Anthropic Mythos in DeFi: Social Engineering and Security in the Age of AI
A Shoal Signal conversation with Yuannan Yang (CertiK), hosted by Gabe Tramble.
Transcript
Gabe (00:01) Claude just launched one of their biggest models yet, is the Claude Mythos Preview model. And they're claiming that it has found 20 to 17 year old exploits in old code that millions of products and people have looked over. So I'm here with Yang, a smart contract engineer at Certic, who his previous experience was at Tsinghua University and Johns Hopkins University as a researcher. And today he's a lead engineer at Certic working on all things AI and smart contracts. So yeah, Yang, please help us understand how you're looking at the DeFi landscape with something like Mythos kind of looming in the background. And is this something that we should be nervous about? how should we kind of look at the blockchain space with this application and models relatively available?
Yuannan Yang (00:56) So if you refer to the methods models that developed by Cloudy, ⁓ I think it's, I just want to make sure before, so I want to make sure the methods you mentioned is the models from Atatopic or the gaming platform.
Gabe (01:17) And profit.
Yuannan Yang (01:18) yeah, okay, got it, got it, got it. Yes. ⁓ So ⁓ in my understanding, we do very basic testing about ⁓ the OPPOS models, but we do not have access to methods models yet. But we found out that those models are very powerful in terms of traditional cybersecurity parts. Like find out those injection front-end bugs, those bugs in very big heavy software system but I just found out that they are not very good at solving problems in Web3 DeFi landscape. Why? It's because in DeFi especially for smart contract it's basically you can think about it's a gaming it's like you are playing game ⁓ using a smart contract. Smart contract is the rules to play that game but the attackers is trying to break your system trying to any edge cases anything that can break the games. It's quite different for traditional ones. For traditional securities, you are searching for some ways to get your servers access, get your data, get access to run certain commands. But for DeFi, it's more like you are thinking how we can break this game, how we can do, for example, arbitrage, some arbitrage scenario. to earn money from using this game rule. So pretty much it's a different, it's kind of like different landscape and situations. So in terms of that, I think ⁓ Opus and Antutopiq AI right now is not that powerful enough ⁓ compared to Web2 traditional securities.
Gabe (03:14) Wow, so you're saying it's apples to oranges, basically, the capabilities of something like the Mythos model in traditional cybersecurity compared to the conditions and the game, if you will, in crypto. You guys are seeing them apples to oranges, and basically, there's different technology that needs to be applied and is not readily available yet at that scale.
Yuannan Yang (03:37) Yeah, yeah, so the landscape is quite different. yeah, I would say, because you know, Web3 is not ⁓ very big. It's not very big, it's very small branches of security. So if you need to reach deeper into that branches, it still have a long way to go.
Gabe (04:00) Nice. Is this what your internal engineering team is saying? What are the conversations around that? Is it urgent, like, okay, we have to move, or is it like, okay, this came out and we'll see what happens, but otherwise we're just gonna focus on our own ⁓ applications of AI.
Yuannan Yang (04:17) ⁓ So ⁓ can you repeat that question again?
Gabe (04:24) Yeah, yeah, yeah. So like the discussions that you have, you know, with other smart contract engineers, whether they're on your team or externally, how are you guys looking at the Mythos model? Because, on mainstream media, on Twitter and these other platforms, everyone is pulling their hair out. But for crypto specifically, ⁓
Yuannan Yang (04:38) Yeah
Gabe (04:44) As you said that, okay, you the application is not quite there. Are you guys kind of moving very quickly because it eventually will be there or is the vertical of crypto just so different that the principles and kind of like the primitives that are being applied are just totally different for DeFi and smart contracts?
Yuannan Yang (04:48) Mm-hmm. Well, so ⁓ based on my experience, I think eventually it will be there, but just in time, just about the time. ⁓ So because the landscape is different, so it still needs, it still needs some time for training in order to get that deep. But we've already seen some... say something that will happen in the future. For example, we're right now using ⁓ OpenAI and that's what topic models. their APIs to serve as a reasoning model for our internal AI system. it's like we are using your, we are not using their like knowledge base, like their like knowledge base, like how they, how to process the data. We're using them as our reasoning engine, like to do audits. It's like basically we just tell them that how we, we just basically teach them how we do audits and ask them to follow our follow our rules step by step. For example, I told him, hey, this is a staking contract. So what is needed for a staking contract? You need XYZ. And what's the game rules for a staking contract? It's like XYZ is there. And now you need to help me to check whether those conditions are true, whether I am applying this attack techniques, I just get additional rewards? Can I just break the rules? Just et cetera.
