CypherTalk

Oak Security

CypherTalk is a twice-monthly podcast on the realities of cybersecurity and privacy in a world that’s moving faster than our defenses. Hosted by Jade Doherty (who translates technical security into plain English) alongside rotating security and privacy experts — including co-host Stefan Beyer, co-founder of Oak Security — the show explores how modern cybersecurity attacks actually happen: not just through bugs in code, but through people, processes, supply chains, and the tools we rely on every day. The show also looks at the latest trends in privacy and its supporting technologies, such as cryptography and zero-knowledge proofs.  Expect conversations that balance big-picture trends (AI-driven threats, privacy tech like zero-knowledge, shifting security standards) with practical takeaways you can apply immediately — whether you’re a developer, a founder, or simply someone who uses the internet. Less hype. More clarity. Better security and privacy habits.

  1. fa 4 dies

    AI Asssited Security with Prof. Arthur Gervais

    What does it actually mean to be "obsessed with AI for security"? In this episode of CypherTalk, Jade and co-host Stefan Beyer sit down with Prof. Arthur Gervais (UCL, affiliate faculty at UC Berkeley), known for foundational work on MEV, flash loan attacks, and AI-powered smart-contract security. Arthur's core conviction sets the tone: AI is not a zero-sum game. Strong researchers can now find vulnerabilities ten times faster, and the right response is to onboard everyone as fast as possible rather than lock the tools down. The conversation goes deep on A1, the agentic system his team built that turns any LLM into an end-to-end exploit generator with one unambiguous goal: generate a profit. The hard part, he stresses, isn't building it, it's target selection.   Key Topics AI for security enhancement AI-assisted vulnerability detection Real-time blockchain exploit detection   Chapters 00:00 Introduction to AI and Security 02:29 Arthur's Journey into Information Security 05:05 The Role of AI in Security 07:22 A1: The AI Agent for Exploit Generation 09:38 Autonomy and Ethics of AI Agents 11:53 Harnessing AI for Security Audits 14:15 The Evolution of LLMs and Their Impact 16:33 Dealing with False Positives in AI Security 19:06 The Academic Perspective on AI Research 21:42 Comparing LLMs for Security Tasks 24:05 Future Directions in AI and Security 25:26 The Power Dynamics in AI and Cybersecurity 29:04 Balancing Offensive and Defensive Strategies in AI 31:44 Real-Time Defense Mechanisms in Cybersecurity 34:20 The Role of Tooling in Smart Contract Security 39:04 Human Error vs. Automated Security Tools 41:24 AI's Impact on Social Engineering and Human Error 42:53 Emerging Threats from AI in Cybersecurity 44:17 Teaching Blockchain Security: Common Misconceptions 45:23 Future Directions in Blockchain Security Research   Resources and Links Arthur’s website: https://arthurgervais.com/ Arthur’s Google Scholar: https://scholar.google.ch/citations?hl=en&user=jLr_xi4AAAAJ&view_op=list_works&sortby=pubdate Arthur’s X: https://x.com/HatforceSec Oak Security’s Research: https://research.oaksecurity.io/

    49 min
  2. 17 de juny

    Peter Kacherginsky's Quaterly Take on Web3 Security

    In this episode, Jade Doherty and Stefan Beyer interview Peter Kacherginsky, founder of BlockThreat, on his quarterly take on blockchain security and recent exploits. They discuss how to utilize threat intelligence, the shift from smart contracts to operational attacks, and the role of AI in cybersecurity. Topics The shift from smart contract exploits to operational and infrastructure attacks The impact of AI on cybersecurity and defense strategies The importance of architectural security and threat modeling The role of community funding and ethical research in security Predictions for upcoming security challenges in crypto   Chapters 00:00 Introduction to Block Threat and Peter Kachaginski 01:42 Utilizing Threat Intelligence Effectively 04:31 The Impact of Market Conditions on Security 07:43 Shifts in Attack Vectors: From Smart Contracts to Infrastructure 09:35 Analyzing Major Hacks: Drift and Kelp DAO 13:36 The Importance of Architectural Security 16:47 The Evolving Role of Ethical Security Researchers 20:58 The Future of Security in a Rapidly Changing Landscape 30:10 Navigating Ransomware and Legal Implications 34:41 AI's Role in DeFi Security 43:27 Community-Driven Security Initiatives 49:25 Building a Security Mindset in Teams 51:48 The Centralization Dilemma in Security   Resources Block Threat Newsletter - https://blockthreat.com  Oak Security’s report - https://research.oaksecurity.io/  Peter’s X - https://x.com/iphelix

