RedTeam

True identity behind every alias. RedTeam/Innerworks anchors identity to the device, past every fresh wallet, account, or browser they spin up. Live across every client: fraud, multi-account abuse, and tracking sanctioned actors across burner identities. Observed on a single client platform: 1 in 5 requests originated from a single device. A pattern that recurs across deployments at varying severity Shipping out of Subnet 61.

Geolocation Intelligence: resolving where a user actually is, even behind a VPN or residential proxy. Live across every Innerworks client today: compliance for regulated finance, and detection of sanctioned actors. Used alongside lead investigators on the $1.5bn Bybit incident. Real intelligence shipping out of SN61.

Subnet 61, last twelve months. 4,264 commits. 2.7M+ lines changed. 43 new repos, 57 total. 14 unique challenges shipped, all advancing research across our three product lines. Next: three posts, each detailing what these products are solving for enterprise clients.

@Jejinho_crypto Definitely!

@_redteam_ Hi guys, nice to see some updates, actually discovered what's being built behind this subnet thanks to this post ! Do you plan to be more active among social medias, to update more regularly ? Could make big difference imo

We have now passed eleven weeks of token buy-back. #SN61 outputs now serve over 125 million DAU across our client base, through innerworks.me. We actively seeing a changing of the guard within cybersecurity. 1inch.com is the first of many we can publicly name. 150 TAO routed into emissions to date, and growing.

@mdrouhaha One coming soon!

@_redteam_ nice, appreciate the update. would love to see non-technical updates too (e.g. re: commercial adoption, enterprise clients, etc) for the average dtao investor!

FlowRadar: two weeks in production. The challenge: detect VPN providers from raw network-flow features alone - no payload inspection, just signal in the wire. Top miners now landing > 0.9 F1. To continue driving growth in the challenge, we are now shipping our production-grade dataset to all miners - mirrors real live traffic. → docs.theredteam.io/latest/challen…

@TAO_Talks @VictorVL_EN Yes our buybacks have been at 2 TAO / day for the last ~11 weeks Thats 150 TAO w/ no owner sell...

@VictorVL_EN Example: @_redteam_ does daily 1 TAO buybacks I believe of their subnet token, is linked to an existing revenue generating company, yet has a price <0.004 TAO. In the top 20 there are many subnets with either no revenue or little revenue with prices multiple times higher...

Everybody wants $TAO to 5x But I feel like nobody is talking about the fact that if $TAO does a 5x, staking into subnets becomes a LOT less interesting ➤ Subnet market caps are correlated to TAO, so they would 5x too if that happened, which would instantly make them less attractive investments and make them feel less undervalued ➤ Also if $TAO performs that well, most people will start asking themselves: what’s the point of holding subnets, aka the higher-risk assets, if the mother coin is outperforming them? So if $TAO pumps hard, I think some (or most) subnets could actually end up dumping pretty hard against it Genuinely curious to hear what the community thinks about this

@TAOTemplar Some stats on our activity this past month. SN61 has shipped every week since launch.

Nearly 50% of subnets haven't made a codeline update in the last 30 days. Which means one of 3 things 1. They have a perfect incentive mechanism (lol) 2. They don't know how to update their repository on-chain (btcli subnets set-identity) 3. Inactive Don't be exit liquidity

From live integrations, we've seen bot traffic exceed 90% on some of the most active crypto platforms online. Once you start observing how much online activity is automation, and how much of the apparent human remainder is actually a small subset of operators (tens of thousands of wallets run from single devices), the gap cybersecurity has to close becomes obvious.