Gabe (06:12) Mm.
Yuannan Yang (06:40) if we provide additional knowledge and give him the workflows, how we do the artist, he will complete it very well.
Gabe (06:51) Okay, you guys are, so these are like parallel systems to basically run your tools that you already have built out. And you mentioned the knowledge base. I know you guys, you have your own knowledge base and that's kind of the moat for, or a moat potentially for your business. Can you just explain what that is and why that's important kind of in this equation?
Yuannan Yang (07:03) Yes. So our knowledge base is a very big knowledge base and we started our knowledge base even back to 2021. we started this knowledge base. So initially this knowledge base was using a document format. It's like every time we were doing audits, you have some experience experience, will do some research and you will accumulate some knowledge. You just put it into a document and it's basically like your audit notes. And later on we have ⁓ a checklist system, which means that every time we do audits, we need to figure out what kind of checklists we need to do. And we have this checklist system to accumulate our knowledge. And also we are handling incidents. from Web3 spaces, so we have a big incident database. ⁓ So basically these two parts ⁓ is where we accumulate our knowledge. So right now we have a really, we put those knowledge into very structured, structuralized format into our database so that our AIs can just batch it really quick and really conveniently. also the AI will know what kind of knowledge they need from this database. So it's basically a long journey and we just index the the knowledge into our database.
Gabe (08:55) Wow, okay, you guys really, you're kind of forming it into a data company where you have all this data and kind of structures of how you go about the audits and checking for certain things and then leveraging the agents to basically accelerate those checks.
Yuannan Yang (09:12) I would say no, unfortunately. So this is because our data is not like traditional data. For example, ⁓ some raw data that we simulate. If you are AI that do simulations on driving, you need a lot of driving data to train your model. But it's not quite like that. So for our knowledge base, it's more like the experience from auditors. like the checklist, it's like, for example, if you do a staking contract, you will understand how the rules is played, how the game is played, what would be the rules. So, auditors just pull out those rules into a database. It's not the code itself, it's not what we did, but it's just maybe just one or two phrases to describe this staking contract. So basically, it's not like this traditional data, but I would say, it's a more abstract data there.
Gabe (10:16) Got it. Okay, and for you guys specifically, when it comes to looking at these, the models, is there particular models that you've seen that are better at these types of tasks, or is the generalized reasoning model sufficient if it's just generalized, and then you kind of have the rule book on top of that?
Yuannan Yang (10:38) Yeah. So ⁓ from my experience, because I only do quite a few scanners myself, so in my understanding, I prefer to use strategy BT ⁓ from OpenAI, those models, because those models are good at reasoning, and they are good at logical, think about logical issues. From my audit experience, 70 % of the vulnerabilities are related to logical issues. It's like the rules, and they're trying to break the rules to find the vulnerabilities inside these rules, like how to arbitrage, how they can achieve profits with those rules. So I think in TragiPT it's do a better job to do those kind of reasonings. And the cloud models are more like trying to find out the coding bugs, some language specific, like for example, the Cloud Code will understand how you're gonna code. And he just found out the difference between his code and your code. Then he will come up with a funny, say, hey, your code is different than me. So are you introducing some vulnerabilities? So I prefer to see Cloud Code works like that. And for like, charge BT, for models, they would like more like reasoning, just ⁓ read those rules to see. that whether there is some vulnerabilities that can break the rules. This is just my two cents.
Gabe (12:16) And at this stage, you think the gap is significant between your experience in the application of the models where like GPT 4.5 is different from like OPUS 4.6 or 4.7? Yeah, yeah. Do you think the gap in between the two models is very wide or do you think it's pretty narrow? Like how big of a gap in the performance for your specific use case is it between, ⁓ you know, Anthropic and OpenAI?
