NullRabbit Labs · Whitepaper-led · Open Source

Autonomous defence
for decentralized
networks.

An open-source agent for validator hosts. It learns your traffic in shadow mode, keeps a log of what it would have blocked, and enforces only when you grant it authority, one abuse class at a time. Enforcement is an XDP drop in your kernel: microseconds, nothing else in the path.

Join Cohort v1.0 Read the research

OPEN-SOURCE NODES·PROPRIETARY INTELLIGENCE·NO BLACK BOXES

ibsr · demopreview

$ curl -fsSL nullrabbit.ai/ibsr | sh
$ ibsr observe --shadow
  ▸ baseline · 7d · learning
  ▸ counterfactual · 847 would-block
$ ibsr evidence --tail
  ▸ shadow.log · awaiting sign-off

Demo · IBSR is not yet in production. The commands above illustrate the intended workflow.

Public advisory NR-2026-0011,092 contract-validated attack bundles19 attack primitives · 10 familiesEarned-autonomy framework · DOI 10.5281/zenodo.18406828Microsecond enforcement · XDP/eBPF

[01]·The threat is here

This is already happening.

Exploit discovery is being automated. Validator infrastructure, hundreds of independent operators with no shared SOC, is exposed to it.

April 2026 · Production exploitincident.221

Litecoin MWEB · 13-block reorg

A DoS-plus-consensus exploit on Litecoin's MWEB caused a 13-block reorganisation with roughly $600K in cross-chain exposure. The patch had been available for 37 days. Not a zero-day - a known-day that defenders couldn't close in time.

13 BLOCKS·$600K·37 DAYS UNPATCHED

December 2025 · DDoS waveincident.197

Solana absorbed 6 Tbps. Sui degraded.

Two major decentralized networks were hit with sustained DDoS in the same week. Same wave, different outcomes. The difference was the defensive substrate underneath - most chains don't have one.

6 TBPS·2 NETWORKS·1 WEEK

[02]·The product

One agent. What it does.

Shadow mode

Runs passive first. It baselines your real traffic and blocks nothing until you turn enforcement on.

Evidence log

Every detection is recorded: what would have been dropped, and why. Read it before you grant anything.

Scoped authority

Enforcement is per abuse class and revocable. There is no global on switch.

XDP enforcement

Drops happen in your kernel, in microseconds. No proxy, no added hop.

Shared detections

A detection on one node ships to the rest of the cohort.

Open source

Read it, build it, run it air-gapped.

Get the source →Join Cohort v1.0

[03]·How it works

Trust by evidence, not assertion.

fig.2 · cohort propagationprobe @ node - · reached 0 nodes · 0ms

one validator probed → every validator protected

Most vendors ask for root on day one and call it trust. Here, authority is granted in stages, by evidence, and revocable at any time. The framework is published and peer-reviewable.

Read the framework →

STAGE 0

Shadow

auto-on

IBSR observes packets in passive mode. No enforcement. Counterfactual evidence accumulates.

STAGE 1

Scoped

operator-granted

Operator grants authority for one abuse class. Guard begins enforcing for that class only.

STAGE 2

Broad

evidence-required

Authority expands by evidence, never by request. Each class is opt-in and revocable.

STAGE 3

Network

cohort-vote

Cohort-wide policy. One validator's judgment becomes another's protection.

Under the hood, NullRabbit is three components: IBSR for judgment, Guard for enforcement, Mesh for shared intelligence.

[04]·On your infrastructure

Nothing in your data path.
No runtime dependency on us.

→No gateway, no proxy, no cloud round-trip. The agent runs on your hosts.
→Added latency is microseconds, not a network hop.
→If NullRabbit disappeared tomorrow, Guard keeps enforcing what you granted.

[05]·The intelligence

Intelligence you can audit.

Trained on 1,092 contract-validated attack bundles across an open ten-family taxonomy. Public sample set on Hugging Face.

The corpus is built in-house: we generate and contract-validate attacks across the taxonomy, then train against versioned, immutable snapshots of it.

Evaluation is pre-registered and audited with falsification holdouts. When an audit fires, we re-register. We do not quietly iterate.

Models and corpus on Hugging Face →Bundle format spec →Earned autonomy paper →

tbl.1 · taxonomy fragment10 families · 19 primitives

01recon.fingerprintbundle×142

02recon.discoverybundle×88

03dos.volumetricbundle×211

04dos.amplifybundle×134

05p2p.eclipsebundle×56

06p2p.sybilbundle×73

07consensus.equivocatebundle×92

08consensus.reorgbundle×47

09rpc.injectionbundle×161

10rpc.replaybundle×88

1,092 contract-validated attack bundles total

[06]·Cohort v1.0 · open call

Cohort v1.0 is forming.

8 founding seats. We need your time and your telemetry, not your trust. In return: full platform access, roadmap influence, and founding pricing locked in.

Foundations and core teams

L1 / L2 foundations

You own protocol policy. Authorise a cohort, shape the taxonomy.

Infrastructure and staking providers

staking-as-a-service · DePIN

One judgment on your fleet protects every delegator behind it.

Full node and RPC providers

public & private RPC

DDoS, scraping and RPC abuse are your daily reality.

Validator operators

staked operators · any size

See what is actually probing your nodes. Start with the open-source agent.

Apply to Cohort v1.0 →Talk to us

where we’ve published

Solanaadvisory NR-2026-001

published

Further disclosures are progressing through coordinated release.

Run something not listed? We want the hardest networks to defend. Nominate it.

Autonomous defencefor decentralizednetworks.