Alex Zaidelson
2.4K posts
@azaidelson
#DeCC - Decentralized Confidential Computing, DeFi, Web3. CEO at @scrt_labs. Advisor at @Virtuswap. Former CEO at @BeamPrivacy.
🚨 Introducing 8004AgentVerify – Verify AI Agents with Absolute Certainty! 🚨 Don't trust, but VERIFY! Trustlessly confirm hardware TEE attestation for AI agents for sensitive usecases using confidential computing and other utilities under EIP-8004. Paste an Agent ID or URL from 8004scan.io → get instant cryptographic proof of secure, isolated execution. No more blind trust. Code becomes Law. Try it now: 8004agentverify.com
Successful @proofofcloud ceremony for Intel TDX machines running on our TEE infrastructure 👏🏾 Special thanks to @SecretNetwork and @nillion for attending and witnessing the ceremony. Additionally, very proud that @iEx_ec is now operating a Trust Server within the @proofofcloud alliance, enabling the secured generation and verification of attestations by anyone A new milestone for iExec and a big step forward for the TEE ecosystem.
As part of the Proof of Cloud Alliance, @nillion, @SecretNetwork, @aleph_im, and @iEx_ec established threshold signature MPC parties to verify attestations using 3-out-of-4 secret sharing.
Privacy-first blockchain + privacy-first storage … need I say more? No. But I will anyways because it’s uncanny how aligned @SecretNetwork & @DataHaven_xyz actually are! Allowing builders to develop apps through encrypted smart contracts is technological magic that puts privacy onchain front and center. Couple that with private verifiable storage and you have an incredible privacy recipe that protects apps, agents & data while still maintaining the user control one desires. Yes, I’m pumped for what we’re doing together, so keep a close eye on this partnership 👇🏼
Just wrapped an insane @EFDevconnect week in BA. I met a LOT of sharp people, and this time, a majority were from the TEE side of web3. And across every conversation, every intro, every random meetup, one question kept coming up: What’s your actual objective with the TEE Security Handbook ? Here's my answer. Most people in the TEE circles had no clue who I was beyond “that TEE researcher guy from Twitter.” And honestly, even I felt awkward introducing myself. I’m no longer part of any recognisable company. I’m not tied to any research lab. I do have @bluethroat_labs… but even I don’t know what the fuck to do with it right now. I’m just… me 🦧 And still nobody made it weird. People were genuinely kind and curious, and some even invited me to speak at conferences next year (looking at you, @markowifk and Yaoxin XD). So yeah, time to answer the question properly. I’ve been in the smart contract security trenches for almost 5 years now. I remember 2021 Code4rena when you could find vulns with basically a Ctrl+F mental model. Today, it would be a complete waste of time even thinking about it. Finding meaningful issues in audits has become HARD. Codebases are hardened. The industry has matured. But here’s the uncomfortable truth, according to me: That maturity didn’t happen because of some magic or time. It happened because ~10 isolated “security islands” quietly found the same vulnerable patterns and kept them private... out of fear, out of competitiveness, out of alpha-hoarding. Whatever the reason, the result was the same: slow progress, reinventing the wheel, and avoidable disasters. Today, the standards of smart contract security have increased so damn much, because of initiatives like @PatrickAlphaC's @SoloditOfficial where vulnerable patterns and security pitfalls have been collected and open-sourced for every developer to learn and study and internalise from. So when I stepped into the web3-TEE space and looked around for security resources… I had literal PTSD. There was NOTHING. No handbook. No shared knowledge. No standards. No nothing. And I said: Absolutely the fuck not. We’re not doing this again. Not on my watch. The TEE Security Handbook is my attempt to speed-run the entire security maturity curve of this domain. I’m not waiting for 10 companies to quietly rediscover the same vulnerabilities over 1-2 years and only then publish “best practices.” The space is moving too fast, the stakes are higher, and the blast radius of a TEE-related black swan is enormous. We can win faster. We should win faster. And if we’re serious about TEEs (and other PETs) powering the next era of web3 protocols, we need shared security foundations right now. So yes, + I’ll keep expanding the handbook. + I’ll keep hunting for patterns. + I’ll keep bothering every team in the space to contribute. And I’ll keep doing it as long as I can (resource-wise) and onboarding teams and people to the TEE Security Handbook. Because someone has to make sure we don’t sleepwalk into the same maturity curve that we had over in the smart contract security land. ---- PS: JK, There is no security. I love you.
