Ken

In 1983, TCP/IP launched. By 1993, it dominated global networks. By 2000, it powered all internet communication. History doesn't repeat itself, but it often rhymes, and Chainlink is well on its way to it's TCP/IP year 2000 moment for the internet of contracts.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

This seems like a pretty great idea. Until they get hacked and expose the credentials of 100k agents. Or it turns out this was vibe coded.

Does one fully embrace AI and pray that they'll still be relevant in a few years? Do they take a neutral approach and simply observe how the cookie crumbles? Or does one finally check out and start that off-grid homestead they've always been dreaming of?

Would love to see a vibe coded SIEM. Or an AI agent that automates everything a detection engineer does. Not to say it won't happen, but something tells me it won't be any time soon.

It's been nice the last year or two not having severe FOMO that Web3 gave me. And then AI got serious, and now I have 10x more FOMO. Nothing lights a fire under your ass better than the threat of machines taking your job.

It's one thing to vibe code an app. But I don't see anyone vibe coding an ecosystem, or years of building partnerships and ecosystems. And that's why I have a hard time seeing vibe coded apps simply replacing major security tools over night. Or ever, for that matter. Platforms like Crowdstrike or Splunk, for example - they aren't just sitting idly by, waiting to get replaced by some vibe coded app. They are full steam ahead with AI integrations themselves. Not to mention, good luck vibe coding either of these enterprise grade tools. I'm sure some vibe coded apps will find a niche that they excel at over existing solutions, if they haven't already. But color me skeptical if I believe vibe coded apps will win out against most enterprise solutions in the security space. Time will tell!

Hey @SpotifyCares, our podcast "The Hunter Williams Podcast" was just mistakenly flagged and removed for "Dangerous Content." We discuss the science of peptides and prescription meds for educational purposes only—no medical advice or sales. Can we get a manual review on this? #SpotifyForPodcasters

I want to share a quick thought for people in cyber security. This will be my longest tweet ever. I’ve spoken to many lately who are having an existential crisis from the constant posts about “the end of cybersecurity jobs.” Yes, things are changing quickly. This is a significant moment for the tech industry. Change can be uncomfortable. But we’ve seen cycles like this before. • When GitHub and open source took off, people said software engineers would disappear because code was free. • When AWS and cloud computing emerged, people said infrastructure jobs would vanish. • When fuzzing and SAST tools improved, people said vulnerability research would disappear. • Virtualization would eliminate infrastructure jobs. • Mobile computing was going to end desktop dev. • Exploit mitigations would end exploitability. It didn't. Each time automation improved, the amount of software grew faster than the automation. It does feel "different" this time as it's explosive. Some roles will shrink: • repetitive pentesting • basic vulnerability scanning • tier-1 SOC monitoring But other areas are expanding rapidly: • AI system security • supply chain security • identity architecture • autonomous agent security • critical infrastructure protection Historically, every time we eliminate one class of bugs, new classes emerge. Right now people are vibe-coding entire systems, giving AI access to their machines, crossing trust boundaries, and deploying autonomous agents with excessive permissions. The legal and regulatory world is nowhere close to ready. There will absolutely be new failure modes. Humans are amazing and always adapt, finding new ways to do things. The worst thing you can do right now is fall into a doom loop. ...and I’ll be honest, I too have felt the "psychological paralysis" a few times thinking, “Is this time different?” It's especially impactful when it comes from someone I respect in the community. There are certainly unknowns, in an industry where we've become accustomed to predictability. But... the majority of those reactions are usually driven by social media, not reality. Platforms like X reward engagement, and sensational doom posts spread faster than measured thinking. If you see something like: “Holy #$%^! Opus 66.6 just found every bug in Chrome and replaced 50 startups!” …mute it and move on. Instead: Stay curious. Learn the new technology. Adapt your skillsets. Build things. We’ll get through this transition the same way we always have. If I'm wrong then Sam Altman better be right about UBI! :) I'm sure that if this tweet gets any engagement that I'll get some heat for it, but a good friend of mine reminds me often to focus on what you have control over. I'll revisit this tweet at DEF CON 40!