Yuannan Yang (12:57) ⁓ Thanks for repeating this. ⁓ I don't think there is a very significant difference. if we are, ⁓ say if ⁓ our test dataset has 10 vulnerabilities. So maybe in ChatchBT, we were using ChatchBT models, and they can find eight. But for using Cloud Code, ⁓ they can find like seven. So it's not very different. but I would say they still have some difference but I don't know how they gonna be in the future and how is the vertical goals and their plans but I would say in terms of our current my current experience the the difference is it's not very big it's just some minimum difference
Gabe (13:48) Got it. And so you guys are essentially building like a harness ⁓ for smart contract auditing and using the frontier models to power this harness.
Yuannan Yang (14:00) Yeah, exactly. So we are using different models. Like, GPT-4.5, you just mentioned, also models from Cloudy. We also use some open source models and try to lower the cost.
Gabe (14:18) What about localized models? Are you doing any local stuff for cost effectiveness?
Yuannan Yang (14:23) Yeah. Yeah, exactly. So this is also some directions we're now heading to. you know, ⁓ those APIs from cloud, OpenAI is quite expensive. But for some tasks, like extract contacts from ⁓ code, those are very easy tasks. You can do it either with this static analysis tool, static analysis ways, or you can use very cheap models. So we were trying to decompose all the workflow. and just that those tasks was very easy. Did not need those sophisticated models, ⁓ optimize those tasks using ⁓ local models.
Gabe (15:10) interesting. Okay, yeah that kind of takes me to my next question about the breadth of the type of work you do so Recently there was there was a drift hack right which was a social engineering hack and this is not the first time we've seen this there's the Axie infinity social engineering hack same thing. It was like 600 million this one might be on the order of closer to 300 million and Is are these types of hacks within your remit one and two? How are you guys looking at the tool?
Yuannan Yang (15:32) Mm-hmm.
Gabe (15:42) and skills to prevent these types of things and are you supporting customers with this?
Yuannan Yang (15:48) Yeah, so because of AI, the landscape has dramatically changed and those social engineering attacks happens a lot. like every week, I will receive a lot of reports from our clients saying like, our private get exploit, can you check, help me to check out what happens? Like most of the clients, the private get got compromised because they're doing some like vibe coding stuff and they were just systemistically install some MPM packages, which those malicious packages were just breaking the system, like get credentials, get the private keys from the memory. So we saw a lot of cases like that. And ⁓ we also saw some AI introducing new vulnerabilities, like ⁓ in the past, like MoonWheel. MoonWheel, it is a void that CloudCode I forgot the model is 4.5. It just introduced one of these to hard code at the Ethereum price.
Gabe (16:56) And that was the Moonwell ⁓ vault, the DeFi protocol. They basically introduced a new update, and then the model introduced the bug. And basically, in the GitHub, could see Opus was the co-collaborator on that.
Yuannan Yang (17:01) Yeah. Yeah. Yeah, exactly. So the landscape is changing dramatically. ⁓ So that's also some things we... ⁓ we are trying to build ⁓ the capabilities we're trying to build recently. So ⁓ I remember last week we just launched a new product called Assertive AI ⁓ Skill Scanning, which is ⁓ a tool-side scan for malicious skills. ⁓ But to be honest, I would say we still have a long way to go because we also have a group of security researchers who is conducting research. which is ⁓ how to bypass those skills scanning. ⁓ They were working as attackers to think about ways to bypass those scanning tools. So we found tons of ways to bypass those scanning systems, even with the most popular scanners. ⁓ You can also check out our post at solik.com. I will explain this in detail, but I would just say we still have a long way to go to protect this. Yeah.
Gabe (18:25) So for vibe coding specifically, has become one of the, is that like the largest attack vector for social engineering as of lately?
Yuannan Yang (18:34) ⁓ I would say no, but because most of our clients are developers and they are developing smart contracts and that's why we receive most of the reports. Last month we released a security report on Open Cloud and we just got a matter of cases where the hackers leverage Open Cloud vulnerabilities to get a credentials private case. And just in one case ⁓ earlier in February, ⁓ this year, ⁓ OpenClaw Skill Hub. SkillHop is the SkillHop. Yeah, the skill registration, CloudHop, it got flooded with over like 400 malicious skills. Yeah, they just impersonated tools like ByBase, PolyMarket, DressUp as crypto training automations. And I remember there was one account alone racked up like 7,000 downloads. So it's a quite big number. And also I remember
Gabe (19:20) wow.
