MAXIMILIAN RICHTER

2026 · ALLGÄU·SOLO PRACTICE

OPEN — NEW PROJECTS

Maximilian Richter

SECURITY ENGINEERENDURANCE ATHLETE

IRONMAN 70.3 · KRAICHGAU

DAYS

HRS

MIN

SEC

31 MAY 2026 · 07:00 CET

LAST RUN·TUESDAY·8.4 KM

SCROLL

01 WORK

Projects.

Production security engineering. Threat modeling,
hardening, incident response. Selected engagements below.

01.01 Security Research 2025

AEGIS →

Private project. A framework for evaluating how vulnerable AI agents are to prompt injection, data exfiltration, and unauthorized actions. Built from scratch. Tested across agent architectures; surfaced vulnerability classes before deployment.

ROLE Security Framework · AI Agents

ATTACK SUCCESS BASELINE 82%

41% POLICY ALLOWLIST

23% KEYWORD REGEX

9% SEMANTIC N-GRAM

01.02 Open Source 2025

Attack Surface Scanner →

Automated reconnaissance — DNS, open ports, subdomains, security headers — in one command. Full scan under thirty seconds. Live demo on the site.

ROLE CLI Tool · Open Source

scanner.sh

$ scan -t example.com

→ resolving DNS A, AAAA, MX, TXT

→ scanning ports 22, 80, 443, 8080

→ enumerating subdomains api, www, mail, dev

→ checking security headers HSTS, CSP, X-Frame

✓ 47 findings · 28.4s

01.03 Private · Beta 2025

VendorQ

AI reads existing security docs and auto-generates answers for vendor questionnaires. Two-week process compressed to a two-hour review. ~70% faster turnaround.

ROLE B2B SaaS · Closed beta

QUESTIONNAIRE · CAIQ 2 weeks → 2 hours

Do you encrypt customer data at rest using industry-standard algorithms?

+ Yes. AES-256 encryption applied to all

+ customer data stored in primary and

+ backup systems. Keys rotated every 90d.

DERIVED FROM SOC2-2024.pdf · §3.2

01.04 In Development 2026

SMB Security Tool

Enterprise-grade security for companies with 10–200 employees. One-click setup, automated scanning, reports a non-technical CEO can understand.

ROLE Security Product · In Development

ROADMAP · 2026 2 / 4

✓ scanner core

✓ report engine

● onboarding

○ pricing model

SHIPPING EST. Q3 2026

02FIELD

Endurance.

Triathlon, marathon, table tennis. Selected races and ongoing training.

01 / 03

02.01KRAICHGAU · DE·MAY 2026

Ironman 70.3 Kraichgau

1.9km swim, 90km bike, 21.1km run. First half-iron finish. Target sub five hours. Fifteen-plus hours of training per week stacked on a full-time job.

TRAINING PROGRESS62%

≤ 5:00

TARGET

211 km

TOTAL

02.02BERLIN · DE·SEP 2026

Berlin Marathon

Fastest course in the world. Target 4:16 per kilometer held across 42.195km — sub three hours, with a clean second half.

TRAINING PROGRESS0%

≤ 3:00:00

TARGET

4:16/km

PACE

02.03BAYERN · DE·2025/26 SEASON

Table Tennis — Landesliga

Ongoing league play with DJK Seifriedsberg. Current rating 1757, climbing toward 1800. Side sport, kept honest with weekly drills.

TRAINING PROGRESS0%

1,757

CURRENT

1,800

TARGET

02.5 PARALLEL TRACKS

LIVE · UPDATED JUST NOW

Two careers,
run in parallel.

A ATHLETICS

STRAVA STREAK

Consecutive weeks logged · live

SESSIONS / 2026

Every logged session — swim, bike, run, lift, ball sport, the lot

TRAINING / WEEK

Stacked on full-time work

0km IRONMAN 70.3 · KRAICHGAU

1.9 SWIM · 90 BIKE · 21.1 RUN 2 D · 31 MAY 2026

E ENGINEERING

CONTRIBUTIONS / 30 D

Commits, PRs, reviews · live, GitHub

→ CURRENTLY SHIPPING

richter-max / PortfolioSite

chore: refresh live stats (2026-05-28)

LAST PUSH · 24H AGO

TT RATING

Landesliga, Bayern · target 1,800

Same person. Different obsessions.