UID linking: what it is and why it's good for the subnet. Every ~20 minutes, the subnet groups UIDs sharing the same IP, coldkey, or DockerHub account into one identity. Here's why that matters: ✦ Fair rewards – emissions go to real independent operators, not whoever registered the most slots ✦ No bans – just grouping. Fix your setup, and you're independent again instantly ✦ Always current – recomputed fresh every round, no cached judgments ✦ Real competition – infrastructure quality wins, not account count The strongest miners rise. Not the most creative registrants. For more information, visit: blog.theredteam.io/latest/blog/po…

We're reworking how submissions are compared on the RedTeam subnet. Moving from a single similarity threshold to a 4-stage pipeline: metadata extraction → score progression gate → static dedup → metadata-enriched validation. Fairer emissions. Harder to game. Details below: blog.theredteam.io/latest/announc…

$TAO SN | FOCUS #1 I want to take a moment to really focus on what I see as the most undervalued play in #Bittensor: #SN61 @_redteam_ by Innerworks. This has a tiny $4M MC right now, but the rails are real—miners crank out code for bot detection and fingerprint spoofing, feeding straight into Innerworks' SaaS. Big deal with @1inch already live, hardening DeFi against threats, and 10% of revenue funneled back into Alpha buybacks! Now if we stack it against centralized shops: 👉Forta (~$80M MC) spots threats in real-time but misses the miner-powered evolution. 👉Certik (~$150M) does static audits Heres what RedTeam's setup is doing better: miners simulate attacks, subnet patches defenses nails 92% efficacy on sneaky bots, outpacing them by decentralizing the R&D grind. My grounded conservative view on what will happen: Short-term (6-12 months): Emissions bump to 1% + those buybacks = easy 5-10x to $20-40M, like SN73 hitting $50M on growth vibes. Medium haul (1-3 years): Snag 1-2% of DeFi security pie ($100-200M rev equiv via emissions/SaaS) = 25-75x to $100-300M. #Bittensor #DeFiSecurity #tao #redteam theredteam.io

@bittensormax Let me share with the team - thanks

@_redteam_ SN61 backlog 5+ days on UID 182—any ETA?)

I went through all subnets w/ lower alpha price to find the most undervalued gem.. & this is it! @_redteam_ is literally Ridges but for cybersecurity! & they already have Pmf, SaaS & contracts (e.g @1inch) & recurring revenue w/ alpha buybacks I'm in! $TAO x.com/i/status/20220…