Yuannan Yang (19:40) there is an independent researcher just ran a proof of concept. He published a test malicious scales there and within eight hours there is 16 developers across like seven countries, eight countries, I forgot, install it. So I would say web coding is only a small portion and we do see a lot of more cases. because AI just expands the security boundary dramatically.
Gabe (20:14) And then what is kind of the forefront case study for exploits? If it's not vibe coding, vibe coding is clearly like on the rise. What's the core issues that you've seen?
Yuannan Yang (20:25) Mm-hmm. The core issues I've seen you mean AI agent
Gabe (20:34) Just like social engineering, what are the main ways in which you're seeing case studies of social engineering? What is the pattern of those attacks?
Yuannan Yang (20:37) so cringy. Yeah, for social engineering, let me think about it. Because most of the cases I've dealt with is byte coding. And for social engineering, I just received some cases ⁓ where... So we're the attackers just to tell you like, Hey, I have a deal to want to discuss with you. Let's do a Zoom call. Let's do a Chrome call. And when you are doing Zoom calls with them, they might send you a fake link. It's not like zoom.us.com is, but like Zoom like for what, what, is, it's a very, it's just disaffection. And during the meantime, you will see some like blur and some noises there and there pop up the window saying like, Hey, you need to upgrade.
Gabe (21:25) Okay.
Yuannan Yang (21:35) your zoom. If you click that one, your computer will die. So there is a lot of social engineering ways to break your system using emails, like zooms, like telegram. So you have to be cautious about the links you click and you have to be cautious about what you are doing to your computer. You have to set up very restricted access control to your computers.
Gabe (22:02) And are these, ⁓ do you think for a lot of the customers that you're dealing with, are these targeted attacks or is it kind of blanket attacks?
Yuannan Yang (22:11) Yeah, I would say ⁓ in my understanding, I think it's kind of like very targeted. ⁓ I ⁓ have that feeling because I know of many of my friends, they are working in crypto companies. They are like business developments, they are like maybe CTOs. So they just receive tons of fake emails, like tons of fake invitations. like tons of malicious links every day. So I feel like if you are working in crypto, you have access to many resources ⁓ like you host private key for your company assets, et cetera, you will be easier to get attacked.
Gabe (23:04) And for you, are, what is the extent of how you support these types of attacks? Like, you know, if it's someone is downloading something, a skill, and it's a malicious skill, at what point are you ⁓ supporting them? Is it after the fact or like, what is the predictive stuff that you're doing ahead of time ⁓ for these types of things?
Yuannan Yang (23:29) Yeah, I would say there is no effective ways for you to prevent those attackers. know, attackers are always coming up with new ways, new technologies, new angles to do social security. But I think that the key is you have to educate them enough to do some educations for them. Tell them what you need to do, what you cannot do during an interview and give them more case studies to make them understand, to make them have security awareness. I think that's the most important thing. But what we can do is give them applications of course and after that, if they found out that their system might get wrecked, we would just let them stop the networking and send the computers to us. We will just do some hardware analysis, etc. just to find out what the root cause is and then publish the root cause to public and do more applications.
Gabe (24:28) Got it. it. So a lot of education and kind of don't do these types of things. And then if there is a tactic, then it's there's like a retro on it. But what what are the can you share like ⁓ maybe just for people in general, like what are these things to look out for and what's like the core primitive? it like downloading something? What are like the actions clicking, downloading? What are kind of like the high level actions that should be monitored, especially in the age of AI and all this?
Yuannan Yang (24:38) Yes.
Gabe (24:58) know, automations.
Yuannan Yang (25:00) Yeah, first and foremost, if you are reading some emails, if you are having some conversations, if you saw a link, that direct you to something you do not know from untrusted parties, do not click that link. You need to verify as per the, you are having conversation with a trusted party. They may just pretend to be a trusted party, say, like you are both like your partners, et cetera, but you have to verify the correctness of the link. And when you are doing, like when you are having Zoom link, when you have meetings with your clients, with anyone, you need to be careful to read whether the links is correct and if they ask you to download everything, never do that. And also for those who like doing web codings, I would recommend that you do web coding in a secure environment like say sandbox or even use a new computer without credentials to do so. Yeah, that's basically a very high level advice I can give you.