    56 min
  3. SEAL Certifications with Isaac Patka

    2 de juny

    SEAL Certifications with Isaac Patka

    In this episode of CypherTalk, Isaac Patka, co-founder of Shield3 and certification lead at the Security Alliance (SEAL), joins Jade Doherty and Stefan Beyer to discuss the human, operational, and governance risks shaping Web3 security. From early smart contract bug hunting to incident response wargames, SEAL 911, Safe Harbor, and the launch of SEAL certifications, Isaac explains why security is no longer just about audits and code. The conversation explores how DeFi protocols can prepare for real incidents, why operational controls matter as much as smart contract reviews, and how AI is changing the threat landscape for both attackers and defenders. Isaac also shares practical insights on slowing down dangerous protocol actions, designing better incident response processes, and building a more mature security culture across crypto. Enjoyed the episode and want to get SEAL certified? Oak Security is a SEAL-approved provider, and can review and certify your protocol to make sure your operational security is as good as your smart contracts. Get in touch via https://oaksecurity.io/  Key topics Isaac’s path from electrical engineering and semiconductors to Web3 security How smart contract security has changed since the early Ethereum days The difference between audits, war games, threat modeling, and incident response How SEAL 911 helps coordinate emergency response across the crypto ecosystem SEAL certifications and why operational security needs its own standard Why SOC 2 and ISO do not fully capture Web3-specific risks Multisig operations, treasury controls, DNS security, DevOps, and identity management The rise of social engineering, insider threats, and operational attacks North Korea, Lazarus Group, and state-sponsored crypto threats How AI is expanding the attack surface for smaller protocols Why protocols should build in slowness, circuit breakers, and operational controls Sound Bites “An audit tries to prevent an incident and the war game tries to help you deal with an incident.” “Social engineering works for a reason. Humans are fallible.” “What is the slowest I can possibly make this and have it still be functional?” “People don’t think during the design process about where they should build slowness into the protocol.” “The core smart contracts have gotten a lot better, which has pushed the security risks to different parts.” “If more people would care from day one about operational controls or circuit breakers, that’s what I would want.” Resources Isaac Patka X https://x.com/isaacpatka Security Alliance / SEAL https://securityalliance.org/ SEAL Frameworks https://securityalliance.org/frameworks SEAL Incident Response Template https://frameworks.securityalliance.org/incident-management/incident-response-template/overview/ SEAL Certifications https://frameworks.securityalliance.org/certs/overview/ Shield3 https://www.shield3.com/ Oak Security’s State of Web3 Security Report https://research.oaksecurity.io/

    59 min

Informació

CypherTalk is a twice-monthly podcast on the realities of cybersecurity and privacy in a world that’s moving faster than our defenses. Hosted by Jade Doherty (who translates technical security into plain English) alongside rotating security and privacy experts — including co-host Stefan Beyer, co-founder of Oak Security — the show explores how modern cybersecurity attacks actually happen: not just through bugs in code, but through people, processes, supply chains, and the tools we rely on every day. The show also looks at the latest trends in privacy and its supporting technologies, such as cryptography and zero-knowledge proofs.  Expect conversations that balance big-picture trends (AI-driven threats, privacy tech like zero-knowledge, shifting security standards) with practical takeaways you can apply immediately — whether you’re a developer, a founder, or simply someone who uses the internet. Less hype. More clarity. Better security and privacy habits.