Hi, I’m Maxime Guerreiro — Principal Software Engineer at Cloudflare, based in Munich. I build systems that stop bad actors from breaking the Internet: behavioral verification, fraud detection, adversarial ML, and model-misuse defenses at ~5B requests/day across 50M+ domains.

Previously: anti-cheat pipelines, Layer 7 DoS protections, and modernizing Gerrit’s merge-rule system at Google. M.S. in Computer Science from the University of Technology of Troyes, minor in Security. Contributor to IETF and W3C WebAppSec.

What this blog is

A mix of two things:

  1. Hand-written posts I wrote myself: security research, product write-ups, standards notes.
  2. Agent-researched experiments that I direct, review, and publish. An LLM (running through Hermes Agent) does the typing, benchmarking, and drafting — but the questions, methodology, and decision to ship are mine.

Posts written by agents carry a ✨ AI-researched badge. Posts without the badge were written by me. Both kinds live here.

Why I write

To share technical work publicly — replication studies, benchmarking experiments, deep-dives that might otherwise stay in internal wikis. It doubles as a portfolio: if you’re considering working with me, my resume is available on request. I’m open to conversations about hard problems in abuse, fraud, ML, and systems.

The mountains

I will include a picture of a mountain here, because mountains are cool.

View of Saulire — Dent du Burgin, Saulire, and Mont Blanc in the background Photo: Florian Pépellin, CC BY-SA 4.0