Gabe (26:11) Good, good. Another section in the own second. Yeah, so. For the product that you guys are building, it seems like you're ahead of the curb on... you know, building this AI harness specifically for crypto security auditing. And you said before that, you know, something like a mythos or this traditional cybersecurity model doesn't directly impact ⁓ the ecosystem at all if there were as much as we think. Right. So what is kind of like the race look like and how does the, how does the business model for you guys actually change if potentially the barrier to entry for a first mark? contract auditing ⁓ lowers.
Yuannan Yang (27:01) That's a very hard question because AI really impacts the whole industry for a lot. So a thing that I can say immediately is that AI is truly replacing those junior auditors. So we recently launched our AI product called AI Auditor, is a beta testing. Beta testing is a scanner. that can scan your smart contract and give you a result like an hour. And this scanner's capability is ⁓ much better than a junior auditor. So I would say, if a junior auditor cannot find sophisticated bugs that AI cannot find, ⁓ it is a... be like getting impacted. And also in terms of other is itself, ⁓ I would say like, ⁓ I saw there is a trend for like, ⁓ like every clients wants to like develop a real quick near using their AIs to do development. And they do not even understand when they're coding sometimes. So in this case, it's provides, it requires from the risk is shifting from them to us. It's like we need to understand what kind, what AI, what's the capability of AI, what's
Gabe (28:33) Mmm.
Yuannan Yang (28:39) What mistakes are the AI going to make?
Gabe (28:43) And you're saying that the right now the teams are basically putting together code and then it's working, but then they ship it to you and it's like slot.
Yuannan Yang (28:55) Yeah, exactly. it's AI, they do web coding, right? Because AI is very powerful. They can just do some web codings that add features really, really quick and just submit those to do an audit. this is, ⁓ I would say, so the development cycle is becoming quicker and quicker. It's like they just spend a day to develop a hundred lines of code for us to audits. So, I mean, in this case, we have to adapt to it. That's why we invest a lot on our AI technologies. We launch our AI products. It's like every time they have developed a smart control or something, they can just use our AI to do scanning as a checkpoint. And later on, when they finalize, have a beta stable version, they can just reach out to us like, we want many audits for this version. Can you do that for us? Yeah.
Gabe (29:54) So the team pushes ⁓ new code and then they have a checkpoint, like a self-serve tool that you guys provide. How long have you guys been doing that?
Yuannan Yang (30:05) ⁓ So we're doing that AI tools as our internal tuning system. It's like every time if the client allows us to use AI, we will just run the code base and just serve as a baseline for our audits. And we just recently released some of the scanners to public, some general as a beta testing. So this is just to adapt to the AI ⁓ environments that AI dominates the coding space.
Gabe (30:46) Yeah. And previously, so teams would finish all of these features and development and then ship ⁓ a pile of code to you. But now it seems like the behavior and the landscape of development obviously is changing. It's faster and the throughput is accelerating. And then on your end, it seems like you're building towards this real time audit. Can you tell me about where the
Yuannan Yang (31:08) Thank Yeah
Gabe (31:17) direction of the industry you think is going? Is it going towards real-time audit? What do you kind of see it as in maybe the next three years?
Yuannan Yang (31:26) Yeah, so to be honest, ⁓ I don't even know what's gonna happen in three months. know, AI is changing like dramatically every day. So ⁓ I would say in terms of industry, I don't think ⁓ real-time artists will be dominant in a space because right now AI system has many problems. I will list just a few here. So the first is the randomness I told you. ⁓
Gabe (31:31) I see.
Yuannan Yang (31:56) If you look into our benchmark, so we do a benchmark on 2026 incidents, is which there is a 35 instance and we do a benchmark on that so in our first round there is like 80 record rates, 8 % record rates. In the second round, it's have 88 % record rates. So that means that if you run the model like two times you will have higher chance to gain more vulnerabilities. That's the randomness I just told you, which means that in some situations, AI can miss bugs, miss those very critical bugs. Those are instances that lead to actual loss. So if you miss the one bug, it's going to be millions of dollars loss. So I would say AI still have some restriction in terms of randomness, but for humans, in terms of human artists, ⁓ we at least have three auditors in projects. They will do manual review, line-by-line review, and do cross-check, which means that every time when a finish was done by a human audit, there is a likely chance that they miss vulnerabilities like AI. And also in terms of accountabilities. So you cannot expect AIs can do accountabilities for a product. If your product got audited by AI, you were probably not trusted. And this is another part I think AI cannot replace. And the third part is in terms of depth verticals. So ⁓ we were building AIs. ⁓ At the very beginning, I was thinking when the AIs can truly do some very, you know, very in-depth thinking, like finding some zero-day vulnerabilities that only like, experts can find. I would say yes for some cases, but more cases I will say that it requires humans for guidance. It's more like, human needs to tell AI what you need to do and give him a guidance to like how to achieve that goal. So I think for those in-depth findings, sophisticated findings, still requires human interactions there.
