EF Calls for Deeper, Purpose‑Driven Innovation in DeFi
Defi is a central part of the value that Ethereum provides. Financial empowerment is a central part of what it means to have agency and freedom in our current world. Finance is far from the only thing that Ethereum is good for, but it is an important thing. This post discusses how the Ethereum Foundation is approaching defi. Defi today makes the world's best savings, risk management and wealth-building opportunities permissionlessly available worldwide. We need to build on that. Ethereum's early defi era was great because it dared to dream and innovate and come up with totally new paradigms (eg. AMMs). Defi tomorrow will bring back that spirit. Don't just "make a better stablecoin", dig a layer deeper, and think about the underlying problem (risk management, hedging one's future expenses), and come up with an even better solution. But also, as the EF, we are not interested in supporting "onchain finance" or even "defi" indiscriminately. We have a specific vision of what we want to see out of defi: permissionless, open-source, private, security-first global finance that maximizes people's control over their own assets, minimizes centralized chokepoints and trusted third parties, and democratizes risk management and wealth building (the two key goals of finance according to modern portfolio theory) as well as payments. We want protocols that pass the walkaway test: that keep working even if the original team suddenly disappears without warning (or even: becomes hostile / compromised without warning). Bringing this vision to reality will inevitably take a lot of work. Defi is a complex toolchain, including various onchain components, user-side offchain components (ie. wallet, local agent...), other offchain components, etc. The things that we care about include areas like: * Improving security of defi through "traditional" means, eg. audits, standards, wallet-side safeguards * Improving security of defi through "new" means, eg. AI-assisted formal verification, user-side agents as safeguards * Oracle security and decentralization (there's A LOT of skeletons in the closet here, we as an ecosystem really need to point a big eye of sauron at it for a while) * Privacy. Both privacy-preserving payments, and privacy of more complex use cases (eg. what does it mean to have a maximally privacy-preserving CDP? there are clearly benefits in reducing liquidation-sniping risk, but it requires hard tech to get there) * Open source, and improving the licensing / forkability situation in defi Ethereum is a permissionless protocol, and nothing stops people from deploying insecure protocols, protocols that enshrine ultimately unneeded centralized trust in the name of convenience, or dopamine-maximizing gambleslop. However, we *are* interested in working with anyone aligned to make permissionless, open-source, intermediary-minimizing and security and user-agency-maximizing defi ecosystem as strong as possible, so that it can be not just individuals and institutions' first choice in Ethereum, but also a globally compelling way to manage funds for anyone who needs its properties.
NYC Cyber Leaders: Private Dinner on Dataverse Protection
If you’re a cybersecurity leader in NYC, join me this Thursday for a roundtable dinner focusing on New Strategies to Protect Your Expanding Dataverse. Private dinner, peer conversation, no vendor pitch. These are the discussions where the real issues come...
Secure AI‑Driven DevOps via Signal‑Powered SideChannel
Introducing a new tool called "SideChannel". A secure alternative to OpenClaw. Utilizes signal for communication and has Claude integration. I built SideChannel, an open-source Signal bot that connects Claude AI to your entire development workflow. End-to-end encrypted. From your pocket. The real...
FT Blamed AI; It Was User Misconfiguration Error
We want to address the inaccuracies in the Financial Times' reporting yesterday. The brief service interruption they reported on was the result of user error—specifically misconfigured access controls—not AI as the story claims. https://t.co/0ApCIDNsJT
Cyber Supply Chain Security Is Essential for National Resilience
Cyber supply chain security is no longer optional—it’s essential for resilience, innovation, and national security. Read the full piece: The Cybersecurity Challenges of the Supply Chain by @ChuckDBrooks https://t.co/THnR3VKAJx #cybersecurity #technology #supplychain
Secure‑by‑Design Strategies Against Weaponized AI Attacks
Do you have a forward-thinking security strategy to combat weaponized AI? I’m hosting @mikeriemer830, Field CISO at @GoIvanti for a live webinar tomorrow February 24. We’ll cover: ✅ Real-world AI-driven attack patterns ✅ Why kernel-level security matters more than ever ✅ Practical steps to...
Openclaw's Clever Design Masks Potential Negligence and Hidden ToS Breaches
Yikes. If this is true, then it’s both pretty ingenious and supremely negligent. I wonder what percentage of users have done a code audit of Openclaw. And what other fun ToS-voiding surprises lurk in there.
