Bluetooth audio SoC — firmware-authentication weakness
Protocol and OTA analysis of a widely-deployed Bluetooth audio chip family, affecting tens of millions of devices. Coordinated disclosure to vendors, BT-SIG and MITRE in progress.
VERTEXELITE
VertexElite builds public platforms and private internal systems — web applications, MCP tooling, cloud operations, monitoring, and applied security research. Built for real-world operations.
Selected work
Real applications with real users and real transactions. Each one designed, built, deployed and operated end to end.
Cross-border services platform connecting Australia and Sri Lanka.
Repair-business management for the US market — scheduling, customers and operations.
Private production systems
Beyond the public portfolio, VertexElite designs and maintains private production systems across AI infrastructure, MCP tooling, security automation, deployment operations, monitoring and internal control platforms.
Custom MCP gateways, AI-agent tool routing, permission boundaries, audit logging, internal automation workflows and secure agent operations.
Detection pipelines, vulnerability triage, security dashboards, alert routing, infrastructure monitoring and applied research tooling.
Deployment dashboards, health checks, uptime monitoring, backup visibility, incident workflows and production observability systems.
Closed-source production platforms, admin portals, APIs, dashboards, business automation systems and internal tools maintained under private review.
Some systems are private, client-protected or internal-only — full details are available through private review or NDA. Publicly, we share redacted architecture summaries, security research and selected case studies.
Security research
Security is a first-class discipline here, not an afterthought. VertexElite runs a coordinated vulnerability-disclosure practice and builds detection and hardening into every system it ships.
Threat models and guardrails for autonomous coding agents — permission boundaries, sandboxing and abuse prevention.
Securing Model Context Protocol deployments: tool allow-listing, audit logging and context-injection defense.
Detecting malicious packages and impersonation campaigns targeting developer toolchains.
TPM-bound keys, zero-trust networking, default-deny firewalls and compartmentalized environments.
Protocol and OTA analysis of a widely-deployed Bluetooth audio chip family, affecting tens of millions of devices. Coordinated disclosure to vendors, BT-SIG and MITRE in progress.
Source-level analysis of a USB Wi-Fi/BT controller firmware-download path with no signature enforcement. Coordinated disclosure in progress.
Operational details and redacted reports are shared only through responsible-disclosure channels or private review.
What we build
A full-stack practice that owns every layer — product, data, infrastructure, AI and security.
Multi-tenant SaaS, portals and transactional apps in Next.js / React.
LLM orchestration, MCP gateways, agent tooling and retrieval over private data.
Detection pipelines, vulnerability triage, dashboards and applied research tooling.
Self-hosted estates on Proxmox behind Cloudflare Zero Trust — no exposed origins.
Operations, monitoring, observability and incident-workflow control panels.
Cross-platform apps that share the same backend and design language.
Migrating ageing stacks to modern, maintainable, observable systems.
Case studies
Problem to outcome — the engineering behind a platform, not just a screenshot.
Trust & verification
Founder & Lead Engineer
Self-taught engineer from Sri Lanka. Fifteen years repairing Apple hardware before turning that obsession with how things work into a full-stack engineering practice.
I founded VertexElite to build web platforms that handle real users and real money — and then built a portfolio of them, public and private. The same curiosity that took me inside MacBooks now takes me down to the firmware of the chips in everyday devices.
I work close to the metal on both ends: from React Server Components and multi-tenant data models, to a self-hosted Proxmox estate fronted by Cloudflare Zero Trust, to coordinated security research on consumer silicon.
FAQ
Closed-source and client-protected systems are available through private review or under NDA. Publicly we share redacted architecture summaries, security research and live case studies.
Based in Colombo, Sri Lanka, working with clients worldwide. English is the primary working language.
Yes. VertexElite is a software + security engineering practice — we build production platforms and run a coordinated vulnerability-disclosure practice.
Next.js / React / TypeScript on the front; Node with PostgreSQL, MariaDB and SurrealDB on the back; self-hosted on Proxmox behind Cloudflare Zero Trust; LLM/MCP systems on top.
Email directly — no middlemen. We scope the work, agree on outcomes and ship.
Contact
Have a platform to build, an idea to validate, or a system to harden? Reach out directly — no middlemen, fast replies.