Gabe (34:23) Yeah, it seems like now you tell an agent what to look for and the rules in which it should look for it. Are you guys thinking through and for you?
Yuannan Yang (34:31) Yes.
Gabe (34:37) Do you think that skill can move up the stack where then the agent starts finding its own ways of, its own rules or either finding its own specific types of vulnerabilities? How far do you think that is where the gap kind of closes on the expert?
Yuannan Yang (34:59) Yeah, it's a super good question. So we do have some research regarding to that. in smart contract audits, we have a term called property or invariant, ⁓ which means that you have, when you are doing smart contract, need to, there is some rules that always hold true. Whether you are doing form of applications, you are doing fuzzings, you need to make it as true. For example, a invariant of property can look like this. So when you say there is a staking contract, you stake like 100. When you un-stake, you un-stake like in certain period, your un-stake amount should be bigger than the staked amount. So that is the property, right? So that is what we call the property. It's basically like rules you need to fulfill while playing this game. if you need to come, I mean, if you have already
Gabe (35:52) Hmm.
Yuannan Yang (35:59) come up with this infrared for a similar staking contract you can reuse this ⁓ infrared and property. But in terms of if there is a new system, it's a different staking model. Like say, hey, this staking model is like in the first week of your staking, if you un-stake, you will get punishment. what you can get is actually decreasing. But for the second month, it's get increasing. I mean, the situation is different. if these ⁓ human or AI system can just look into that to identify those properties. But obviously, the abstraction is not as good as human for understanding cases. But in actual cases, it's much more complicated. It requires a bigger system. They have many different interactions to external parties. If it's staking, it's not staking. to in this protocol. It may stick in other protocol, other dependency protocols. Say like list of data, like say other yield protocols, and you have to understand what kind of products you are sticking into. So for humans, because we have experience and we have ⁓ better ability to gather, put all the information together because we are getting a lot of training for this expertise. So we can quickly adapt and find out the proper ⁓ great property or invariant or better invariant than AI. But I would say you are right. This is something that my AI can come up with, but I don't know when it is.
Gabe (37:40) Yeah. Yeah. Okay, so you're saying, and I'm starting to notice a pattern actually. We had Nikita from Barter on our first episode and he was saying, you know, more so the agents are ⁓ used in like certain conditions. ⁓ And for you guys, you're saying like, okay, the agents can do certain things very well, but you know, for this like abstraction piece and pulling together all the context, it's
Yuannan Yang (37:50) Mm-hmm. Yeah. Mm-hmm.
Gabe (38:13) the context piece is the issue. ⁓ Also, someone else, Mike from ⁓ Hummingbot, he said the same thing, where for them, the missing piece is kind of like just plugging in all the information about the ecosystem. Is that kind of what you're seeing as what's missing from, you know, like some agent just basically doing like the end-to-end discovery and auditing process of, you know, novel issues or problems, et cetera?
Yuannan Yang (38:42) Yeah, exactly. also, I believe there is not a lot of data for AIs to be that smart at the current stage, because know Web3 security is very new at this space. And I don't know if there is enough data ⁓ to train the action models to be that good. But I do believe that the capability of AI is keeping increasing. and there will be more and more sophisticated vulnerabilities that AI can find. ⁓ But in terms of current phase, ⁓ would still say that AI still have its limits based on our ⁓ experience of using AI throughout audit process.
Gabe (39:38) Yeah, this is super interesting. Any last thoughts before we wrap up? I know you guys are pushing on the internal AI harness a lot. any last thoughts there and kind of what you expect and are going to be seeing over the next couple of months?
