One of our investors just told me about an attack I hadn't seen before.
Someone added a rogue AI notetaker to their calendar. It auto-joined meetings silently. Both parties assumed it belonged to the other person.
By the time they compared notes and realized neither had invited it, the notetaker had been in 5 meetings.
What they suspected: a compromised OAuth token from a "meeting scheduler" app they'd trialed at some point.
Simple fixes:
1 - Use your meeting platform's built-in recording/notes
2 - Verify any AI notetaker you didn't personally add
3 - Run meetings in-browser rather than desktop apps that run code on your local environment
Be careful when trialing new tools and granting access. Good to trust, but verify.
Protecting users, builders, capital deployers: _in crypto everyone is a user_ and protections align incentives 🧩
(Of course important to decentralize authorization, defense in depth, all web2 security principles but in an open system)
Put another way, we need to stop letting bad guys win by refusing to implement safety features.
We need to move towards Security-First neutrality > Credible Neutrality.
Protecting users is the most important thing to do, especially if they are institutions deploying at size.
Accountability, separation of responsibilities, defense in depth, …
What’s not to love? What’s the argument to have core protocol builders ALSO be security researchers/oncall on incident response? Lets rely on specialization
I would just give a 1/n key to each of the top5 security firms in the space. can freeze temporarily, only, until a bigger council (e.g. tokenholder quorum) can decide what to do.
We're proud to partner with @0xcatalysis
The infrastructure layer natively integrating risk coverage into DeFi vaults
Guardrail brings real-time monitoring across every mainnet contract as they scale for institutions and gear up for launch
Catalysis has partnered with Guardrail ( @guardrailai ) for real-time security monitoring and alerting across our mainnet contracts.
Security layer that doesn't sleep, but why does this matter for us?
A quick breakdown 🧵
Excited to announce our partnership with @shiftmarkets
Shift Markets powers 150+ crypto exchanges and brokerages worldwide. Now, every Shift-powered exchange gets real-time security monitoring from Guardrail built in from day one.
Enterprise-grade infrastructure deserves enterprise-grade security.
Château happy hour to kick off @EthCC Day 1 in Cannes.
Co-hosting with @HalbornSecurity, @iEx_ec & @RootstockColl come find @NicoS1765 on March 30th.
Open bar, canapés, sunset views.
👉 https://t.co/7MMK5SIpi5
Agents will outnumber human users on the web by orders of magnitude. Just like people, they will need a way to pay for services they use.
They may run into propriety health or finance data they need to pay for when doing a deep research task, or make a tool call to a bespoke web API for some functionality.
But unlike people, agents experience no friction when making a payment, so they can pay for things in much smaller units and increments than people will. An agent may need to call an API that they only need to use on a one-time basis or pay for information that they need without signing up for a subscription.
This means all forms of revenue streams can emerge for technology and information providers that wouldn’t have been possible before. To make this all work, we need will need new infra and tools for agents to do this, and it’s cool to see MPP from stripe and tempo.
Next speaker: @SamridhSaluja
Founder of @guardrailai, joining the Rekt Security Summit.
While researchers use AI to find bugs and attackers use it to exploit them, Sam is building the infrastructure to defend protocols from both.
Circle CEO:
We're entering a world where tens of billions, possibly hundreds of billions, of AI agents will perform economic functions online.
To do this, they'll need programmable digital dollars and open infrastructure.
"In our view, agents will most likely soon be responsible for most internet transactions, and we will likely need blockchains that support more than one million—or even one billion—transactions per second."
https://t.co/EpPfEINjC6
Excited to partner with @SentientAGI as their onchain security partner.
Sentient is building the infrastructure for open-source AGI, with a clear thesis: stronger reasoning and multi-agent coordination is how agents become reliable in production.
As AI moves onchain, security becomes foundational. Happy to be part of it.
We secured our domain! Team was locked in for 8 hours straight to make this happen.
Special thanks to @ChainPatrol , @guardrailai, @blockaid_ for helping limit the surface area of the attack, to our community for their patience and trust, and to my incredibly dedicated and sincere team at @avantisfi
We stand by our users. All affected users will be compensated within 48 hours.
P.S - Early investigation shows gross negligence (on due process) from @squarespace, allowing a social engineer to gain access to our DNS without even KYCing. Nothing we could have even done to prevent this.
Full post mortem coming soon. Onwards!
🚨 URGENT SECURITY ALERT 🚨
We have identified a domain phishing attack affecting our main URL: https://t.co/RLm2oPD2W1.
⚠️ Do NOT interact with the site until further notice.
We are investigating and will share updates shortly.
Security is all about asymmetric returns. Spend $100-$200k to save $millions in legal fees, money lost and trust.
Good security never hurts growth.
Bad security is a death sentance.
GMX lost $42 million in July 2025 and immediately offered a $5 million recovery bounty. The recovery money was there.
Prevention could have used those same funds.
March 27, 2026 | Cannes
https://t.co/trGwvXTFt2
Observation watching people use AI tools:
>>> AI is making everyone a manager
words are your tool, how much context you give or examples are how it learns.
some swear at their AI, others coach it and say thanks. AI offers you a free opportunity to hone your management style