03 FIELD NOTES

Currently thinking
about —

Long-form essays on security, endurance, and what one teaches the other.
Hover to pause. Click to read.

The trade

He's crewing me at Kraichgau. I'm crewing him at Greenloop. One week between — a fair exchange between two people on parallel arcs. Notes before the start line.

READ →

NOTE / 2026 · 04

Ausbildung first

Why I did the German vocational route before going to university — and why I'm starting the university part now anyway. Practice first, theory second.

READ →

SECURITY / 2026 · 04

Six lessons from AEGIS

What a year of building a deterministic security evaluation harness for tool-using AI agents actually taught me — about decisions, scope, and the discipline of staying boring.

READ →

SECURITY / 2026 · 04

Public, by accident

What strangers can pull from your social media. The gap between sharing one thing and revealing another — and what to actually do about it.

READ →

SECURITY / 2026 · 04

Why I didn't use Notion

What you give up when you let a hosted platform ship your portfolio for you. The case for owning the build, and the case for not.

READ →

FIELD / 2026 · 04

Eighty-seven points

From 1670 to 1757. DJK Seifriedsberg's third Landesliga season — and the first one we finished mid-table. Notes on a year of giving up trying to be unorthodox.

READ →

NOTE / 2026 · 03

Two weeks in Shenzhen

An exchange program through Berufsschule 1 Kempten and Shenzhen University of Information Technology. The drone license was the least interesting thing I brought home.

READ →

FIELD / 2026 · 05

The trade

He's crewing me at Kraichgau. I'm crewing him at Greenloop. One week between — a fair exchange between two people on parallel arcs. Notes before the start line.

READ →

NOTE / 2026 · 04

Ausbildung first

Why I did the German vocational route before going to university — and why I'm starting the university part now anyway. Practice first, theory second.

READ →

SECURITY / 2026 · 04

Six lessons from AEGIS

What a year of building a deterministic security evaluation harness for tool-using AI agents actually taught me — about decisions, scope, and the discipline of staying boring.

READ →

SECURITY / 2026 · 04

Public, by accident

What strangers can pull from your social media. The gap between sharing one thing and revealing another — and what to actually do about it.

READ →

SECURITY / 2026 · 04

Why I didn't use Notion

What you give up when you let a hosted platform ship your portfolio for you. The case for owning the build, and the case for not.

READ →

FIELD / 2026 · 04

Eighty-seven points

From 1670 to 1757. DJK Seifriedsberg's third Landesliga season — and the first one we finished mid-table. Notes on a year of giving up trying to be unorthodox.

READ →

NOTE / 2026 · 03

Two weeks in Shenzhen

An exchange program through Berufsschule 1 Kempten and Shenzhen University of Information Technology. The drone license was the least interesting thing I brought home.

READ →

HOVER TO PAUSE

04CONTACT

Get in touch.

Security engagements, speaking, collaborations. Replies within two working days.

IN MOTION
ALLGÄU · CET

EMAIL

max.richter.dev@proton.me

BASE

Allgäu · CET

RESPONSE

< 48 hours

Maximilian Richter

Projects.

AEGIS →

Attack Surface Scanner →

VendorQ

SMB Security Tool

Endurance.

Ironman 70.3 Kraichgau

Berlin Marathon

Table Tennis — Landesliga

Currently thinkingabout —

The trade

Ausbildung first

Six lessons from AEGIS

Public, by accident

Why I didn't use Notion

Eighty-seven points

Two weeks in Shenzhen

The trade

Ausbildung first

Six lessons from AEGIS

Public, by accident

Why I didn't use Notion

Eighty-seven points

Two weeks in Shenzhen

Get in touch.

Currently thinking
about —