This is real defense-in-depth: audits, contests, formal verification, and AI-native analysis all on the same codebase.
The best teams don't just pick a vendor, they build a security stack.
Octane 🤝 @TenorFinance
.@openlayerco's stack had passed dependency scanning, secret scanning, GitHub and AWS-native scanning, and an annual third-party pentest.
Then Octane's agentic analysis found a bug none of those tools are built to see. 🧵
"Explore wide, exploit deep" is exactly the workflow that won us the Monad audit contest.
The synergy is that AI excels at breadth of coverage while humans bring an unmatched depth of judgement.
Thanks for the shoutout @pkqs91 and congratulations on the five critical findings.
It's not often you get to talk cybersecurity with the founder of @MorningBrew@businessbarista shared some valuable takeaways from our convo below, give them a read if you're curious about mythos, prompt injection, and AI security
CEO at @octane_security Giovanni Vignone (@giovignone) says Anthropic's Mythos was a wake-up call for cybersecurity:
"Mythos was net positive for the industry because it scared people. It got pretty much everyone to realise that AI is accelerating and attackers are going to be armed with some pretty crazy capabilities."
"The idea that Mythos is the end-all-be-all for security is the wrong framing. It's a better model, but it's not going to solve security."
"The real opportunity is using AI as far left as possible in the development pipeline, finding and fixing vulnerabilities before they ever make it into production."
Bugs in AI-native software don't wait for your next quarterly audit.
As engineering velocity keeps climbing, attack surface climbs alongside it into territory legacy AppSec wasn't built to handle.
Here’s a new case study on how we bridged the audit gap with Beagle ⬇️
The zcash:native Orchard bug was found by a skilled researcher with protocol context, targeted hypotheses, the latest model, and a custom harness.
Run the AI-native analysis before your adversaries do.
Maple's 97% true positive rate is the result of Octane's specialized detectors and continuous context refinement.
This isn't a generic benchmark, it's what @maplefinance gets on every PR.
At Maple, security is core to how we build.
Over the last few months, @octane_security has become a key part of our development workflow.
Throughout April, Octane maintained a 97% true positive rate, delivering high-signal findings.
As with every Adversarial Research Engagement (ARE), @KairosSwap got a runnable proof-of-concept for every finding.
With proofs in hand, the Kairos team could go straight from report to remediation.
Eliminate the back and forth – escalate to ARE.
We're EXCITED to share details on our recent audit with @octane_security We've completed all remediations and thrilled to share the final report by the Octane team:
https://t.co/yZgfevjziG
BIG thanks to all the Octane devs for getting this prepared
Please drop any questions you have here in the comments!
AI is bringing agents to everything online. CLARITY is poised to bring trillions onchain.
These two trends will drive the largest reallocation of security spend in a generation.
$100B will flow into the only category built to secure this new software stack: agentic security.
curl is among the most widely deployed codebases ever written.
Its founder, Daniel Stenberg, ran Mythos by @AnthropicAl on 176k lines of curl's C code.
Here's why the findings show that Mythos is just a model, not the end of cybersecurity.
https://t.co/4mYIa0nORR
Claim: AI-native security analysis can outperform legacy workflows on mission-critical code
Evidence: Octane surfaced CVE-2026-5888 in @ChromiumDev, plus memory disclosures in @firefox and @Apple Safari’s WebKit
Inference: Discovery is no longer the bottleneck. Validation is
@asen_sec I think i've seen this like over 50 times at this point
AI haters -> AI users -> AI evangelists
Basically every crypto audit firm did this. Some faster than others, but all slower than those who saw it from the beginning
Fortune 100s are now mandating AI security in procurement as crypto suffers its worst month on record for exploits.
@giovignone joined @etnshow this morning to lay out the present and future of agentic security.
Below are 10 takeaways from the conversation 👇
Thanks @etnshow for having me!
Shared my thoughts on Mythos, the state of crypto + application security, and vulnerability reserach acceleration with AI
Check it out 👇
Octane has received a grant from the @ethereumfndn to provide continuous security analysis across Ethereum's execution and consensus client layers.
The world computer deserves world-class security.
Octane is looking for elite security researchers.
We’re launching new initiatives and want to collaborate with SRs who have a proven track record in bug bounties, audit competitions, or high-impact vulnerability research.
DM us with your best work if interested.
A couple months back, the team and I were debating what was our most commonly used piece of software. We landed on Chromium. So we wanted to see if we could find live vulnerabilities in it with our AI.
Today, I'm excited to share that not only did our AI find a live vulnerability in Chromium – which powers Google Chrome, Brave, Microsoft Edge, and other browsers – but we also found live bugs in Safari and Firefox.
You can also find Octane Security in Chrome's latest stable release: https://t.co/MkVLRuMG6u
Check out the video for the details...