Everyone keeps asking if the CISO job has become impossible.
The CFO's mandate expanded the same way 20 years ago. Nobody decided finance mattered less.
Cyber risk is now business risk. Same trajectory. My latest for @CSOOnline:
https://t.co/K1t1ZVgRh7
"Claude, audit my smart contract, make no mistakes" is not a security program.
That's what I told @cryptauxmargaux from @CoinDesk this week.
The good part is real. The audit you used to run once or twice a year, if you could afford it, can now run on every release.
Point-in-time reviews were always stale by the next commit anyway, so this is a genuine improvement.
My concern is what happens after the scan.
The model gives you a list of vulnerabilities and some suggested fixes. If you don't actually understand what it flagged, you have no way to tell whether the remediation it's proposing is correct, irrelevant, or going to introduce a worse problem than the one it's patching.
A lot of teams are going to apply those fixes blind because the report looked authoritative.
https://t.co/aMHF4AxNZn
Faulty business logic keeps taking down projects. ⚠️
Oracle design is where it starts, and most teams still aren't paying attention.
Catch more insights from @svrn_ai COO @dschwed in the upcoming Halborn Signal Newsletter! 👉 https://t.co/zZTx6HvqYZ
Hot Takes: Crypto Security Edition
Hosted by @yield_maxi featuring @dschwed
Listen to the full episode 👇🏼👇🏼
Youtube: https://t.co/XMjJYyUJ8m
Spotify: https://t.co/VAmvHEX2rJ
The Station70 Podcast is officially live.
Hosted by @yield_maxi, Episode 1 features @dschwed David Schwed, COO of SVRN, giving his unfiltered take on where crypto security actually stands, why nation-state hackers are more dangerous than most institutions realise, and why 2026 is going to be worse than last year.
Stay tuned, more exciting guests coming.
Youtube: https://t.co/ZFvW67jyUZ
Spotify: https://t.co/ZOZ3XGlHg8
The Station70 Podcast is live. 🎙️
Real conversations with founders on building in Web3 and AI. Episode 1 features @dschwed, COO at SVRN, with his take on crypto security and institutional infrastructure.
Now on Spotify & YouTube.
https://t.co/CJLZxGldZG
https://t.co/85MffypWfF
The Station70 Podcast has officially launched! 🚀
Hosted by @yield_maxi, The Station70 Podcast features candid conversations with founders, operators, and builders on what it takes to build in Web3 and AI — the strategy, the setbacks, and everything in between.
Our first guest is @dschwed, and if you've spent time at the intersection of security and infrastructure, you already know the name.
COO at @svrn_ai, David has seen this industry from every angle. In the first episode, he gives his unfiltered opinion of where crypto security stands today.
Episode 1, coming soon.
Sal Ternullo of @svrn_ai explains why he thinks near:native is
misvalued
He thinks there's been a structural change in @NEARProtocol over the last 2 years, that makes NEAR deserves a 2-4x just from human usage alone
But the real growth story is from AI Agents using Ironclaw and Near Intents creating a 20-40x opportunity for near:native
Episode is out for Premium Subscribers today
Quoted in @cointelegraph on the Bankr exploit. Incidents like this almost always live in the glue code between trusted infrastructure and untrusted input, which is why strong cryptography rarely prevents them.
https://t.co/KcTw18JSpy
For months I've been beating the drum on what real security maturity looks like for frontier tech firms. Programs that pass audits and pen tests still get owned, because the attacker never operated inside the tested scope.
Pen testing finds vulnerabilities. Red teaming tests whether an attacker can actually steal something that matters.
Real attackers chain a misconfigured endpoint to a credential leak to a privileged system. Sometimes the entry point is a well-timed phone call to the help desk on a Friday afternoon. Coverage tests can't model that.
You need both. But security programs are measured by what attackers can't do, not by what auditors reviewed. I wrote up my thoughts here:
https://t.co/gXYAV4nmzk
In traditional payments, friction is a fraud control and a recall window. SVRN's COO @dschwed visited @KPMG_US last week to talk about what replaces those controls when payments move to stablecoin rails.
In many agent systems, inference is treated as the core. It should be one bounded component within a deterministic architecture.
SVRN's @dschwed on agent benchmarking at Consensus Miami:
https://t.co/VpT96Y27QO
How the industry sets safety benchmarks for agentic systems will help define what gets built and what can be trusted.
Tomorrow, SVRN COO @dschwed—formerly in security leadership roles at Robinhood and Galaxy—joins @near_ai, @HalbornSecurity, and @getfailsafe to take it on.
$635M lost across 28 DeFi exploits in April. A bill coming due for years of treating security as an afterthought.
The AI narrative and the Lazarus narrative both let the industry off the hook. The harder truth is we did this to ourselves.
https://t.co/q9Gx8ZwjQS
The "AI is an existential threat" narrative is doing a lot of work. Examine the last 3 DeFi exploits. Corners are being cut.
That's why these are occurring. Spoke with @dlnews again about this:
(1) “A person approaches you telling you a story that is too good to be true — who wants to invest in your company, wants to buy your product, and then they send you a link that seems suspicious," Michael Pearl, CyVers AI's VP GTM and strategy, told DL News about his recent experience at conferences.
What he's describing sound pretty much like the preamble to a cyberattack. In particularly, it sounds like an attempt at social engineering.
Social engineering is a strategy cybercriminals use to trick victims into clicking links laced with malware. It’s a kind of psychological manipulation that tricks people into letting their guard down. It is often the first point in digital attacks against crypto projects and can come from anywhere.
Several of the biggest attack against crypto projects have started with social engineering, @TimInCrypto and @matdisalvohack report.
The $1.5 billion Bybit hack in February 2025, a January $282 million theft from a single crypto holder, and, this month, the Drift Protocol attack are just some of the heists that started with a social engineering.
And it's getting worse.
Check out the full story below. 👇
Journalists keep asking why DeFi keeps getting hacked. The honest answer: it's a self-inflicted wound. Good security in DeFi is possible—most projects just don't pay for it.
The Kelp exploit didn't break cryptography. It exploited a configuration choice: a single verifier approving cross-chain messages on @LayerZero_Core infrastructure.
"A single verifier is not decentralized. It's a centralized decentralized verifier." — David Schwed (@dschwed) COO, @SVRN
A single verifier is not decentralized. And when restaked assets pass through it, every lending protocol that accepts them as collateral inherits the exposure.
Spoke with @cryptauxmargaux for @CoinDesk:
https://t.co/NtWepM10ZN
The @hackenclub Q1 2026 Web3 security report is out, covering where defenses held—and where they didn't.
@dschwed's contribution focuses on infrastructure security as an ongoing discipline—and why teams that treat it as a one-time configuration will get exposed.
Russia uses crypto to move value around sanctions. Iran to settle transactions its banking system can't process. North Korea to generate hard currency directly—most of their other revenue channels have been sanctioned out of existence.
@dschwed spoke with @CoinDesk on the structural logic behind how each regime has adapted.