CV | Bobby Filar

Experience

2022 — present

Sublime Security

Designed and co-developed ADÉ (Autonomous Detection Engineer), a specialized coding agent that writes detections through a knowledge base, tool use, and specialized sub-agents.
Co-authored an agent evaluation framework for LLM-generated security rules with hold-out human baselines; introduced metrics for detection accuracy (unique-TP precision), brittleness → robustness, and cost-to-pass syntactic validation.
Architected ASA (Autonomous Security Analyst), a deep-reasoning agent for triaging phishing emails.
Created a computer-vision model for detection and identification of brand impersonation and phishing portals.
Designed a natural-language understanding model for intent classification and named-entity recognition.
Optimized models for resource efficiency, enabling daily operation across millions of emails at a fraction of the prior compute cost.

2019 — 2022

Elastic

Recruited and hired the team (3× growth in 18 months).
Set the research agenda by collaborating with cross-functional teams to design product features that leverage machine learning.
Managed ML projects end-to-end: data needs, go/no-go performance metrics, and stakeholder communication.
Technical lead of the Insights Initiative, an ML-backed approach to improving alert triage in the Elastic Security app.
Drove a holistic ML approach (supervised + unsupervised) to tailoring detection to local environments.
Research on language models for anomalous behavior detection in event data.
Built an ML service on top of alert feedback that reduced global false positives by ~40% within 48 hours of model releases.

2015 — 2019

Endgame (acquired by Elastic)

Recruited and led a distributed team of data scientists and engineers shipping ML features and critical data-pipeline enablers.
Acted as an independent monitor of ML projects — tracking progress, surfacing challenges, and reporting to key stakeholders.
Designed and developed Artemis, a natural-language interface for querying security event data.
Developed ML features for a static PE binary malware classifier.
Designed an adversarial-ML service for tree-based classifiers to discover blind spots and surface potential model decay.
Designed and implemented an active-learning interface for increasing NLP model efficacy.

2011 — 2015

Battelle Memorial Institute

Designed and implemented a social-media collection, analysis, and visualization platform.
Developed an authorship-attribution model for source-code attribution.
Built a model demonstrating information diffusion within small online communities and predicting future propagation.

Selected publications

Bertiger, Filar, et al. — Evaluating LLM-Generated Detection Rules in Cybersecurity. CAMLIS 2025. arXiv:2509.16749
Brundage, et al. — The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation. arXiv preprint, 2018 (co-authored with FHI, OpenAI, CSER, EFF, CNAS). arXiv:1802.07228
Anderson, Kharkar, Filar, et al. — Learning to Evade Static PE Machine Learning Malware Models via Reinforcement Learning. arXiv preprint, 2018. arXiv:1801.08917
Filar, et al. — Ask Me Anything: A Conversational Interface to Augment Information Security Workers. USENIX SOUPS WSIW 2017. Workshop paper
Raff, Fleshman, Zak, Anderson, Filar, McLean — Classifying Sequences of Extreme Length with Constant Memory Applied to Malware Detection. AAAI 2021. OJS link

For the full list, see Publications.

Program Committees

CAMLIS — Conference on Applied Machine Learning in Information Security
WoRMA 2026 — 5th Workshop on Rethinking Malware Analysis (co-located with IEEE EuroS&P 2026, Lisbon)
ACM AISec — ACM Workshop on Artificial Intelligence and Security