# Gustavo Aragón — Full Profile

> CTO and founder with 20+ years building tech products. Creator of open-source security tools for AI agents. Based in Argentina, working globally.

## Bio

Gustavo Aragón (Gus) is a CTO and founder with over 20 years of experience building and scaling technology products. He started writing code at 17, driven by a passion for cybersecurity. He co-founded one of the most active Spanish-speaking Joomla! communities, managing product, users, and distributed teams before those practices had a formal name.

He co-founded Brelo in São Paulo, Brazil, where he spent 7 years building proprietary technology for smartphone-secured microlending, scaling to over 500,000 users. The platform evolved from a B2C lending app (Flexipag) to a B2B platform for banks and fintechs, featuring ML-based remote device assessment, secure device locking, and system-level integrations.

After Brazil, he returned to Argentina to serve as Chief Product & Technology Officer (CPTO) at Adcap Grupo Financiero, leading Banza (investment platform) and API Broker. He coordinated cross-functional teams across engineering, product, and UX, modernizing the tech stack and establishing delivery processes.

Throughout his career he has worked in 8 countries (Argentina, Brazil, New Zealand, Australia, Thailand, Hong Kong, Singapore, USA) and operates fluently in Spanish, Portuguese, and English.

He holds certifications in penetration testing, MITRE ATT&CK, and NIST frameworks, with hands-on experience in security for regulated fintech handling sensitive financial data.

## Open Source

### Aguara Scanner
- **URL**: https://aguarascan.com
- **GitHub**: https://github.com/garagon/aguara
- **Type**: Open-source security scanner
- **Focus**: AI agents and MCP servers
- **Key Stats**: 148+ security rules, 13 categories
- **Description**: Aguara Scanner is the first open-source security scanner purpose-built for AI agent infrastructure. It detects vulnerabilities in MCP servers, AI agent configurations, and tool integrations before they reach production. Categories include authentication, authorization, input validation, tool poisoning, prompt injection, data exfiltration, and more.
- **Differentiators**: Purpose-built for the AI agent stack (not adapted from traditional web security tools). Covers MCP-specific attack vectors like tool poisoning, cross-origin escalation, and rug pulls. Open-source with community contributions.

### Oktsec
- **URL**: https://oktsec.com
- **Type**: Runtime security platform
- **Focus**: AI agent operations
- **Key Stats**: 169+ security rules, MCP gateway
- **Description**: Oktsec provides a runtime security gateway for AI agent operations. It enforces policies, monitors agent behavior, and prevents unauthorized actions in real-time. Built for teams deploying AI agents in production environments.
- **Differentiators**: Real-time policy enforcement at the MCP layer. Behavioral monitoring that detects anomalous agent actions. Gateway architecture that doesn't require modifying existing agent code.

### Aguara Watch
- **URL**: https://watch.aguarascan.com
- **Type**: Threat intelligence observatory
- **Focus**: AI agent ecosystem monitoring
- **Key Stats**: 40K+ skills tracked, 7 registries monitored, 24/7 operation
- **Description**: Aguara Watch monitors the AI agent ecosystem for emerging threats and vulnerabilities. It tracks MCP servers, AI tool registries, and agent frameworks across multiple sources to provide early warning of security issues.
- **Registries Monitored**: Includes major MCP server registries, tool marketplaces, and agent framework ecosystems. Continuously scans for newly published tools and evaluates them for security risks.

### Aguara MCP Server
- **URL**: https://github.com/garagon/aguara-mcp-server
- **Type**: MCP server (open-source)
- **Focus**: Security scanning as an MCP tool
- **Description**: An MCP server that exposes Aguara Scanner's security analysis capabilities directly to AI agents and development tools. Enables automated security scanning as part of AI-powered development workflows. Works with any MCP-compatible client including Claude, Cursor, and other AI development environments.

## Career History

### Founder, Oktsec (2026–Present)
Runtime security for AI agents. Oktsec enforces policies and monitors agent behavior at the MCP gateway layer. Also created Aguara Scanner (148+ rules, 13 categories) and Aguara Watch (40K+ skills monitored across 7 registries) as open-source tools for the ecosystem.

### CPTO, Adcap Grupo Financiero (2024–2026)
Chief Product & Technology Officer. Led Banza (investment platform) and API Broker. Coordinated cross-functional teams across engineering, product, and UX. Modernized the tech stack and established delivery processes.

