Posts tagged infrastructure security.

We've published nr-bundles-public on Hugging Face: the first open, multi-modal dataset for blockchain validator security. 31 schema-pinned observations across Sui and Solana, seven attack families, CC-BY-4.0. Open bundle format, open ten-family taxonomy, closed corpus. The substrate for cross-chain ML detection of infrastructure attacks.

Three architectural findings in the Agave JSON-RPC layer at v3.1.9: response amplification on getMultipleAccounts, Tokio executor saturation via simulateTransaction, and spawn_blocking pool saturation via getProgramAccounts. Architectural patterns, not rate-limit DoS - operator rate limits don't close them.

Validators go down constantly. Almost nobody is watching it happen in real time, across chains, in one place. So we built slashr.dev, a live incident feed tracking Solana, Ethereum, Sui, and Cosmos.

A first look at what DeFi validator infrastructure looks like at the kernel level. We crack open the consolidated dataset -- embedding galaxies, jitter fingerprints, RTT ridgelines, and 10,000 anomaly events across 642 silent hosts.

Every blockchain network has a physical fingerprint. We pointed our eBPF/XDP scanner at 1,075 hosts across multiple DeFi validator networks and mapped 3,001 timing fingerprints to reveal the structure underneath the consensus layer.

We scanned 138 Sui validators across 20 countries using kernel-level temporal fingerprinting. 41% have SSH exposed, 57 run unexpected internet-facing services, and 9 confirmed CVEs sit on 4 hosts -- including 2 critical at CVSS 9.8. Here is what we found and why it matters for DeFi.

We're open-sourcing the tooling behind NullRabbit's autonomous kernel-level network defence: the scanning, intelligence, observation, and adversarial validation layers that feed our enforcement pipeline. Six tools, MIT licensed, with more coming.

The technology to defend networks autonomously exists. The legitimacy to deploy it does not. Introducing earned autonomy: a governance framework where defensive authority is demonstrated before granted, scoped per abuse class, and continuously re-earned or revoked.

Inline defence without understanding is guesswork. Before machines act, they need evidence. Why we're open-sourcing our scanning system, building jigs instead of shortcuts, and claiming time as a first-class signal in infrastructure security.

Machines attack at machine speed. Humans defend at human speed. The technology to close this gap exists - the governance doesn't. A framework for when machines should be permitted to act without human approval.

Inline enforcement operates at machine speed, but trust cannot. IBSR is a validation step: using XDP to observe real traffic, simulate enforcement, and generate evidence before any blocking is enabled.