Autonomous defence for decentralized networks
Autonomous Defence for
Decentralized Networks.
Adversarial AI is attacking validator infrastructure. We defend it with adversarial AI - trained on the network itself, acting at machine speed, only when authority has been earned.
Open-source nodes. Proprietary intelligence. No black boxes.
The wave is here, not coming.
AI agents now discover and chain zero-day exploits autonomously, at $50 a vulnerability. Validator infrastructure - trillions in staked capital, hundreds of independent operators, no central SOC - is uniquely exposed.
Litecoin MWEB · 13-block reorg
A DoS-plus-consensus exploit on Litecoin's MWEB caused a 13-block reorganisation with roughly $600K in cross-chain exposure. The patch had been available for 37 days. Not a zero-day - a known-day that defenders couldn't close in time. CoinDesk →
Solana absorbed 6 Tbps. Sui degraded.
Two major decentralized networks were hit with sustained DDoS campaigns in the same week. Solana - hardened by years of public outages - absorbed a 6 Tbps attack with no downtime. Sui - younger, less battle-tested - saw block production delays and degraded performance. Same wave. Different outcomes. The difference was the defensive substrate underneath. Most chains don't have one. CoinDesk →
Every validator becomes a sensor. Every sensor strengthens every defender.
One brain. Two open-source nodes. The network defends itself.
Mesh
Collective intelligence. Trained on the network it defends.
- →Every validator becomes a sensor. The brain learns from all of them.
- →When one validator is probed, every validator gains the protection.
- →The intelligence improves with every node on the network.
IBSR
Observes, learns, reports home.
- →Behavioural baselines on real packets, not synthetic data.
- →Counterfactual evidence - see what would have been blocked, before anything is.
- →Authority is earned on your traffic, not asserted by a vendor.
Guard
Kernel-speed action when authority has been granted.
- →XDP/eBPF blocking. Microsecond decision-to-action.
- →Acts only on judgments Mesh has authorised on your network.
- →Drop-in compatible - replaces or sits alongside your existing firewall.
Normalising the abnormal.
There is no MITRE ATT&CK for validator infrastructure. No CVE pipeline. No shared format for what an attack on a decentralized network actually looks like. The industry has no substrate.
We built one. An open multi-modal bundle format, an open ten-family taxonomy, and a proprietary corpus of 1,092 contract-validated attack bundles across 19 primitives. Open the format. Keep the data. The same playbook that built every successful intelligence ecosystem.
Trust by evidence, not assertion.
Most autonomous defence asks for blind trust. We don't. IBSR runs in shadow mode on your traffic, producing counterfactual evidence of what it would have done. You decide when the evidence is sufficient.
Authority is granted in stages, scoped to specific abuse classes, and revocable at any time. The framework is published, peer-reviewable, and open.
Deploy in shadow mode.
No enforcement. No risk. Counterfactual evidence on your traffic, your network, your terms.