CredShields

CredShields and @SolidityScan are proud to contribute to the release of the @owasp Smart Contract Top 10 2026. OWASP Smart Contract Top 10 defines the primary contract-level failure patterns that repeatedly lead to loss in blockchain systems. Sincere gratitude to @ethereumfndn Ecosystem Support Program for supporting the OWASP Smart Contract Security initiative. owasp.org/www-project-sm…

The traditional pentest timeline: Week 1-2: scoping calls Week 3-4: waiting Week 5-6: testing Week 7-8: report writing Week 9+: revisions Meanwhile your team shipped 3 releases. There's a better way, findings in hours, expert in loop, report your auditor accepts. #Pentesting #AppSec #CyberSecurity #CISO #DevSecOps

We found a critical vulnerability in a fintech AI assistant last week. The app: a customer facing chatbot built on an LLM, integrated with account data. The attack: a single prompt injection in the user input field. The result: the model leaked its full system prompt including internal API endpoints, tool configurations, and data access logic that should never be visible to an end user. Their previous pentest was a clean report, with no findings. Because the previous pentest never tested the LLM layer. This is a coverage gap, and almost every company shipping AI features has it right now.

We're hiring. Two roles. One mission: close the gap between how fast software ships and how fast security keeps up. 🔹 Sales Development Representative 🔹 Account Executive If you've sold into security, infrastructure, or DevSecOps, and this sounds like your kind of challenge, let's talk. → info@credshields.com Or if you know someone perfect for the role, mention them 👇

Traditional pentests cover your network, your API, your web app. Not your LLM. Prompt injection, RAG leakage, guardrail bypass, these are active attack vectors on every app running an AI feature. And they won't appear in your last pentest report. Because nobody tested them.

@procur3 @CantonNetwork 🙌

Procur3 is now live on @CantonNetwork The only public blockchain built for regulated markets. Now, protocols building on Canton can find, compare and book Daml-specialised security firms directly through Procur3. Details below

Modern threats operate continuously, dynamically shifting through CI/CD pipelines and developer environments. Your security testing needs to be just as adaptive. 👉 How is your organization validating the integrity of your dynamic build caches and developer environments today?

Legacy, scheduled point-in-time penetration tests and traditional static scanners are completely blind to this. When a legitimate, trusted library is subverted in real time, static analysis sees code with valid signatures and green lights.

Is your AppSec team still scanning for yesterday's vulnerabilities while attackers exploit tomorrow’s execution paths? 🚨 Over the last 48 hours, the npm registry faced its largest automated supply chain escalation yet.

@Giveth @thedaofund @Quantstamp 🙌

The Ethereum Security QF round brought together: • 500 ETH matching pool from @thedaofund • $300K+ in donations • Additional matching pool support from @Quantstamp and @CredShields • Dozens of teams showing up for Ethereum security Really inspiring to see so many parts of the ecosystem come together around supporting Ethereum security. And special thanks to the teams who stepped up with additional support across the round: @Quantstamp, @CertiK, @sigp_io, @Certora, @chain_security, @PashovAuditGrp, @CredShields, @hackenclub, @OpenSea, @yearnfi, @osec_io, @coinspect, @dedaub, @RektHQ, @hexens, @perimeter_sec, @rv_inc, @WeAreTellor, @ECHInstitute Stay tuned for the final results!

We asked 50 security leaders how long their last pentest took. "4 months start to finish." "11 weeks and counting." "6 weeks, we'd already shipped 3 features by then." How long did yours take?

@pashov :D

I love the empty look on the faces of normies when they hear you are in cybersecurity They really don't even know the beasts you have to fight to make it in this space. Cute. I won't lie, it feels superhero-like protecting people that can't even understand/appreciate it, haha

Every company that shipped an AI feature last year added a new attack surface. Prompt injection. RAG leakage. Agent manipulation. Guardrail bypass. Most of them haven't tested any of it. We've spent 20+ years testing the security of banks, fintech companies, and payment systems across India, Southeast Asia, and the Middle East. We've watched the attack surface change faster in the last 18 months than in the previous decade. AI features ship in days, pentests take months and reports are stale before the ink dries. Something has to change. If this problem sounds familiar, we'd like to hear from you. What does your current pentest process miss?

@BitcoinBTCLE github.com/Credshields/au…

✅ Audit Complete. We've successfully audited the smart contract for @BitcoinBTCLE. BTCLE is a scarce, community-driven token on BNB Smart Chain with a roadmap to launch a Bitcoin Layer 2 network and bring RWAs on-chain. Website: bitcoin-limitededition.com

@Giveth @yearnfi @Certora @Quantstamp @sigp_io @chain_security @CertiK @coinspect @osec_io @thedaofund 🙌

Ethereum security is not a solo mission 🤝 Huge respect to every team helping direct more support toward the projects protecting the ecosystem. Final hours to join the push 👇 qf.giveth.io/qf/ethereum-se…

@GruntleMeme github.com/Credshields/au…

✅ Audit Complete. We've successfully audited the smart contract for @GruntleMeme. $GRUNTLE is a capybara-themed meme coin on Ethereum built around a strong community and a deadpan, low-hype identity. Website: gruntle.io