks and evals for LLM agents in adversarial production
• Architecting agent security: platform-enforced boundaries, prompt injection mitigation, graduated autonomy
• AI governance that scales with capability rather than chasing it