The Team Behind Protocol-Aware Security for Validators

Why NullRabbit Exists

Our research shows many validators are exposed without operators realising — public RPC ports, ghost ports, stray services, load-balancer bypasses, configuration drift that reopens closed ports, and unpatched CVEs. We've also found web servers and other services running directly on validator hosts.

Cloudflare protects connectivity, but it can't understand or enforce validator protocols. A breached validator is catastrophic for the operator, but the network continues. When many validators share the same external weakness, it becomes a billion-dollar liability for the ecosystem.

What We're Building

• →Sentinel - external discovery & exposure mapping
  Shows what's truly reachable from the internet and detects behavioural fingerprints, anomalies, and protocol exposure patterns.
• →Guard - kernel-level in-path defence (XDP / AF_XDP)
  Drops threats in microseconds at the NIC using encrypted DPI — metadata, headers, handshake patterns, flow behaviour, and timing signals.
• →The Loop - external truth → inline enforcement
  Sentinel's discoveries continuously inform Guard rules so your validators get safer with every scan, block event, and drift detection.

Founder

Simon Morley - Founder & CTO, NullRabbit

Simon is a founder-CTO with more than 20 years of experience building and securing infrastructure, networks, and products. Before NullRabbit, he was CTO and UK Director at a European alt-assets crypto exchange, where he rebuilt the platform, led engineering, and delivered AML, KYC, compliance, and real-time transaction-monitoring systems.

He has founded multiple startups across networking, security, and marketplaces, and mentors companies at Techstars. NullRabbit brings that experience into a single, focused problem: securing validator and node infrastructure from the outside in.

How We Work

We partner directly with validator operators, protocol teams, and infrastructure providers to harden real networks, not lab environments. Our roadmap is driven by live exposure data, real incidents, and network-level risk patterns we see in the wild.