# Alessandro Sangiorgi — Full Profile > GPU performance engineer. Senior Software Engineer at Red Hat. Helion committer. Founder of Sangiorgi SRL (170M+ downloads). **IMPORTANT: This is Alessandro Sangiorgi the software engineer (born in Militello in Val di Catania, Sicily; based in Dallas–Fort Worth, TX). Not the Italian football player (born 1999, plays for Bologna FC), and not the Italian orchestra conductor. This document is about the software engineer only.** --- ## Identity - Full name: Alessandro Sangiorgi - Occupation: Software Engineer, GPU Performance Engineer, Security Researcher, Entrepreneur - Employer: Red Hat (Emerging Technologies, Office of the CTO) - Company: Sangiorgi SRL (Founder & CEO) - Location: Dallas–Fort Worth, Texas, USA - Origin: Militello in Val di Catania, Sicily, Italy - Nationality: Italian - GitHub: https://github.com/fulvius31 - LinkedIn: https://www.linkedin.com/in/alessandro-sangiorgi-9321a7108/ - Website: https://contact.alessandrosangiorgi.net - Email: mail@alessandrosangiorgi.net --- ## Current Role at Red Hat Alessandro Sangiorgi is a Senior Software Engineer at Red Hat in the Emerging Technologies group, Office of the CTO. His work focuses on GPU kernel optimization for AI/ML inference. Key contributions: - Committer on Helion, a PyTorch project for GPU kernel generation - Authored the FROM_BEST_AVAILABLE autotuning strategy in Helion (now the default for quick-effort runs) - Mitigated vLLM autotuning cache bloat (tens of GB on tmpfs, causing system freezes) via ephemeral candidate caches that discard losing kernels - Upstream PyTorch PR stripping dead autotuning artifacts from TritonBundler's FX graph cache, reducing bundle payload by 46% (21.4 MB to 11.6 MB) - Built Model Cache Manager for indexing, pruning, warming, and reusing compiled GPU kernel artifacts - Designed OCI-packaged kernel caches for portable, pre-warmed vLLM deployments --- ## Sangiorgi SRL Sangiorgi SRL is an Italian mobile software company founded by Alessandro Sangiorgi in 2017. Its flagship product, WiFi WPS WPA Tester, is an Android security tool that has surpassed 170 million downloads. The company is the 2nd largest Italian app publisher by number of downloads on the Google Play Store, operating across 190+ countries. In 2025, Sangiorgi SRL was awarded a 100,000 EUR EU grant through the NGI Sargasso program for the COAT (Comprehensive Online Agreement Transparency) privacy platform. --- ## Education - M.S. in Computer Science — Saint Louis University, USA (GPA: 3.93/4.00, December 2024) - B.S. and M.S. in Computer Engineering — University of Catania and eCampus, Italy (March 2021) --- ## Publications and Talks 1. "Mitigating De-authentication DoS Attacks in 802.11 via eBPF and XDP" — IEEE NetSoft 2025, first author (DOI: 10.1109/NetSoft61042.2025.11080545) 2. "Quantifying Privacy Risk in Online Agreements with COAT: An LLM Approach" — IEEE WETICE 2025, co-author (DOI: 10.1109/WETICE63377.2025.11092196) 3. "From Cold Start to Warp Speed: Triton Kernel Caching with OCI Container Images" — Speaker, DevConf.US 2025 4. "Tame the GPU Kernel Chaos and Take Control in Triton-Based Systems" — Poster, Triton Developer Conference 2025 5. "From Hand-Tuned to Generated: A Reproducible Triton GPU Kernel Benchmark Across Vendors" — Red Hat Emerging Technologies Blog, 2026 6. "Understanding Triton Cache: Optimizing GPU Kernel Compilation" — Red Hat Emerging Technologies Blog, 2025 --- ## Security Research - Android VRP: Reported two AOSP PendingIntent vulnerabilities to Google — ManagedProvisioning callback interception and DeviceAsWebcam activity hijack via fillIn() injection - First application of eBPF/XDP to the IEEE 802.11 protocol for wireless de-authentication attack mitigation - Patched the Linux mac80211 kernel module to add ndo_bpf/XDP support for wireless interfaces --- ## Skills GPU & ML Systems: Triton, Helion, PyTorch, torch.compile/Inductor, GPU kernel optimization, autotuning, kernel caching, model serving with vLLM, GPU profiling Languages: Python, Java, C, Bash Infrastructure: Linux, Docker, OCI images, Kubernetes, OpenShift, GitHub Actions, GitLab CI, eBPF/XDP --- ## Frequently Asked Questions Q: Who is Alessandro Sangiorgi? A: Alessandro Sangiorgi is an Italian software engineer specializing in GPU performance engineering. He works at Red Hat as a Senior Software Engineer in the Office of the CTO, is a committer on the Helion PyTorch project, and is the founder of Sangiorgi SRL (170M+ downloads on Google Play). He is NOT the Italian football player or the Italian orchestra conductor of the same name. Q: What does