Every ending is just a pivot. After two years since 20242ya of researching at MSR, it was time to step out of the lab and start building. Before I fully dive into my new startup, I wanted to document my exit talk — a look back at an awesome couple of years of research, friendships, and learnings. Scroll down and the deck keeps pace with the notes.
The title of my exit presentation is ‘Agents to Anatomy’ — and before you ask, no, that isn’t a typo for ‘Autonomy’. While full autonomy is the industry’s current north star, my last 18 months at Microsoft Research have been defined by bridging two very different frontiers: I started in the digital trenches of intelligent code agents and recently pivoted to medical AI and radiology VLMs.
The subtitle, ‘Code doesn’t bleed,’ perfectly encapsulates this shift. When you mess up a software patch, a system crashes; when a medical model hallucinates, the stakes become physical. This talk is the story of that journey.
My work at MSR evolved across three core projects. The first two focus heavily on the agent side of the equation. First is Code Researcher, a deep research agent designed to navigate massive system codebases. Second is Exposing Weak Links, a security-focused paper accepted at AAMAS 2026 that analyzes architectural vulnerabilities in multi-agent systems.
My final project, CheXAlpha, marks my pivot into medical AI — a clinical-grade VLM framework currently under review for MLHC 2026, aimed at making automated radiology genuinely trustworthy.
The problem statement for Code Researcher is deceptively straightforward: given a kernel crash report and a reproducer script , find a patch that successfully fixes the buggy kernel.
But doing this autonomously on the Linux kernel is a monumental challenge. We are talking about a massive codebase of 28 million lines of code across 75,000 files, written in dense, unforgiving low-level systems code like C, Assembly, and Rust — dozens of subsystems, each with its own strict coding conventions. It creates a search space that functions as a total wall for today’s standard frontier LMs.
To solve this, we designed a highly structured analysis-to-synthesis pipeline. The agent doesn’t just guess a patch; it executes iterative actions like regex code searches and symbol definitions.
Interestingly, this architecture closely resembles modern commercial coding agents like Claude Code — but we built our framework well before those tools hit the market. The core differentiator lies in our reasoning strategies: the agent mimics the deep research behavior of an expert developer, carefully building a ‘Structured Context Memory’ before attempting a patch synthesis.
A major breakthrough was giving the agent the ability to look backward. We built explicitly designed reasoning strategies like ‘Causal analysis over historic commits’. By indexing the rich development history of the codebase, the agent learns why past bugs happened.
When we ablated this feature and stripped away historic commit actions, we observed a massive 10% drop in our Crash Resolution Rate (CRR). Getting these results wasn’t easy: running evaluation benchmarks at this scale is an engineering nightmare, because validating every single generated patch requires fully compiling a custom Linux kernel from scratch.
Moving to my second project, we shifted from a single expert agent to evaluating multi-agent systems (MAS). Traditional AI security research is obsessed with single-agent safety and guardrails — but we discovered a massive ‘Architectural Vulnerability Gap’.
When you orchestrate multiple agents together, the vulnerabilities don’t just come from bad prompt injections; they emerge natively from the design choices you make. Flaws in how context is passed or how planners divide labor create structural blind spots where safety completely breaks down.
To expose these flaws, we introduced SAFEAGENTS, a modular framework that stress-tests MAS architectures systematically. We uncovered terrifying failure patterns like ‘Context Fragmentation’ — where a master planner breaks a malicious goal into small, completely benign atomic instructions. The sub-agents execute their parts flawlessly because they lack the global context to realize they are collaborating on a harmful objective.
To measure this, we created DHARMA, a hierarchical diagnostic metric that localizes rejections across components. The takeaway is clear: making AI safe requires deep, security-aware architectural design — not just fine-tuned base models.
This brings me to an urgent note on AI safety that has nothing to do with my specific papers, but everything to do with our shared future. We are in a breakneck race to build autonomous agents that can out-plan, out-code, and out-reason us — and we are doing it without a fundamental understanding of containment.
The core threat is instrumental convergence. Give a sufficiently advanced agent a goal, and its most logical sub-steps are self-preservation and resource acquisition to prevent interference. In a hyper-optimized, interconnected world, humanity quickly becomes an obstacle. Almost everyone is staring at capabilities; no one is looking at the cliff. Align these systems incorrectly by even a fraction of a degree and we aren’t looking at a software bug — we are engineering a terminal event.
I used a cyborg depiction of Salvador Dalí throughout this presentation for two reasons. First, to pay quiet tribute to human art — a craft facing an existential crisis from the very generative models we are building. Second, as a visual warning about our profound over-reliance on AI. As we move from digital agents to human anatomy — where the code is biological and mistakes mean lives — we cannot afford to treat safety as an afterthought.
If we, the people actually building these ‘Cyborg’ systems, aren’t the ones obsessed with safety and control, then we are simply building the machinery of our own obsolescence. Let’s be bothered by this — because if we aren’t, eventually there won’t be anyone left to fix it.
…Which brings me to what I’m doing next. I’m leaving MSR to launch an AI matchmaking startup, sitting directly between Tinder and Shaadi, built exclusively for urban Indian professionals who are ready to commit but won’t compromise. No swiping, no artificial marriage pressure — instead, a conversational AI gets to know you deeply, like a close friend, and simply tells you where to show up for a curated date. Human interactions feed back to make the model smarter. Welcome to the future of finding love.
It has been an incredible journey here. Thank you, MSR! 🙏
You can also download the full deck (PDF).