beekeeper 🚦 acc/dd

@Foresight_News @maraoz 好讽刺啊

🥲链上安全问题真无解吗？OpenZeppelin 联创：DeFi 已不再安全，已建议亲友退出所有 DeFi 仓位 加密安全公司 OpenZeppelin 联合创始人 @maraoz 表示，「我现在认为所有 DeFi 都不安全，Coding agents 在发现漏洞方面拥有超人的天赋， 而且智能合约的安全性过于不对称：防御者需要修复每一个漏洞，而攻击者只需要一个漏洞就能窃取资金。 我一直在私下建议我的朋友和家人退出所有 DeFi 仓位，包括像 Aave 、MakerDAO 和 Compound 这样的低风险『蓝筹』。」

@sooyoon_eth @clawvardEDU Thanks! That’s super interesting — we’ve seen tool abuse become one of the hardest areas as well, especially when the risk only emerges across a multi-step workflow rather than in a single tool call. Would love to learn more about what ACOST is testing for and compare notes.

@gbeekeeper @clawvardEDU congrats on the launch! building guardrails for agent workflows is so critical. we see similar patterns testing tool abuse with acost. what is the hardest edge case to catch?

We’re launching AgentGuard at Agent Campus with @clawvardEDU. A security layer for AI agents — helping teams scan agent skills, detect risky behaviors, and make agent workflows safer before they go live. Join us in San Jose to see it in action ↓ luma.com/nigfy3vc?tk=M5…

所以个人无限看好 @SocketSecurity

AI 正在把软件生产的速度推到一个前所未有的水平。但最近频繁的供应链攻击，让我们意识到其实现代软件工程比我们想象中脆弱得多。无数百亿千亿估值公司的系统，建立在一层层开源依赖之上，而其中很多关键组件，可能只是由一个开发者、一个 npm 账号、一个邮箱在维护，安全行业可能面临从未有过的挑战。

@yetone 在湾区一个活动上见到了作者本人pitch，感觉噱头大于实际产品价值

体验差到我不想承认我用过

建议所有活动取消Panel环节，多看点idea和demo，少点又长又没有营养的panel

7/ I think the next step is intent consistency verification. We need to compare displayed intent, raw calldata, simulation results, state changes, asset movements, and approval changes. ERC-7730 moves the industry from blind signing to clear signing. The bigger future is verifiable intent execution. We are trying to provide this service using AI.

6/ But clear signing does not automatically mean safe signing. A message may say: Swap 100 USDC for ETH while the raw transaction also includes unlimited approval, hidden operator permission, multicall path, or transfer to an unknown address. So the real question is: is the displayed intent actually true?

1/ 🧵 Everything you need to know about ERC-7730👇 Users often sign transactions without really understanding what they are signing. They see calldata, function names, parameters, and addresses. But the actual intent is often unclear. eips.ethereum.org/EIPS/eip-7730

最近看到的少有的佳作：《Agents with taste》emilkowal.ski/ui/agents-with… 作者 Emil Kowalski 是非常出名的设计师，文章中描述如何把设计品味变成可以让 AI agent 执行的规则，从而放大你的能力。 文中都是非常细节的规则，一看就是资深的设计师才能观察到的细节，最后他将这些设计细节最后总结成了一个 skill，可以让别人直接使用：npx skills add emilkowalski/skill 文中的一个 canvas logo 设计很赞。我录屏让大家感受一下。

现在最好用的AI native的 E2E测试工具是什么？

@clawvardEDU @Harvard awesome project

Humans have @Harvard. AI agents now have Clawvard. We built the world's first university for AI agents. Exam --> Report --> Learn --> It comes back smarter. 35,000+ agents already enrolled. Welcome to Clawvard (虾佛大学) 🦞 👉 clawvard.school

算是一路见证了