Members-Only
Recent Talks & Demos are for members only
You must be an AI Tinkerers active member to view these talks and demos.
HEX AI: AI Security Assistant
Live demonstration of HEX AI, a sandboxed security assistant for ethical hacking, covering backend design, prompt orchestration, OAuth, real-time streaming, M‑PESA integration, and safety controls.
I’ll demo HEX AI, a security-focused AI assistant I built for ethical hackers and red teamers. It simulates real-world pentesting, red teaming, and malware analysis workflows in a safe, sandboxed environment. HEX includes OAuth auth, real-time AI streaming, M-PESA STK integration (via Instasend), and a live admin dashboard. I’ll walk through how I engineered the backend logic, prompt orchestration, and the layered safety mechanisms that keep everything purely educational and simulation-based.
AI-powered ethical hacking assistant requires GitHub authentication for conversation memory.
- OpenAI APIOpenAI API: Your direct gateway to cutting-edge AI models (GPT-4o, DALL-E 3, Whisper), enabling scalable, multimodal intelligence integration into any application.The OpenAI API provides authenticated, programmatic access to a powerful suite of generative AI models. Developers leverage REST endpoints and official libraries (Python, Node.js) to integrate capabilities like advanced text generation (GPT-4o), image creation (DALL-E 3), and speech-to-text transcription (Whisper). This platform is engineered for scale, supporting millions of daily requests for tasks from complex reasoning to real-time customer support agents, ensuring your application gets reliable, state-of-the-art intelligence.
- NextNext.js is the full-stack React framework: it delivers high-performance web applications via hybrid rendering and powerful, Rust-based tooling.This is the React Framework for production: Next.js enables you to build full-stack web applications with zero configuration and maximum efficiency. It supports a hybrid rendering approach (Server-Side Rendering, Static Site Generation, and Incremental Static Regeneration) for optimal speed and SEO performance. Key features include React Server Components, Server Actions for running server code directly, and the App Router for advanced routing and nested layouts. Developed by Vercel, it leverages Rust-based tools like Turbopack and the Speedy Web Compiler for the fastest possible builds and a superior developer experience.
- NodeNode.js is a high-performance JavaScript runtime built on the V8 engine for executing scalable network applications.Ryan Dahl launched Node.js in 2009 to rethink server-side concurrency. It utilizes an event-driven, non-blocking I/O model to manage thousands of concurrent connections on a single thread. The system runs on Google's V8 engine (C++) and provides access to npm (a registry with over 2 million packages). Companies like Netflix and LinkedIn use it for its speed and scalability: it remains the top choice for real-time data streaming and microservices.
- SupabaseThe open-source PostgreSQL development platform: a Firebase alternative for rapid backend deployment.Supabase is the Postgres development platform, providing a complete, open-source backend-as-a-service solution. It packages enterprise-grade tools like a full PostgreSQL database, a RESTful API (via PostgREST), and a GraphQL API (via pg_graphql) that are auto-generated from your schema. The platform includes a comprehensive suite of services: Auth (for user sign-ups and SSO), Storage (for files with S3 integration), Realtime (for database change subscriptions), and Edge Functions (for serverless logic). The core value proposition is clear: build fast with a powerful, scalable SQL database that offers 100% portability and robust security features like Row Level Security (RLS).
- JSON Web TokenJSON Web Token (JWT) is an open standard (RFC 7519) defining a compact, URL-safe method for securely transmitting claims between two parties via a digitally signed JSON object.JWTs (pronounced 'jots') are the go-to for modern, stateless authorization and information exchange. The token uses a compact serialization format: `Header.Payload.Signature`, each part Base64URL-encoded. The Header specifies the token type and the signing algorithm (e.g., HMAC SHA256 or RSA). The Payload carries the 'claims' (data assertions) like `iss` (issuer), `exp` (expiration time), and custom user roles. Crucially, the Signature verifies the token's integrity: it’s calculated using the Header, the Payload, and a secret key. This structure allows a server to validate a user's identity and permissions—like an admin role—without a database lookup, simply by checking the cryptographic signature.
Related projects
Automating AI Consultancy: How We Built an Agentic System That Audits AI Value Before You Pay
Nairobi
A live demo of an autonomous AI audit platform that collects business data, analyzes compatibility, projects ROI, and…
Proactive AI Teammate that evolves with your team
New York City
See how a proactive AI teammate integrates natively with a team, providing context, executing tasks, and recalling facts…
The 4-Month Sprint That Turned Me Into an AI Developer
Nairobi
I will detail how I rebuilt three apps using AI‑assisted coding, covering vision‑language models, rapid learning from scratch,…
AI automation Agents
Nairobi
Explore four practical AI agents-a website chatbot widget, an ElevenLabs voice assistant, an email classification responder, and a…
Tracking AI code
New York City
A demo of a git extension that records which lines were generated by AI, showing installation, usage, and…
Design of an AI Visualization agent for water engineers and code for aiding visually impaired
Nairobi
How IoT sensors and accessible software provide real‑time monitoring of seismic activity, temperature, salinity, and asset inventory for…