Prediction: Security engineers will be in high demand for the foreseeable future, as we witness the tsunami of vibe coded apps getting deployed into production, and subsequently getting rekt.

@fn12044 Go read allen carrs book "the easy way to stop smoking'. Then if needed, read rational recovery. These two alone will change your life. Taking a peptide like tirzepatide can also help crush dopamine seeking behaviors like nicotine use. Worked well for me.

Anyone know how to get through a full week without dip or Zyn ? 1 day and it's like my soul is being ripped apart. No, coke is not an option either. Thanks

If you wanna show up at the highest and best for your family… Highest and best for your business or employer… Highest and best for your tribe and your community… You must prioritize your health and fitness first. By not prioritizing your health and your performance… You’re NOT showing up for your kids… You’re NOT being a good role model and you’re NOT being the best version of you… Not emotionally, not physically. Anyone who wants to express the highest version of themselves… Must place a very high priority on their own physical and mental health. Not putting anyone else first and not making any excuses that you are too busy taking care of others… If you’re not on your A game and not working on maximizing your full potential… You are doing yourself and the world a disservice as others won’t get the best from you and your battery will eventually die out. Level up.

Chainlink is the industry-standard oracle platform. Trusted across: • 2,500+ protocols • 75+ major blockchains • 80+ of the world's largest financial institutions LINK Everything.

No matter how much you love gaming (I sure did), you'll probably regret the time you've spent on it one day. Sure, you can cope by telling yourself you are "learning stuff", "increasing your problem-solving skills", "improving your reflexes", etc., but deep down, you know that's BS, as I did in my gaming days. Once that screen goes dark, you have NOTHING to show for all the hours of your life you've poured into it. They're gone forever. Sure, you got some cheap dopamine out of it. For a minute, you felt that sweet sense of progress and accomplishment. But that was merely fake progress and the illusion of accomplishment. Back in reality, you did nothing but sit in a chair while moving pixels on a screen. Hundreds, thousands, tens of thousands of hours poured into mastering a skill that is completely inapplicable to anything in the real world. Had you devoted that time to a worthy skill instead, you would've been a master craftsman, artist, athlete, musician, you name it, by now. It's not too late, though. You still have a choice. You can keep whittling your life away while moving strong, intelligent, capable, and impressive characters on a screen, or... you can become one of them. Choose wisely, for time is the stuff life is made of, and you have less of it than you think. As a former passionate gamer, let me tell you: There's far more joy, accomplishment, and fulfillment to be found in the real world.

The next era of global finance is converging onchain. And Chainlink is at the center of it all.

The cybersecurity spend required to secure AI agents is going to be massive. I think in the medium term that’s going to put pressure on security teams to cut elsewhere.

Historically, cybersecurity has never been a true entry-level field. Most people start in IT to learn how networks and systems work, then transition into security roles over time once they have a certain amount of foundational knowledge and experience. That said, many companies, colleges, and training institutions have a strong monetary incentive to present cybersecurity as entry-level. They make significant amounts of money selling bootcamps and certifications to people eager to break into the field. After completing these programs and earning a few credentials, many newcomers discover that employers are looking for things they still do not have, most commonly hands-on experience in IT or adjacent roles. This disconnect often leads to frustration and backlash toward employers, who are accused of setting unrealistic expectations for entry-level security jobs. In reality, though, the expectations themselves are not new. What _is_ new is the narrative that cybersecurity is supposed to be an easy or direct entry point into tech. True entry-level cybersecurity roles do exist, but they are not the norm for most roles. To me, being upfront and honest about that reality would save a lot of newcomers time, money, and frustration.