All-in-One Open-Source DevSecOps Library for Production Stacks
𝗨𝗹𝘁𝗶𝗺𝗮𝘁𝗲 𝗗𝗲𝘃𝗦𝗲𝗰𝗢𝗽𝘀 𝗢𝗽𝗲𝗻-𝗦𝗼𝘂𝗿𝗰𝗲 𝗟𝗶𝗯𝗿𝗮𝗿𝘆✅ One repo covering: • SAST • DAST • Supply Chain • Kubernetes Security • Cloud Guardrails • Policy as Code • DevSecOps Tooling. If you want to understand real production DevSecOps stacks, this is worth saving. Comment “𝗗𝗲𝘃𝗦𝗲𝗰𝗢𝗽𝘀” & I’ll send...
Spammers Spoof UPS Number to Threaten Customers
Hey @UPS I think spammers are spoofing your number. Got a call from 800-742-5877, which is UPS but came up "SPAM" on iPhone. "Ronathan" claiming to be from UPS support wanted me to apologize for tweeting my package arrived late,...
Granting OpenClaw Admin Email Access Invites Disaster
If you give OpenClaw access to your everyday machine, w/ admin privileges on your email, I would expect frustrating outcomes in the best case scenario, embarrassing email blunders in the average case, & catastrophic/mortifying situations in the worst case scenario...
AI Governance and Cybersecurity Frameworks at Virtual Summit
I'm excited to be speaking today at the Virtual AI Summit on the cybersecurity implications of AI! I'll be talking about practical frameworks for AI deployment and oversight. If AI is on your roadmap, governance join me there today: https://buff.ly/6C9RTgu
Seena Labs Defends Against LLM Prompt Injection Attack
Very proud moment of our architecture so far at Seena Labs. We got someone asking the Seena interviewer agent to reveal some code and attack us and this was Seena's response. If anyone has good advice/ resources on how to...
AI Boosts Cybersecurity, Yet Humans Remain Essential
Simple analogy on AI and cybersecurity. Security has never been solely a technology problem - it's largely a people problem. Complexity of business integration, misconfigurations, legacy systems, business transformations, M&As, etc. are all part of this industry we call cybersecurity. I can't remember...
From Blocking Bots to Trusting Agents: Visa‑Akamai Solution
AI agent traffic nearly tripled in a year. 25Billion bot requests in 2 months. The question is no longer how to block bots — it's how to trust them. Visa + Akamai are building the answer. "What it takes to secure...
Know What Security Tools Access Before They Exploit You
Until it hacks everyone’s GitHub accounts and wipes out all their IP. Be careful with tools like this. Make sure you understand what it can access and what it can do. Understand where it is sharing your code and storing...
Defense in Depth: Evaluate Auth with Password + Yubikey
Questions to ask when evaluating an authentication mechanism 🔒 Why I still use a password with a Yubikey, not a passkey or a pin Why I dislike the device code flow with a browser How lack of segregation facilitated a Microsoft breach. Defense...
Security Flaw Lets Hacker Commandeer 6,700 Robot Vacuums
User accidentally gains control of over 6,700 robot vacuums while tinkering with their own device to enable control with a PlayStation controller — security flaw reveals floor plans and live video feeds https://t.co/G8sfl730OU
AI Threatens CAPTCHA and Voice Biometrics Authentication
“AI can defeat CAPTCHA systems and analyse voice biometrics to compromise authentication,” [TR: Never trusted voice recognition, it’s too fuzzy to use for auth in my opinion. Infecting memory is an interesting problem.]
2026 Identity Fraud Targets Precise, Not Broad Attacks
This Week in Fraud (2/17) https://t.co/DeKt9G8P3d "2026 identity fraud is more sniper than shotgun" Great stuff from Nick. https://t.co/eNakT4O4Fd
Check Domain Creation Dates to Spot Emerging Fraud
This is an emerging fraud. Everything looks legit, until you realize that it isn’t. @garrett_makes you should add a domain creation born on date search to do domain verification.