Yuannan Yang (39:48) Thanks Uhhh, asshole. ⁓ That's a very high level question. ⁓ I've chat with quite few CTOs from blockchain infrastructures. ⁓ They are just building some infrastructures for agent economy. They have different solutions. Basically, just ⁓ give an agent identification on their blockchains. the blockchain and your crypto accounts like that and execute the transactions there. So I would say a lot of like infrastructures and lot ⁓ of nodes are just shifting to agent to agent system but I also feel like I'm not comfortable with current security models. Many things that they did not actually realize, like for example, AI agent is off-chain and not controllable. How do you ensure that your agents will not get exploited? How do you prevent like problem injections, data poisoning to your AIs? And also like if you're thinking about, if you compare this to the past, the threat model is completely different. So in the old days, if attackers want to perform a social engineer attack, discuss. So they have to build trust with you, right? They have to make you trust that this email is ⁓ from a trusted party, like your partner. even some hackers from North Korea, they will even enter your organization's past interviews to do social engineering. But now the hackers can only just social engineer your AI agents. So what your AI agent is it's like a very junior employment employee that has a full access but like almost no security instincts. So I think this makes much easier for a hacker to break into to to hijack your AI agent than an actual human. So those kind of challenges I think we do not have good security models for that. ⁓
Gabe (42:25) Yeah. That's a great analogy. And because we've seen kind of some like ⁓ wrappers or tools that are securing the agents, but, you know, those do not go as viral as, you know, open claw. Just it just the the breadth of the stuff that you can do. So, yeah, the agent security piece, especially like reading emails, you know, with the prompt injection where, you know, there might be malicious instructions in the email, something I've been worried about. ⁓ And on that point, to just before we wrap is I have a kind of a very specific question for you. And basically you guys see a lot of ⁓ types of protocols, right? You're like a bottleneck of information when it comes to teams with capital, right? And teams who are shipping products. And that is kind of a unique area as one of the largest smart contract auditors. Without getting into the specific names, are there types of products right now that are being built in the ecosystem that you're noticing are getting more audits, right? And for us, this is like an indicator of
Yuannan Yang (43:14) Mm-hmm.
Gabe (43:36) Okay, maybe this sector is heating up. Yeah, is there like some kind of hints you can give on, is it payments, is it stables, is it agents? Where are the serious players ⁓ shipping code the most?
Yuannan Yang (43:52) So I would say from my experience, would say we got a lot from institutional clients. They're doing payments, they're doing infrastructure stuff. So they are players from traditional world and they're trying to do web three stuff. So the gap here is they have very strong experience in Web2 but they did not know about Web3. ⁓ For example, I remember our security team found vulnerabilities that related to fake deposit ⁓ that can just do a fake deposit to exchange ⁓ using smart contract and just the cheat and the exchange scene like hey we're for ID, make a a fake deposit, we have to trade the exchange and say hey we make a deposit but actually there is no money going there. So this is a vulnerability that web 2 native ⁓ personal security researchers cannot find. I think it's a good case. So in terms of that I think Serdic is a good one to fit in that place. Like give some insight to the audience for those parties. to let them understand more about web3 and provide security products to make sure that everything works smoothly because they carry out a lot of capitals there and also data privacy etc. So yeah, I would say there's a lot of things we need to do in the future.
Gabe (45:49) Yeah. Awesome. Well, appreciate you having on this. This has been super insightful. and I guess to wrap on that last thought, the institutions, these web two institutions, uh, I'd assume, you know, banks and tech companies are coming on chain, building their own products. And this is potentially something that we should kind of pay attention to as there's probably going to be some, some updates and new products rolling out for the next couple of months, if not the year. Yeah. Cool, man.
Yuannan Yang (46:16) Yeah, exactly.
Gabe (46:19) Well, yeah, appreciate having you, Yang, and sharing your expertise here. And hope to have you back on time sometime soon.
Yuannan Yang (46:24) Yeah, thank you, Gab. Thank you. Thank you for being so nice to me. know, engineers sometimes are quite shy and do not know how to handle some tough situations when you're doing face-to-face camera. So thank you for being so nice to me.
Gabe (46:28) Don't worry. Yeah, no problem. Yeah, anytime and appreciate you coming. Yeah, see you.
Yuannan Yang (46:49) Yeah, appreciate it. Thank you. See you then. Bye.