# Humza Tareen — AI Engineer & Researcher

> AI Engineer who ships production systems with enterprise clients. IEEE-published researcher. Building at the intersection of AI, cloud infrastructure, and developer tooling.

## About

Humza Tareen is an AI Engineer based in Islamabad, Pakistan. He has delivered GenAI solutions for Fortune 500 clients including Apple, Meta, and Bytedance. He holds a BS in Computer Science from NUST and is published in IEEE EMBC 2025. He is certified in IBM Cloud Pak for Integration, Mulesoft, and Microsoft Power Platform.

## Key Areas of Expertise

- **Cloud Architecture**: Multiple Cloud Run microservices, GKE clusters, and managed databases on GCP
- **AI/ML Infrastructure**: RAG systems with pgvector, LLM evaluation pipelines, reinforcement learning training arenas
- **Event-Driven Systems**: Pub/Sub, Cloud Tasks, Cloud Scheduler, dead-letter queues
- **DevOps & Security**: CI/CD with GitHub Actions, Cloud Build, security auditing, structured logging
## Blog Articles (17)

- [Building an AI Evaluation Platform on GCP](https://humzakt.github.io/blog/building-ai-evaluation-platform-gcp.html): How I built an AI evaluation platform from scratch on GCP — architecture decisions, production incidents, and lessons learned
- [Core AI Evaluation Engine](https://humzakt.github.io/blog/atlas-evaluations-core-engine.html): The two-week AlloyDB SSL detective story, a Firestore default database trap, and why KEDA autoscaling needed careful tuning
- [Automated LLM Scoring Service](https://humzakt.github.io/blog/auto-rater-service-llm-scoring.html): Taking an LLM scoring service from fragile prototype to production — idempotency patterns, VPC debugging, and Redis state recovery
- [Event-Driven Architecture on GCP](https://humzakt.github.io/blog/event-driven-architecture-gcp-pubsub.html): Why I chose events over HTTP for a 6-phase pipeline that runs for 30 minutes — and how it saved us from retry hell
- [Auth Gateway & Admin Dashboard](https://humzakt.github.io/blog/guard-service-auth-gateway.html): Building an authentication backbone with JWT, OIDC, and Kong — plus the cache invalidation bug that reminded me why it's one of the hardest problems in CS
- [Notification Service](https://humzakt.github.io/blog/notification-service-event-delivery.html): Designing an event delivery system with Cloud Tasks, circuit breakers, and webhook dispatch — and the Pydantic v2 serialization bug that broke everything
- [RAG Retrieval Service](https://humzakt.github.io/blog/rag-service-embedding-search.html): Building a pgvector-powered retrieval pipeline, surviving a midnight deprecation crisis, and tracking document provenance
- [RL Training Arena for Code Agents](https://humzakt.github.io/blog/rl-arena-executor-preprocessor.html): Building a Gym-style reinforcement learning environment on GKE — and why Cloud Build sandboxing was the key to safe code execution
- [RL Training Arena Deep-Dive](https://humzakt.github.io/blog/rl-training-arena-code-agents.html): Teaching AI to code through structured feedback — the reward shaping and hexagonal architecture behind a training arena
- [The Connective Tissue of an AI Platform](https://humzakt.github.io/blog/workflow-taxonomy-platform-services.html): The four services nobody sees but everyone depends on — workflow orchestration, taxonomy routing, JWT auth, and LLM memory evaluation
- [Debugging AlloyDB SSL Connection Drops](https://humzakt.github.io/blog/debugging-alloydb-ssl-connection-drops.html): The two-week detective story of an AlloyDB SSL bug that was silently failing 5% of our evaluation tasks
- [Idempotent Cloud Tasks Handlers in Python](https://humzakt.github.io/blog/idempotent-cloud-tasks-handlers-python.html): How a simple 3-step pattern eliminated duplicate records and made Cloud Tasks retries safe
- [Zero-Downtime Embedding Migration](https://humzakt.github.io/blog/rag-embedding-migration-zero-downtime.html): When our embedding model got deprecated overnight, here's how we migrated production data without a single outage
- [Security Audit: Critical Gaps Found](https://humzakt.github.io/blog/security-audit-ai-platform-25-critical-issues.html): What I found when I audited my own production platform — SQL injection, hardcoded secrets, and a monolithic God Class that nearly broke everything
- [Incident Response & CLI Agent Debugging](https://humzakt.github.io/blog/incident-response-iflow-debugging.html): Building incident runbooks, debugging silent agent failures where exit code 0 hid API errors, and fixing sandbox environment gaps
- [Systematic Service Hardening](https://humzakt.github.io/blog/systematic-service-hardening-guard-notification.html): One week, three services — fixing N+1 queries, race conditions, SSRF vulnerabilities, non-atomic counters, and writing 124 tests from scratch
- [How I Find Bugs in Production Code](https://humzakt.github.io/blog/production-bug-hunting-33-issues.html): Filing 33 issues in one week using a 5-layer audit methodology — from API surface validation to path traversal and datetime bugs

## Links

- Portfolio: https://humzakt.github.io
- Engineering Profile: https://humzakt.github.io/engineering.html
- Research Profile: https://humzakt.github.io/research.html
- LinkedIn: https://www.linkedin.com/in/humzakt
- GitHub: https://github.com/humzakt
- RSS Feed: https://humzakt.github.io/blog/feed.xml
- Email: humzakhawartareen@gmail.com