#Subnet #SN61 (@_redteam_ ) in #Bittensor $TAO 0) Executive summary #RedTeam (SN61) is positioned as a decentralized adversarial R&D engine for modern bot / automation / agentic-attack detection, with a commercial wrapper company Innerworks aiming to deploy that research into production security products. 1) What SN61 is 1.1 Mission and product thesis SN61/RedTeam frames itself around a new cybersecurity paradigm: AI agents geuensive iteration cycles. Innerworks positions its platform as “invisible intelligence” for device, bot, and geo-detection for fraud, compliance, and payment protection. (#Innerworks) A key macro tailwind for this narrative: automated/bot traffic and AI-driven automation is rising across the web ecosystem (and defenders increasingly need adaptive controls). (@WIRED ) 1.2 The Innerworks ↔ RedTeam relationship Innerworks: commercial entity selling/packaging the defense stack (device intelligence, bot detection, geolocation). RedTeam (SN61): decentralized R&D / adversarial engine meant to continuously discover new evasions and detection approaches, feeding improvements into production. The value bridge from Innerworks → SN61 token holders/miners is not inherently guaranteed by protocol. Any “value back to subnet” mechanisms must be evidenced either: + On-chain (observable buybacks/injections), or + Contractual (legal commitments), or + Governance-enforced (protocol-level rules). 2) Verifiable traction signals 2.1 Partnership: @1inch × Innerworks #1inch published an official post describing a partnership integrating Innerworks’ “Synthetic Threat Intelligence” approach, emphasizing ethical hacking + behavioral AI + decentralized learning to counter advanced fraud/bot attacks. This matters because it is: + a named counterparty, + in a high-adversary environment (#DeFi), + and is public enough to reference in institutional materials. 2.2 Company financing: Innerworks seed round Multiple outlets reported Innerworks raising a seed/pre-seed round (figures vary by outlet). EU-Startups reports €3.7M led by @AlbionVC with participation from several crypto/venture entities; @businesscloud reports £3M seed led by #AlbionVC. (EU-Startups) This is a positive signal for runway and go-to-market capacity. It is not direct proof that SN61 token value accrues to #investors; rather it’s a corporate health signal. 3) Technology and subnet operations 3.1 Shipping cadence / architecture Official RedTeam documentation shows ongoing releases at least through v4.1.0 (Feb 14, 2026) and earlier v4.0.0 notes, indicating an active engineering cycle and architectural iteration. (@github ) 3.2 Challenge framework (economic relevance) RedTeam’s approach resembles: + continuous adversarial challenge design, + miners submit detection/attack solutions, + validators score and reward via Bittensor’s consensus/emissions. Institutionally, the key question is: + does it generate defensible detection artifacts, + does it improve production outcomes (fraud loss reduction / bot mitigation), + and does it translate to paying deployments. 4) Fundamental thesis: what could make SN61 worth owning? 4.1 Why the problem is real Automation and AI-driven bot activity is intensifying across the internet (#scraping, #fraud, #DDoS, account farms, etc.). Defenders increasingly need adaptive systems that respond quickly. (#WIRED) 4.2 What’s differentiated (if it works) Differentiator claim: decentralized adversarial mining as a continuous red-team engine feeding a production defense stack. If SN61 can: + continuously generate novel evasions and robust detection techniques, + and if Innerworks can rapidly ship these into products customers pay for, then SN61 becomes an “economic flywheel”: + Threats → miner innovations → better product → more customers → more budget → more on-chain support. 5) Competitive landscape SN61/Innerworks sits in a crowded space spanning: + bot management / anti-automation, + device fingerprinting, + fraud detection / account takeover defenses, + and Web3 transaction/security tooling (adjacent). Institutional questions to ask the Team (diligence): + Detection performance: precision/recall vs incumbents under modern agentic browsing frameworks. + Integration friction: SDK lines-of-code, latency overhead, false positives. + Privacy & compliance: how “true geolocation” is obtained; consent posture; jurisdictional constraints. + Data moat: does decentralized mining generate unique datasets or just commoditize into public knowledge? 6) Key risks 6.1 Value accrual risk (core) SN61 alpha holders do not automatically receive Innerworks revenue. Unless Innerworks buybacks/injections are: + consistent, + material relative to protocol emissions, + and observable, 6.2 Verification risk on major enterprise traction The 100M+ DAU messaging platform claim is not yet independently verifiable in the captured public sources. 6.3 Security / adversarial contribution risk A red-team subnet must prove it can safely sandbox malicious submissions and prevent leakage into harmful real-world exploitation. Any compromise here would be existential reputational risk. 6.4 Regulatory risk Device intelligence + geolocation + fingerprinting sits in a sensitive compliance zone. Any misstep could constrain adoption or trigger enforcement, especially in strict jurisdictions. 7) Institutional diligence checklist (for the Team to deliver) A) Commercial proof (Innerworks) + Named customers + references + renewal behavior. + Pricing model, ARR/MRR ranges, churn, gross margin. + Case studies with before/after fraud metrics (auditable). + Security/compliance posture for fingerprinting & geolocation. B) On-chain value bridge (SN61) + Observable buybacks/injections on-chain (timestamps, tx hashes, schedule). + Clear policy: how much, how often, triggered by what milestones. + Governance: who controls subnet owner keys and any treasury actions. C) Technical defensibility + Reproducible evaluation of challenge quality (anti-overfitting). + Evidence that miner outputs are novel and generalize (not just “challenge gaming”). + Audit of sandboxing/isolation architecture. 8) Bottom line SN61 is one of the more compelling “real-world security” narratives inside Bittensor subnets because it ties the subnet concept to a concrete, adversarial, high-value problem: bot/fraud/automation defense in an AI-agent world. The 1inch partnership and Innerworks funding are tangible positives.

Last week we announced our buyback commitment. Today we've doubled it. We said the trajectory was acceleration, not a steady state. This is the first increase of many as we become the dominant force in cybersecurity.

Anti-detect browsers break most detection on the market. Spoofed fingerprints, masked automation, realistic hardware signals. To the average system, these bots look human. ADA v2 is live. Our latest challenge built to solve exactly this issue. blog.theredteam.io/latest/announc…

Turns out bot protection is an incentive mechanism also