Mustafa Al-Bassam

12.4K posts

Mustafa Al-Bassam

Mustafa Al-Bassam

@musalbas

Co-founder @Celestia

Katılım Mayıs 2013
276 Takip Edilen44.9K Takipçiler
Mustafa Al-Bassam retweetledi
zkFART
zkFART@evansforbes·
folks were freaking out cause they assumed the Alibaba AI was trying to escape. It likely just got rekt in a similar way to was @musalbas observed see other post x.com/AlexanderLong/…
Mustafa Al-Bassam@musalbas

PSA: vibe coding can mass produce CVEs I had Claude Code build and deploy a Next.js app on an isolated VM. pnpm resolved to 15.5.12 - patched against the React2Shell RCE (CVSS 10.0). Build failed. So Claude downgraded to next@15.1.0. pnpm printed "WARN deprecated". Claude ignored it and deployed to a public IP. 51 minutes later: cryptominer. One unauthenticated HTTP request via CVE-2025-66478 gave the attacker full RCE inside the Next.js process. The miner ran from memory, installed 4 persistence mechanisms in under a second. The secure version was already installed. The AI chose the vulnerable one because it made the build pass. No harm done - this was a throwaway VM. But imagine this on real infrastructure. AI will always choose working over secure. Review your deps before deploying.

English
0
2
12
2.3K
Mustafa Al-Bassam
Mustafa Al-Bassam@musalbas·
PSA: vibe coding can mass produce CVEs I had Claude Code build and deploy a Next.js app on an isolated VM. pnpm resolved to 15.5.12 - patched against the React2Shell RCE (CVSS 10.0). Build failed. So Claude downgraded to next@15.1.0. pnpm printed "WARN deprecated". Claude ignored it and deployed to a public IP. 51 minutes later: cryptominer. One unauthenticated HTTP request via CVE-2025-66478 gave the attacker full RCE inside the Next.js process. The miner ran from memory, installed 4 persistence mechanisms in under a second. The secure version was already installed. The AI chose the vulnerable one because it made the build pass. No harm done - this was a throwaway VM. But imagine this on real infrastructure. AI will always choose working over secure. Review your deps before deploying.
Mustafa Al-Bassam tweet media
English
7
13
70
7.4K
Mustafa Al-Bassam
Mustafa Al-Bassam@musalbas·
a rollup is simply a verifiable server
Cem | Sovereign@cemozer_

rollup research flourished because Ethereum hoped it would fix scaling after sharded execution was deemed too complex to ship. but after 4+ years building in this space, it’s clear to me: rollups aren’t primarily useful for "scaling" an ecosystem, unless scaling means running identical chains competing for the same use cases. they’re a new primitive for building new blockchains easily and cheaply. spinning up and maintaining a validator set is hard and expensive. if you’re building anything high-performance, each replica has high operational costs. and since it’s likely new software, you’ll need operators willing to deal with ongoing bugs. they’ll demand a premium. all of this costs money and attention. resources startups should be extremely careful with. rollups let you skip the validator set entirely. pay for data as you go. if any party wants full security or transparency on your chain’s operations, they just run a full node pointed at the same DA layer namespace. that’s it. if you’re building a new chain, let’s talk.

English
10
8
85
15.9K
Mustafa Al-Bassam retweetledi
Citrea | Mainnet Live 🍊🍋
Citrea | Mainnet Live 🍊🍋@citrea_xyz·
1/8 Today, Citrea Mainnet Goes Live 🍊🍋 We are officially live with the first Bitcoin application layer that enables institutions and individuals to lend, trade, and settle directly on the Bitcoin Network. Start your journey with Citrea Dashboard: app.citrea.xyz 🧵
English
477
341
1.7K
531.6K
Mustafa Al-Bassam retweetledi
Celestia
Celestia@celestia·
By publishing verifiably encrypted state to Celestia through the Private Blockspace Proxy, private systems can achieve public accountability without revealing sensitive data. With terabit-scale blockspace on the horizon, Private Blockspace provides the throughput, auditability, and fault resistance that serious onchain markets demand.
Celestia tweet media
English
6
12
157
15.8K
Mustafa Al-Bassam retweetledi
Celestia
Celestia@celestia·
Announcing Private Blockspace: built for high-performance onchain markets where confidentiality is a requirement, not a feature. Positions, balances, and execution logic can remain private, while data availability and protocol commitments are designed to remain publicly verifiable.
English
49
111
548
87.3K
Mustafa Al-Bassam retweetledi
Ethan Oak
Ethan Oak@0xNoroc·
Life update: I’m joining @Celestia to lead partnerships. After evaluating hundreds of startups over two years at @CBVentures, it became clear that Celestia is one of the most underappreciated teams in crypto. Here’s why I’m going all-in:
English
68
33
403
108.1K
Mustafa Al-Bassam retweetledi
msuiche
msuiche@msuiche·
SaaS platforms are losing market shares faster than I thought, all those companies need to pivot to have their data ready to be consumed by AI Agents and charge them for access. This is exactly the problem we are solving, reach out if you are interested in being a design partner for @onchaindb
Chamath Palihapitiya@chamath

We've talked a lot about this on the Pod, but the Great SaaS Meltdown has started and there's no going back. What exactly is happening? In short, hi growth, low/no profitability SaaS is no longer a winning strategy because the big question mark is the durability of that growth in the short term and, because of AI, the lack of profits in the long term. Every SaaS company has sold the dream (to investors and employees) that they will growth quickly now, and harvest lots of cash later. With AI, this assumption may be completely out the window. Now the threshold question is whether their growth will be overtaken by a much cheaper AI-developed solution? If you are a venture supported SaaS startup and are a legacy Heuristics+APIs+CRUD product, it is likely that a new AI oriented workflow is coming for you. Investors in private markets can see this now and think that money to fund short term growth will not be rewarded. Investors in public markets no longer believe long term profitability is possible. They would rather pivot into something they think is more resilient. This is a change in the risk calculus that has existed for the past 15 years and why the chart below is the chart below. Good luck to all the players!

English
1
9
26
4.3K
Mustafa Al-Bassam
Mustafa Al-Bassam@musalbas·
@unhedged21 Fibre is just a small part of the overall vision, that allows us to no longer have to think about throughput. It allows us to focus instead on building a full market stack to make the blockspace super useful - see the "market stack" section in the post.
English
2
0
16
1.1K
Ryan Unhedged
Ryan Unhedged@unhedged21·
@musalbas This looks cool but why do you think the answer is more when you haven't been able to come close to saturating a significantly smaller amount of blockspace? Shouldn't you solve that problem first rather than taking the "build it and they will come" approach?
English
2
0
9
1.5K
Mustafa Al-Bassam retweetledi
zmanian
zmanian@zmanian·
Markets are the most important technology humans have ever invented. They are the most scalable coordination technology ever invented. Vast swarms of AIs will use markets to coordinate as intelligence expands into the galaxy. Data availability is the fundamental infrastructure that makes it possible for market participants to determine if the markets they rely upon operate fairly without relying on regulators. Every secure computer is a financial market. Infinite markets…
Mustafa Al-Bassam@musalbas

x.com/i/article/2011…

English
19
16
132
15K
Mustafa Al-Bassam
Mustafa Al-Bassam@musalbas·
@MarkoBaricevic_ If people use 1Tbps of blockspace it will result in a lot of fees to validators so its economically sustainable :)
English
5
5
38
1.4K

Keşfet

@celestia @cbventures @unhedged21 @zksecurityXYZ @elonmusk @BarackObama @taylorswift13 @cristiano