Study Chainlink. What we do in 100 words ⤵️ Chainlink is the industry-standard oracle platform powering the rapidly expanding onchain economy. It provides critical standards to bring the global financial system to blockchains. The platform secures the vast majority of DeFi and has enabled over $28 trillion in onchain transaction value. Chainlink is the missing link between blockchains and the real world. It’s the universal translator between blockchains and traditional infrastructure. It connects blockchains to real-world data, other blockchains, and existing systems. It’s the all-in-one platform making advanced smart contracts possible. And it’s already being adopted by the world’s largest financial institutions, governments, and leading DeFi protocols. LINK everything🔗

The largest criticism around LINK has been the lack of value capture I think a big reason the team hasn't addressed this directly is due to regulatory reasons (e.g. 'cubes', the reserve, etc.) LINK being added to CME, and now Sergey joining the CFTCs, push the probability of LINK being a commodity close to 100% I think the market structure bill is all that's left for us to see what they have actually been up to I think 2026 or 2027 is when the thesis is validated or invalidated. We will see

Last time it was: “ToKeN nOt NeEdeD” This time it is: “Are $LINK holders just funding Chainlink Labs salaries?” Every couple of years, the FUD around Tokenomics comes around, and ngl, it does get in your head a bit even if you understand. But I actually think a lot of it comes from people trying to put Chainlink into a category it doesn’t fit into. It’s not an L1 like $ETH or $SOL. It’s not a memecoin where price = attention. And it’s not equity in Chainlink Labs. Chainlink is infrastructure. And infrastructure always looks weird early. Yes, CLL held a large treasury and yes, they sold tokens over the years. On the surface that looks like dilution. But what they were actually doing was bootstrapping a network before it had users. Every major network in history had this phase. Credit cards had to convince merchants before customers used them. Cloud providers had to subsidise adoption before companies migrated. Even the internet existed before real activity showed up. My favourite analogy, though, is railroads. In the 1800s, railroad companies built thousands of kilometres of track before there were enough passengers and freight to justify it. For years, it looked like capital destruction. Investors thought they were burning money paying workers to lay tracks into empty land. But the tracks had to exist before the economy could run on them. Cities formed because the railways were already there. Trade scaled because transport existed first. Chainlink is doing the same for digital assets. Chainlink needed: • node operators • security research • integrations • and institutions experimenting with on-chain finance before there was any real transaction volume to charge for. So LINK hasn’t been to fund CLL, it was funding the creation of a network. LINK is not ownership in Chainlink Labs. It’s the security backing inside the protocol. With staking, node operators lock LINK as security. With CCIP, cross-chain transactions are secured by that staked collateral. And institutions don’t even need to buy LINK, they can pay in fiat or stables, which the protocol then purchases LINK to pay operators. That flips the normal crypto model. Most tokens rely on speculation first and hope usage follows. Chainlink is having usage create demand. So the real question isn’t “are they selling tokens?” The real question is: if TradFi moves on-chain, what connects blockchains to banks? Instos can’t just rely on “trust me.” There has to be a security layer backing the system, and that security needs collateral. LINK is the collateral. That’s the thesis. The biggest risk in my view and the risk that has many of you stressin, is timing. Financial infrastructure moves slowly, and markets price narratives a lot faster than they price infrastructure. Chainlink is plumbing. And plumbing always looks unexciting, right until everything starts running through it.

