About¶
The question I kept returning to wasn't whether AI belongs in security operations. It clearly does. The question was what it actually takes to build a system you'd stake a finding on.
I've spent twenty years in offensive and defensive cyber operations. I understand the environment these tools are supposed to serve. What I kept seeing — in demos, in tool evaluations, in documentation — was the same gap: impressive performance under controlled conditions, unexplained failures under real ones. Nobody was documenting why, systematically, with the same rigor applied to the failures as to the successes.
I decided to find out.
ARCHER started as a personal project: build a local-first AI penetration testing agent from scratch, run it against real targets, document every failure. Five weeks in, the agent worked. What also emerged was 130+ diagnosed failure classes, a taxonomy of the structural reasons AI fails in security roles, and a three-layer architecture for building systems that hold up.
The failures turned out to be more interesting than the successes.
The finding wasn't "the models aren't good enough." The models were fine. The finding was that most AI security tools place probabilistic reasoning in roles that require deterministic correctness — and then compensate with prompt engineering until the system is too fragile to trust. Every parser written to handle output variation, every fallback added when the model doesn't follow a format, every safety check inserted after generation — each is evidence that the responsibility partition was wrong from the start.
That structural failure has a name: the Stochastic Trap. The architecture that avoids it has a name too: the Centaur Framework.
Jay Hawkins — Principal Researcher¶
My career began in the infantry with the 82nd Airborne, then pivoted to Communications where I first learned a passion for learning and problem solving, my time in service culminated as a Senior Cyber Security Analyst and Military Planner where I was priviledged with access to work harder problems, explore the unanswered questions, and devle into new ways of thinking. I've worked both offensive and defensive cyber operations — securing strategic networks and critical infrastructure, coordinating cyber effects operations globally, while serving across USCYBERCOM, USCENTCOM, USNORTHCOM, and USEUCOM.
I build security tools because I genuinely enjoy this process of discovery and exploration - finding the way forward. This mindset has taught me there's always a better way, and finding it just requires building things, breaking them, recording lessons learned, and starting over with better knowledge than you had before. This is how knowledge is earned and skill is built over time.
Why This Lab¶
This started as a passion project — personal curiosity about what it actually looks like to operationalize AI for hard cybersecurity problems, not in theory but in practice, on real hardware, against real targets, collecting actionable lessons along the way.
The deeper I went into the process, the more I wanted to document it with honesty and transparency so others could benefit from it: what data could be collected and learned from, what methods worked, what didn't, what surprised me, and why. AI in security is moving fast and there are genuinely hard questions about how to do it well — around architecture, technologies, methodologies, auditability, and reliability in production environments. I don't claim to have all the answers. The point is to explore the questions seriously, share what I learn, and push the work forward.
Centaur Security Labs is where that exploration lives. If you're working on the same problems or thinking about them from a different angle, I'd like to connect.
On AI Collaboration¶
This work was built in active partnership with AI systems — not in the background, and not as a polishing pass.
The code, the articles, the research design, and the ideas were all developed in genuine collaboration with AI across the board. That means the AI wasn't used to autocomplete boilerplate or clean up prose after the fact. It was instrumental in helping me explore and understand ideas that were beyond my existing knowledge-set. It broadened and deepened my understanding of complex problems. It acted as an advisor in areas where I was weak. It aided in failure analysis. It extended my reach beyond the limits of my cognitive capacity. Every major artifact in this project was in some way shaped by that partnership. Part of the lesson has been to set aside ego and develop a willingness to accept what I don't know — and to find ways to incorporate AI to enhance my knowledge, skills, abilities, and speed to fill those gaps. This method enabled learning at a breadth and depth I've never experienced before, while creating at an even faster pace.
This is not a disclosure buried in a footer. It is the point.
ARCHER is built on that same principle — and so is this lab. The Centaur Model paper describes the architecture and the reasoning behind it in full.
What the AI contributed: speed, breadth, code generation, pattern recognition, and a tireless willingness to engage with and expand upon half-formed ideas. What I contributed: direction, curiosity, operational context, risk judgment, the ability to recognize when the AI was confidently wrong, the right balance of trust, skepticism, and accountability for the final output. Those things are not interchangeable. The Centaur Model paper explains why.
The benchmark here — for all of it — is honest, transparent, open, high-quality work that I stand behind. If an AI-assisted article holds up to scrutiny, advances understanding, and is clearly labeled as to how it was produced, it meets the standard.
Professional Background¶
Current status: Transitioning to the private sector. Final retirement date from the Army: January 31, 2027. Seeking senior-level roles at the intersection of Cybersecurity Research, Incident Response, Detection Engineering, and AI Security Tooling.
Clearance: Active TS/SCI.
Certifications: CEH, CHFI, Pentest+, Security+. Currently studying for the CISSP.
Connect¶
Direct, technical discussions welcome.