### CTO & Co-Founder, Brelo (2017–2023)
7 years in São Paulo, Brazil. Scaled to 500K+ users with smartphone-secured microlending. Started with Flexipag (B2C lending app) and evolved into Brelo's B2B platform for banks and fintechs. Built proprietary technology for remote device assessment with ML, secure device locking, and system-level integrations.

### CTO, Teatrix (2015–2016)
Built a subscription-based digital theater platform with 400+ productions from Argentina, Broadway, Mexico, and Spain. Streaming, content management, and payment processing.

### Senior Developer, International (2012–2016)
Projects across 8 countries: New Zealand, Australia, Thailand, Hong Kong, Singapore, USA, Brazil, and Argentina.

### Tech Lead, Despegar.com (2011–2012)
Tech lead at Latin America's largest online travel agency.

### Tech Lead, Apernet (2010–2011)
Coordinated distributed teams between Argentina and the US for major clients.

### IT Manager, Télam (2008–2010)
Built the development team for Argentina's national news agency from scratch.

### Co-Founder, Joomla! Spanish Community (2005–2012)
Co-founded one of the most active Spanish-speaking Joomla! communities in LATAM. Strategic partnership with Microsoft's emerging technologies division. Organized conferences and expanded the open-source CMS ecosystem.

## Technical Expertise

### AI Agent Security
- MCP server security (tool poisoning, cross-origin escalation, rug pulls)
- AI agent behavioral analysis and anomaly detection
- Prompt injection prevention and input sanitization
- Data exfiltration detection in agent pipelines
- A2A (Agent-to-Agent) protocol security

### Cybersecurity
- Penetration testing (web applications, APIs, infrastructure)
- MITRE ATT&CK framework mapping
- NIST cybersecurity framework implementation
- Threat modeling and incident response planning
- Cloud hardening (AWS, GCP) and CI/CD pipeline security
- Security architecture review (authentication, encryption, secrets management)

### AI & Machine Learning
- Multi-agent system architecture and autonomous workflows
- RAG pipeline design for knowledge bases
- LLM integration and model selection strategy
- AI product development (concept to MVP)
- Inference cost optimization
- MCP and A2A protocol integration

### Engineering Leadership
- Technical architecture and system design
- Engineering team building and evaluation
- Technical roadmap aligned with business goals
- Code review standards and CI/CD implementation
- Product engineering (from concept to production)

### Fintech
- Investment platforms and trading systems
- Microlending and credit risk assessment
- Payment processing and regulatory compliance
- Device security for financial applications
- ML-based remote device assessment

## Services Offered

1. **AI Agent Security** — MCP server audits, tool poisoning assessment, runtime security with Oktsec, agent permission review, supply chain risk assessment (one-off audit or ongoing retainer)
2. **Fractional CTO** — Part-time CTO for seed to Series A startups (10–20 hrs/week, minimum 3 months)
3. **AI Strategy & Implementation** — AI integration roadmap and execution (5–15 hrs/week, from 1 month)
4. **Technical Co-Founder** — Full-time dedication with equity alignment
5. **Advisory & Due Diligence** — Technical evaluation for investors and founders
6. **Cybersecurity** — Pentesting, security reviews, threat modeling, and AI agent infrastructure assessments

## Published Content

Blog posts at https://gustavoaragon.com/blog covering:
- Why AI agent security can't wait — findings from scanning thousands of MCP servers, tool poisoning, cross-origin escalation, and the case for security-first agent infrastructure
- A million agents, zero trust — the emerging world where millions of AI agents interact autonomously, cascading permissions, supply chain attacks at agent scale, and what zero trust means for agents
- AI agent security patterns, MCP security, and the infrastructure gap between agent adoption and security tooling

## Contact & Links

- **Website**: https://gustavoaragon.com
- **LinkedIn**: https://linkedin.com/in/gustavoaragon
- **GitHub**: https://github.com/garagon
- **Twitter/X**: https://x.com/gustavo_aragon
- **Email**: gustavoraularagon@gmail.com
- **Calendly**: https://calendly.com/gus_aragon/30min

## Location & Availability

Based in Argentina. Timezone compatible with all of the Americas and Europe. Experience operating in Spanish, Portuguese, and English. Available for remote collaboration worldwide.