Cycles are a normal part of the crypto industry, what is important is what those cycles reveal about how far the industry has progressed and what next stage/trends of adoption/value creation will go on to define the industry. So far this cycle reveals two key things for me: Firstly, there have been no large risk management failures leading to large institutional failures or widespread systemic risks. In the previous cycle you had FTX and multiple lenders cleaned out through large price drops, this time around I am pleasantly surprised to see none of that or at least none of it at any system wide scale. If the crypto industry and its systems are able to successfully weather large drawdowns in price and liquidity issues then it is a more reliable place to put both retail/client capital and institutional capital. This time has been much better managed than last time. Secondly, real world asset migration on-chain continues to accelerate regardless of Bitcoin/Cryptocurrency prices, signaling that having real world assets on-chain is not tightly coupled to crpytocurrency prices but provides its own unique value that can grow irrespective of market pricing of Bitcoin or other crypto assets. We have seen RWA issuance continue to grow and we've seen leading on-chain perp markets rival tradfi perp markets for very traditional commodities like silver, especially in periods when trading in permissioned traditional markets became harder or more risky vs trading in on-chain permissionless markets. As more and more RWA data goes on-chain to make perps work correctly for more asset types and as more on-chain value is generated as RWAs themselves, I expect these dynamics to only increase regardless of crypto prices. These are both very positive signals for the assumptions I have been making about three key trends I am expecting to work together to reshape our industry in the next stage of its growth into mainstream adoption. Firstly, on-chain perps about real world assets and tokenization of the assets on-chain has unique and durable long-term value which is growing regardless of any other dynamics. It is the value of 24/7/365 markets, on-chain collateral management and on-chain data. Secondly, institutional adoption of our industry will be driven by the fundamental/technology value it provides, accelerated by access to permissionless/always on markets in DeFi, which will grow massively as a result. Thirdly, the infrastructure that will make RWAs possible will be experiencing much more demand as more of the real world finds itself on-chain. As more RWAs have to go on-chain as perps via on-chan data or tokenization itself and as those RWAs are increasingly complex in how they need to work on-chain, more systems will need to interface with chains to enable those RWAs. The first two trends are inevitable market forces that are now accelerating regardless of cryptocurrency prices, that is the real insight I see from this part of the cycle. The third trend is where Chainlink is providing the key global standards/protocols/infrastructure that is needed for providing the data, connectivity and orchestration that accelerates the first two trends. Data is what allows most RWAs to exist on-chain at all. Market data for on-chain perps e.g. on-chain silver markets, Proof of Reserves for Stablecoins, NAV for Tokenized Funds to operate on-chain and many other examples touching every category of RWAs. Chainlink is the largest provider of data to the leading blockchains by far and is successfully servicing the vast majority of DeFi for all their data needs with 70%+ market share. Our new launches with leading institutional data providers like S&P, ICE and many others put Chainlink in a similar position in the growing institutional RWA world. Connectivity to both other chains and existing backend/accounting/risk management systems is key for liquidity. The ability to connect to the other chains as a system of record/source of liquidity and to the existing centralized systems of record/sources of liquidity are key for scaling RWA adoption globally. Chainlink is the leading provider of these capabilities to institutions and has been chosen by the leading security teams in Web3 to be their official bridging provider due to a superior reliability/security track record. Chainlink is also the only system that successfully pulls TradFi payments into on-chain transactions across multiple chains, integrating existing sources of liquidity and new sources of liquidity into one interoperability layer. Orchestration is the process of coordinating multiple systems into one workflow/transaction that defines the core value an application is providing to its users. Coordinating between multiple chains, multiple off-chain systems, multiple market data sources and now multiple AIs is a key function that some system needs to play for the more advanced RWAs to function properly. The Chainlink Runtime Environment seems to be the only environment in which you can currently run a workflow that can coordinate all of these key systems into a single application, already in use by enterprises and with advanced integrations into many key systems. Orchestration has an additional critical component of creating privacy, which there are now new and exciting solutions for being built on CRE. More to come on truly useful privacy as a key feature of CRE's orchestration. If these trends continue I believe what I have been saying for years will happen; on-chain RWAs will surpass cryptocurrency in the total value in our industry and what our industry is about will fundamentally change. This shift will also lead to cryptocurrency's growth as an asset class that benefits from more capital on-chain, but RWAs is how all of this goes mainstream. I have never been more excited about our industry's potential to become the way a better version of the global financial system works to benefit all of us.