The design space of cyber security is vast. There are an infinite number of attack vectors across chips and instruction sets, operating systems, runtimes, and applications. And naturally, there are many large cybersecurity companies.
When I first got into Ethereum in 2016, the only real cybersecurity companies were smart contract auditors. Human audits have been and always will be paramount. However, human audits are not enough. Starting in 2018, a number of companies launched to automate processes around smart contract code analysis, detecting anomalies in real-time contract interactions, and more. These mechanisms grow more comprehensive and sophisticated each day as these teams invest further in their respective solutions.
Over the last 5 years, the cybersecurity and insurance sectors in crypto have been discussed as separate industries. However, in my mind, they are inextricably linked, and ultimately will converge such that all major service providers offer a full stack of software solutions, real-time services that protect users and contracts in real time, human audits, and insurance products as a bundle. Insurance is the logical end state of this bundle, as it represents coming full circle such that security firms assume some financial risk for the consumer applications which they help secure. While sec3 does not yet offer insurance, they are building towards this eventual state.
Today I’m excited to share that Multicoin Capital led a $10M round in sec3, joined by Sanctor Capital, Essence VC, as well as several notable angels, including Santiago R. Santos and Anatoly Yakovenko, a Solana cofounder.
sec3 is intimately familiar with Solana’s Sealevel Virtual Machine (SVM). Founders Chris Wang (Twitter) and Jeff Huang (Twitter, GitHub) began auditing the SVM before mainnet launch. The team includes several computer science PhDs, and a tenured professor at Texas A&M University. After performing a series of manual audits, they recognized the opportunity to automate a lot of their manual work, and thus sec3 was born.
They launched their first product, Xray, a static analysis tool that automatically integrates with GitHub and continuously analyzes smart contracts for vulnerabilities. They have more recently launched Watchtower and Circuit Breaker, a suite of products enabling real time security monitoring that detects anomalies before and while they are hitting contracts on a public chain. These products have quickly become the industry standard for Solana-based developers.
It’s not possible to launch a full suite of security products, a decentralized and real time attack prevention service, and an insurance overlay, in short order. Building out this entire vision will take many years, and will require thoughtful planning of order of operations, and reinvestment along the way. To that end, the sec3 team has shared their secret master plan (inspired by Tesla’s), outlining this vision.
We are grateful for the opportunity to back the sec3 team and help them fulfill their vision of full stack security that leverages decentralization.