Full-stack Web3 security

We performed one of the first ever OpSec audits for a Web3 company, drawing on over 7 years securing high-value teams at Apple and Amazon. Built a bespoke audit process from the ground up covering all the weak points that code and infra audits miss.

Closed our seed round with 6th Man Ventures, Protocol Labs, and a group of angels from across the security and crypto ecosystem.

Launched Audit Wizard, our all-in-one smart contract auditing platform, into alpha. Import code from GitHub and Code4rena, run Slither and Mythril, get AI-powered vulnerability scans, and auto-generate audit reports.

Our CEO Joe Van Loon went live at ETH Denver to demonstrate how AI could close the gap in Web3 smart contract security. We also began formalizing our OpSec audit playbook, writing guides for Discord, X, and email hardening, and building team trainings.

Won an ETHGlobal hackathon building Spyglass, an AI-enabled Web3 security tool for writing and running custom vulnerability detectors.

Released a contract call graph visualizer in Audit Wizard, letting auditors see how a contract’s functions interact with each other at a glance.

Launched an AI assistant inside Audit Wizard to help auditors understand, query, and reason about smart contract code interactively.

Added Foundry integration to Audit Wizard, enabling auditors to run tests seamlessly without leaving the platform.

Shipped an AI-assisted Foundry test writer inside Audit Wizard — generating security-focused tests from contract code years before agentic AI coding became mainstream.

Open-sourced Radar, a static analysis tool for Rust smart contracts. Built to fill a gap in the ecosystem where most tooling focused exclusively on Solidity. Radar is backed by a Solana Foundation grant.

Added support for Slither, Aderyn, and 4nalyzer in Audit Wizard, solving the long-standing problem of compiling smart contracts for static analysis directly in the platform.

Launched a self-audit dashboard with AI-driven security threat analysis and automated report generation — an early precursor to what would become the AI auditing agent.

Integrated Tenderly transaction simulations into Audit Wizard, enabling auditors to simulate and analyze on-chain behavior directly within the platform.

Publicly released the Web3 OpSec Standard (W3OS): our internal audit playbook, converted into a comprehensive open-source set of requirements, guides, and actionable checklists, free for anyone to use.

Launched Sentry, our free OpSec collaboration platform for navigating W3OS requirements, tracking tasks, and setting up monitoring: sentry.auditware.io.

Radar was integrated with @xcan_arbitrum as a security learning tool for upcoming Stylus developers, helping teams write safer Rust smart contracts from day one.

Our team took the stage at ETH Denver to showcase Radar’s evolution into AI-powered security scanning at scale.

Partnered with @fredrik0x from the Ethereum Security Foundation to merge multisigmonitor into the W3OS initiative.

Both our CEO @joevanloon and CTO @forefy were selected as ETH Security badge holders by TheDAO.

Launched depenemy, an open-source tool to scan your dependencies for supply chain risks.

Accepted into TheDAO’s QF Security Round for W3OS, supporting open-source security public goods in Web3.

Launched skill-warden, a security scanner for AI skills that detects prompt injection, jailbreaks, secret grabbing, and more.