In Q1 2025 Cisco researchers broke DeepSeek R1 with 50 out of 50 jailbreak prompts, while red-teamers turned Microsoft Copilot into a spear-phishing bot just by hiding commands in plain e-mails — exactly the threats we map in our LLM security risks deep-dive and drill against in the AI Red-Teaming playbook. In this post we
Your LLMs now write incident-response playbooks, push code, and chat with customers at 2 a.m. Great for velocity – terrible for sleep. One jailbreak, one poisoned vector chunk, and the model can dump secrets or spin up malware in seconds. A standing AI red-team function flips you from reactive patching to proactive breach-proofing. This post
Circom lets you encode trust as math, but every time you skip a constraint you give attackers a blank cheque. Over the past year, audits have uncovered everything from hidden division-by-zero bugs to entire output arrays that never hit the R1CS. This post distills the five most common Circom mistakes, shows how they slip past
LLM copilots are crashing the party everywhere – customer support, DevOps runbooks, trading desks, even incident‑response playbooks. That rocket‑speed adoption is awesome for productivity, but it also blows your threat model to pieces if you’re not watching. This post kicks off a no‑fluff series that boils months of hands‑on research into snack‑size, high‑leverage moves you
Enterprise adoption of blockchain presents significant opportunities but introduces complex cybersecurity challenges that demand C-suite attention. While the technology promises decentralization and efficiency, the transition from Web2 requires navigating immature security practices and novel threat vectors. Failure to address these risks proactively leads not just to financial loss, but to severe reputational damage, regulatory penalties,
This article is part of a series exploring security considerations in Uniswap V4. In our previous article, Auditing Uniswap V4 Hooks: Risks, Exploits, and Secure Implementation, we analyzed potential vulnerabilities in hooks and best practices for secure integration. Here, we focus on the security implications of transient storage (EIP-1153) and its impact on Uniswap V4.
Nearly $3 billion was lost to Web3 hacks and exploits in 2024. Think about that. That’s not just numbers on a screen; it’s lost funds, shattered dreams, and eroded trust in the entire ecosystem. And frankly, a lot of it was preventable. If you’re a founder in this space, prioritizing security is not just a
Understanding Elliptic Curve Cryptography (ECC) Elliptic Curve Cryptography, commonly known as ECC, is a method for encrypting data to secure digital communications. It’s a form of “asymmetric cryptography,” which means it uses two different keys: a public key that anyone can see and a private key that must be kept secret. What Makes ECC Special?
Was it possible to prevent an $18M loss on BNB Chain? PART 1 – Root Cause and Arbitrum Attack On October 16, 2024, Radiant Capital suffered a security breach resulting in a more than $50 million USD loss ($48M in the attack itself and $5-6M via infinite approvals). The attackers infiltrated the devices of at
