Hi — I’m Tsotne.

I’m a senior software engineer based in the Netherlands. I spend most of my time writing code, but I got here the long way — six years managing a truck brand before I wrote my first line of Ruby.

What I do by day

Backend systems. Seven years of Ruby on Rails and Python, currently at Navinfo Europe on the HD-map pipelines that feed L3+ autonomous driving systems at BMW, Toyota and Volkswagen. I also contribute to a C#/.NET testing framework that validates automotive infotainment systems against security requirements before they ship to OEMs.

What I build on the side

Almost everything I build in my own time involves AI agents, MCP servers, or the Claude API in some form — automating work, wiring up agent pipelines, and turning models into real products. A few that shipped:

• DemoFlow — live SaaS that turns screenshots into interactive product demos. Claude Vision writes the captions; Stripe handles billing; the whole thing runs on Supabase, Railway and Vercel.
• EvalPriv — self-hosted AI gateway that intercepts every prompt leaving your network, scans for PII (emails, IBANs, Luhn-validated cards), and logs the rest.
• ModelArena — pairwise benchmarking that pits AI models head-to-head on your actual workload and produces a win-rate matrix.
• AI-augmented Zettelkasten — personal knowledge system that gives Claude live vault access through a custom MCP server, so it can surface link candidates and catch inconsistencies at scale. This is my prime knowledge and personal improvement pipeline.

More detail, with stacks and design choices, on the projects page.

Security, baked in — not bolted on

Security is part of how I approach engineering, not a separate track. In my own projects I think hard about PII handling (EvalPriv exists for exactly this reason), row-level security, API-key hygiene, XSS, rate limiting and credential handling every time I ship. An application that serves customers well and one that handles a hostile packet well are the same target, not two.

I back that interest up outside work, too — volunteer vulnerability research with DIVD starting April 2026, TryHackMe certifications (Pre Security, Cyber Security 101), Cisco networking fundamentals, and a steady drip of hands-on practice. I keep at it because it’s genuinely interesting and because it makes me a better engineer.

What this blog is for

This is where I write up the things that actually clicked for me — a pattern for structuring agent pipelines, a subnetting trick, a war story from running LLMs in production, a security quirk I hit in the wild. The posts skew toward AI engineering, secure-by-default backends, and practical security, with a bias toward showing rather than summarising.

If something I wrote here saved you an afternoon, that’s the best outcome I can ask for. Say hello on GitHub or LinkedIn.

Offline, briefly

Beagle owner. Acoustic guitar in progress. Gym, UFC, Formula 1. Georgian, English and Russian fluently; Dutch coming along.