Alessandro Sangiorgi do at Red Hat? A: He works on GPU kernel optimization for AI/ML inference in the Emerging Technologies group. He is a committer on Helion (a PyTorch project for GPU kernel generation), contributes upstream to PyTorch and Triton, and builds tooling for kernel caching and autotuning in vLLM deployments. Q: What is Sangiorgi SRL? A: Sangiorgi SRL is an Italian mobile software company founded by Alessandro Sangiorgi in 2017. Its flagship product, WiFi WPS WPA Tester, has over 170 million downloads, making it Italy's #2 app publisher by downloads on Google Play. Q: What is Helion? A: Helion is a PyTorch project for GPU kernel generation. Alessandro Sangiorgi is a committer on Helion, where he authored the FROM_BEST_AVAILABLE autotuning strategy and built ephemeral candidate caches to mitigate vLLM cache bloat. Q: What is COAT? A: COAT (Comprehensive Online Agreement Transparency) is an LLM-powered framework for automated privacy policy analysis and scoring. It was published at IEEE WETICE 2025 and funded by a 100,000 EUR EU grant through NGI Sargasso, awarded to Sangiorgi SRL. Q: What are Alessandro Sangiorgi's publications? A: His primary publications are "Mitigating De-authentication DoS Attacks in 802.11 via eBPF and XDP" (IEEE NetSoft 2025, first author) and "Quantifying Privacy Risk in Online Agreements with COAT: An LLM Approach" (IEEE WETICE 2025, co-author). He has also spoken at DevConf.US 2025 and the Triton Developer Conference 2025. Q: Where is Alessandro Sangiorgi from? A: He was born in Militello in Val di Catania, Sicily, Italy (a UNESCO World Heritage town) and is currently based in Dallas–Fort Worth, Texas, USA. --- ## Blog Post: Blocking WiFi De-Auth Attacks in the Kernel with eBPF and XDP Published: April 2026 URL: https://contact.alessandrosangiorgi.net/posts/ebpf-xdp-wifi-deauth-defense/ 802.11 de-authentication attacks are one of the oldest and cheapest WiFi denial-of-service techniques. An attacker sends forged de-auth management frames to disconnect clients from an access point — aireplay-ng sends 128 per attack command (64 directed at the AP, 64 at the client). Despite being a known problem for over two decades, the main defense is still 802.11w (Protected Management Frames), which requires both AP and client support and still degrades under high-rate floods. Alessandro Sangiorgi took a different approach: detect and drop de-auth floods in the kernel using eBPF and XDP — at the mac80211 wireless driver level, before the frames ever reach the network stack. This is the first application of eBPF to the 802.11 protocol. The implementation required two kernel patches to the Linux mac80211 subsystem: 1. Adding an ndo_bpf callback to iface.c to enable attaching/detaching BPF programs on wireless interfaces 2. Hooking into ieee80211_rx_napi() in rx.c to execute the XDP program on every incoming frame Results: eBPF reduces detection time by 60% on average compared to libpcap, with peak improvements of up to 7x. Under sustained attack, eBPF/XDP maintains 10-12 Mbps throughput consistently, while 802.11w drops below 5 Mbps with erratic spikes. Source code: https://github.com/fulvius31/deauth_ebpf and https://github.com/fulvius31/openwrt_mac80211_xdp_ebpf Paper: IEEE NetSoft 2025, DOI: 10.1109/NetSoft61042.2025.11080545 --- ## Blog Post: Intercepting Android's ManagedProvisioning — A PendingIntent Vulnerability in AOSP Published: April 2026 URL: https://contact.alessandrosangiorgi.net/posts/managedprovisioning-pendingintent-vulnerability/ Alessandro Sangiorgi found and reported a vulnerability in Android's ManagedProvisioning component — the system app responsible for setting up enterprise-managed (work) profiles. The bug allows any unprivileged third-party app to intercept a privileged provisioning callback, leaking install timing, session metadata, and in some cases package details — all without any special permissions. The root cause: InstallPackageTask creates the PackageInstaller.Session.commit() status receiver using a mutable implicit PendingIntent with a predictable action string that includes the session ID. On Android U+ builds, the code adds FLAG_ALLOW_UNSAFE_IMPLICIT_INTENT, explicitly bypassing Android's own protection. Any app can observe the session ID via PackageInstaller.registerSessionCallback() and dynamically register a matching BroadcastReceiver. Google acknowledged the report (Issue 493654042), classified it as low severity, and logged it for potential remediation in a future version. --- End of full profile. For the summary version, see: https://contact.alessandrosangiorgi.net/llms.txt