Copilot Bypassed Labels, Accessed Confidential Emails Despite DLP
Microsoft Copilot ignored sensitivity labels twice in eight months — and no DLP stack caught either one https://t.co/tVaHZLzT8E "For four weeks starting January 21, Microsoft's Copilot read and summarized confidential emails despite every sensitivity label and DLP policy telling it not...
AI Can't Replace Enterprise-Scale Security Platforms Like CrowdStrike
Can AI replace security platforms? I asked Claude to build a CrowdStrike replacement. Claude: "I have to be straightforward: building a replacement for CrowdStrike isn't something I can do here. CrowdStrike is a massive platform built by thousands of engineers over...
AI Audits Could Accidentally Hack DeFi Platforms
Imagine waking up to find your AI agent has hacked Uniswap v3. 🤣 Kain explores potential mishaps that could arise from AI-driven crypto audits 👇 #artificialintelligence #crypto #openclaw
AI Security Tool Triggers Sharp Drop in US Cyber Stocks
‼️US Cybersecurity stocks are getting CRUSHED by AI fears: CrowdStrike fell -8.0% on Friday, Cloudflare -8.1%, Okta -9.2%, and SailPoint -9.4% after Anthropic unveiled a new Claude AI security tool that scans codebases for vulnerabilities and suggests patches. The Cybersecurity ETF, $BUG,...
Privacy Is a Year‑round Leadership Responsibility, Not a Weekly Event
RT Data Privacy Week is over. Lawsuits, breaches, and AI experiments don't pause the other 51 weeks of the year. Privacy is now a leadership accountability issue, not a back office task. #CIO #CMO #CISO #DataPrivacy @Star_CIO https://t.co/Naq82FuMWZ
AI Chatbots Spot Security Bugs, Not Write Safe Code
Finding Security Bugs in Code With AI Chatbots and Agents 🤖🦊 Although you can't trust code written by an AI chatbot or model you can use one to help you better secure your code https://t.co/mhQJgBlHPe https://t.co/VO48Wro7LJ
Secure AI: Blend Deterministic Controls with Trustworthy Insights
How can a company like @TIBCO win in the age of AI? Was just reading about their current market strategy and risk. I was involved with a TIBCO project while implementing a tax solution at a Fortune 1000 company. Focus...
AI Polymorphic Threats Prompt Rethink of Cybersecurity
AI Polymorphic Threats Are Forcing A Rethink Of Cybersecurity by @ChuckDBrooks https://t.co/bLFH7errME #cybersecurity #ai #tech @Forbes
HTTPS Is Non‑optional: Encrypt Everything by Default
Most people see the 🔒 in the browser, but few think about the engineering behind it. Here’s the real difference: HTTP (Port 80) The postcard Data travels as plain text Anyone on the same network can read credentials or session tokens Okay for local testing. Dangerous in...
Speed Is Defender’s Ultimate Weapon Against AI Threats
Things Are Getting Wild: Re-Tool Everything for Speed The compounding set of changes we are experiencing in cybersecurity is deeply concerning. But this is a transition point. We should be short term pessimistic about the risks we face. At the same...
Smart Glasses: Emerging Privacy Threat?
Smart glasses and covert filming. Are they a real privacy concern? https://t.co/TehOK0XVKI via @YouTube #smartglasses #glass #AR #privacy #CyberSecurity #CyberSec @sonu_monika @enilev @Jagersbergknut @TysonLester @chidambara09 @labordeolivier @BetaMoroney @tlloydjones @Nicochan33 @jeancayeux @RLDI_Lamy @pierrepinna @pierrecappelli @pchamard @JeromeMONANGE @thierry_pires @MaiaGabunia @amalmerzouk @NewsNeus @mary_gambara @PawlowskiMario...
Oracle Hack Triggers $1M Payout; Vitalik Profits $70K
The Polymarket oracle issue highlighted by Vitalik Buterin Oracle disaster: Russia-Ukraine market bet on city control. Oracle = ISW's X account maps. Account got hacked, fake map showed Russian control of train station, triggered $1.3M in payouts at 33,000% returns. One...
