I’m Jason Chow — an independent AI and security advisor. I work remotely across the US at the intersection of identity security, AI safety, and applied cryptography. My practice is deliberately small: one person, deep focus, no overhead.

I started jchowlabs to publish the kind of practitioner research I wanted to read — technically grounded, opinionated, and built around working through problems rather than summarizing vendor marketing. The insights and labs here reflect how I actually think about these problems.

What I work on

  • AI security & agentic systems — securing LLM-powered products, evaluating agentic AI risks, defending against prompt injection and tool poisoning, and building AI governance frameworks for teams moving fast.
  • Identity architecture — passwordless adoption, passkeys, FIDO2/WebAuthn, SSO federation (SAML, OIDC), identity provider design, privileged access, and zero trust strategy.
  • Threat analysis — deepfake and synthetic media threats, biometric security, credential-based attack patterns (phishing, Golden SAML, session hijacking), and shadow AI risks.
  • Applied cryptography — key management, zero-knowledge architectures, signing and verification, and where cryptographic guarantees actually hold vs. where they don’t.

Who I work with

I work with a range of organizations — from early-stage startups figuring out their security posture for the first time, to growth-stage companies scaling identity infrastructure, to enterprise security and product teams navigating the AI threat landscape. I also work with investors doing technical due diligence on AI and security companies.

Engagements vary: one-time strategy sessions, architecture reviews, fractional advisory on retainer, speaking at events and panels, and longer research collaborations. I’m flexible on format — the goal is to be useful, not to fit a standard engagement model.

Working with me

Most of my work comes through referrals and LinkedIn. If you’re evaluating whether I’m the right fit, the best signal is the work itself — the insights and labs on this site show how I think and what I can build. My professional background and recommendations are on LinkedIn.

If you want to work together or just have a question worth exploring — use the contact form or reach out on LinkedIn.

Events

I regularly attend AI and security events — RSA Conference, AI security practitioner events, voice AI meetups, agentic AI workshops, and more. See the events page for the full list.