We scanned 138 Sui validators across 20 countries using kernel-level temporal fingerprinting. 41% have SSH exposed, 57 run unexpected internet-facing services, and 9 confirmed CVEs sit on 4 hosts -- including 2 critical at CVSS 9.8. Here is what we found and why it matters for DeFi.
We're open-sourcing the tooling behind NullRabbit's autonomous kernel-level network defence: the scanning, intelligence, observation, and adversarial validation layers that feed our enforcement pipeline. Six tools, MIT licensed, with more coming.
The technology to defend networks autonomously exists. The legitimacy to deploy it does not. Introducing earned autonomy: a governance framework where defensive authority is demonstrated before granted, scoped per abuse class, and continuously re-earned or revoked.
Inline defence without understanding is guesswork. Before machines act, they need evidence. Why we're open-sourcing our scanning system, building jigs instead of shortcuts, and claiming time as a first-class signal in infrastructure security.
Machines attack at machine speed. Humans defend at human speed. The technology to close this gap exists - the governance doesn't. A framework for when machines should be permitted to act without human approval.
Inline enforcement operates at machine speed, but trust cannot. IBSR is a validation step: using XDP to observe real traffic, simulate enforcement, and generate evidence before any blocking is enabled.