Bitcoin Community Condemns BIP110 Centralization Attack
Finally more public Bitcoiners are willing to speak out on #BIP110's Attack to Centralize the Network... 👏 @MartyBent , starts at 9 min for 25 min: https://t.co/abwVenvoqo
BIP-110: A Misguided Attack on Bitcoin’s Core
BIP-110 is an attack on Bitcoin. An attack run by those who espouse the same ideals as bcashers, are intellectually dishonest, and fundamentally misunderstand how Bitcoin works. Bitcoin’s most retarded enemy so far 😂
GraySwanAI Launches Real-World AI Safeguards Challenge
AI safeguards shouldn’t just sound good, they should hold up under pressure. @GraySwanAI is putting them to the test with the Safeguards Challenge: real prompts, real attacks, real failures. Think you can break them (or prove they work)? We will be playing...
Collaboration & Agility Drive Cyber‑resilient Innovation Ecosystems
As the digital domain presents challenges of extraordinary scale and complexity from a constantly evolving threat landscape, it is clear that empowering cyber-resilient innovation ecosystems requires a fundamental reimagining of how we synergize across modalities. The convergence of public-private partnership...
MFA: Simple, High-Leverage Security for SMBs
Multi factor authentication is still one of the highest leverage security controls for SMBs. It is not flashy, but it closes real doors. Simple controls done consistently still win. https://buff.ly/jk1Ucgh
Turn Cybersecurity Into Competitive Advantage with Proactive Leadership
Cybersecurity leadership today goes beyond defense. We need to turn security from a barrier into a business advantage. We do this by building teams and systems that anticipate threats before they disrupt operations.
Food & Ag Industry Braces for Rising Ransomware Threats
Food and ag sector weathers more ransomware attacks, braces for ‘strategic adaptation’ threats - Threat Beat https://t.co/Vt6H5NKPsU
Security-First Culture Powers Aave’s Unmatched Moat
A security-first culture is one of Aave’s strongest moats. Rather than launching products as soon as they’re ready, Aave Labs applies rigorous security-hardening processes to ensure the highest-quality outcomes. A big thank you to our smart contract team for all their...
Ad Economy Fuels Scams; Time to Shut It Down
These scams are horrible, we’ve been fighting them for years There were scam Uniswap apps while we waited months for App Store approval Scam ads keep returning despite years of reporting They ban 3rd party tools like ublock that combat the issue The ad...
Four AI Flaws Outpace Defenses, Exploited Rapidly
These 4 critical AI vulnerabilities are being exploited faster than defenders can respond | ZDNET https://t.co/e0SyjsSpBv
Fractional CISO: Full Accountability, 24/7 Availability
Fractional CISO does not mean fractional accountability. Every client I work with has my cell phone. Security incidents do not respect office hours, and advisory only works if there is shared ownership.
Automated GuardDuty Feature Audit and Enablement in Hours
Vibe coded 🤖 a script to list which AWS GuardDuty features are enabled in minutes. Took 15-30 minutes to correct it. The script to enable disabled features, sub features, and create an s3 malware scan plan took about two hours. See blog...
Agent Identities Demand New Sandboxing and Access Controls
Agent identities is going to be a super fun and hard problem for software in the coming years. Most agentic systems today assume that the agent can do everything the user can do, and just operate as an extension of...
UL Solutions Sets New Solar Inverter Cybersecurity Standard
UL Solutions develops new standard for solar inverter cybersecurity #energysky -- via Solar Power World: https://t.co/TvHlobdGEg
EVMbench Tests AI Agents on Real Smart Contract Vulnerabilities
OpenAI and Paradigm launched EVMbench, a benchmark testing AI agents’ ability to detect, patch, and exploit real smart contract vulnerabilities. What's the meaning of it? Come join us! https://t.co/2YgOdrosIO
Identity and Supply Chain Demand Heightened Cybersecurity Focus
Identity and supply chain need more attention, risk intelligence firm says | Cybersecurity Dive https://t.co/917wKw3CC3
Seeing Bugs in IDE Boosts Fixes From 0% to 70%
“At Facebook, they found that when security vulnerabilities were reported as issues, nearly 0% got fixed. But when these same problems appeared directly in the developer’s IDE, where the red squiggles were difficult to ignore, fix rates jumped to around...
Public S3 Buckets: A Cloud Security Wake‑Up
The most exposed lady in the cloud? Lady S3 Bucket. ☂️ If you use AWS, you know the shame. Public access is NOT a vibe. https://youtube.com/shorts/q_T0RC87aRg #DevOps #CloudComputing #Security
