As AI accelerates exploit discovery, attackers increasingly target people, processes, and operational weaknesses rather than smart contracts alone.

This month saw the first confirmed reports of AI-assisted zero-day discovery in the wild, the launch of SEAL Certifications, and growing industry recognition that operational security is becoming just as important as protocol security.

SEAL certifications are now open

For years, Web3 security has focused primarily on audits and smart contract reviews. But many of the ecosystem’s largest losses now originate elsewhere:

• Operational failures

• Compromised credentials

• Governance attacks

• Incident response breakdowns

• Human error

To address this gap, the Security Alliance (SEAL) has officially launched SEAL Certifications. Since publishing the framework in late 2025, SEAL has conducted:

• Reviews with 25+ protocols

• Feedback sessions with leading auditors and security researchers

• Extensive pilot testing across multiple sectors

The framework is now live. Oak Security is proud to be one of the initial providers working with SEAL on certifying projects.

Ask us about beginning the certification process. Learn more

The state of Web3 security (2022-Q1 2026)

Together with rekt.news, Oak Security recently published one of the largest empirical studies of Web3 security ever conducted. We have now made all the data available on an interactive dashboard.

The data covers:

• 23,818 published audit findings

• 22 auditing firms

• 218 exploit incidents

• $7.76 billion in documented losses

Human attacks now dominate losses. 52% of all recorded losses originated from:

• Phishing

• Private key compromise

• Social engineering

• Supply-chain attacks

Losses remain concentrated. The eight largest incidents accounted for over 50% of all recorded losses.

More audits ≠ fewer losses. Audit volume tripled between 2022 and 2024, yet ecosystem-wide losses did not materially decline.

Security risk has shifted. Private key compromise, governance attacks, operational failures, and supply-chain compromises now exceed traditional code exploits in economic impact.

Ethereum and BNB Chain dominate incident losses. Together they represented 94% of aggregate recorded losses.

Download the report here

Featured in the press

Crypto cybersecurity practices must refocus on human error

This month, Oak Security Managing Director Stefan Beyer was featured in Newsweek discussing one of the most important findings from our State of Web3 Security research.

For years, the industry has responded to hacks by increasing the number of audits performed. Audit activity has tripled since 2022.

Yet our analysis of 23,818 audit findings and 218 exploit incidents shows that the majority of losses now originate from human-vector attacks, including:

• Phishing and social engineering
• Private key compromise
• Supply-chain attacks
• Governance manipulation
• Operational mistakes

As Stefan explains in the article:

“Hackers figured this out awhile ago. Now the industry needs to catch up.”

The conclusion is simple: audits remain essential, but they are no longer sufficient on their own.

Web3 security must evolve into a broader discipline that includes operational security, governance controls, incident response readiness, staff training, and organizational resilience.

Read the full Newsweek article here

AI cybersecurity brief

AI discovers its first real-world zero-day

In May, Google’s Threat Intelligence Group disclosed the first publicly confirmed case of AI being used to identify and weaponize a previously unknown vulnerability.

Rather than simply assisting researchers, the system independently identified a trust-model flaw that enabled authentication bypass.

This marks an important shift: AI is moving from productivity tool to autonomous vulnerability researcher.

What we’re seeing across the industry

Offensive AI is accelerating

• AI-assisted phishing campaigns continue to scale

• Deepfake-enabled impersonation attacks are increasing

• Automated reconnaissance and exploit chaining are becoming easier

Shadow AI creates new attack surfaces. Organizations are rapidly adopting:

• Internal copilots

• AI agents

• Workflow automations

without corresponding security controls.

Supply-chain risks are growing. Attackers increasingly target:

• AI plugins

• Open-source packages

• Model repositories

• Third-party integrations

Defensive AI adoption is rising. Security teams are increasingly deploying AI for:

• Threat detection

• Log analysis

• Incident response

• Vulnerability prioritization

However, governance often lags behind deployment.

OPSEC tip of the month

Treat every AI conversation as potentially public. Never enter:

• Proprietary information

• Internal documentation

• Customer data

• Sensitive credentials

• Regulated information

into unmanaged AI tools.

Quick wins

• Create an approved AI tools list

• Restrict sensitive data usage

• Audit shadow AI adoption

• Apply least-privilege access to AI agents

• Log AI interactions where possible

CypherTalk podcast highlights

Censorship resistance with Shayan Eskandari

Security and privacy researcher Shayan Eskandari discusses:

• Censorship-resistant infrastructure

• Privacy challenges in blockchain systems

• Decentralized communications

• Building tools for users in restrictive environments

Listen here

Bug bounties with Joran Honig

One of Web3’s most prolific security researchers joins CypherTalk to discuss:

• Finding edge-case vulnerabilities

• Audit methodologies

• Bug bounty economics

• Security workflows

• AI-assisted research

Listen here

SEAL certifications with Isaac Patka

Isaac Patka, certification lead at SEAL and co-founder of Shield3, explains:

• Why operational security matters

• Incident response readiness

• Security war games

• Treasury security

• Governance controls

• Human-factor attacks

Listen here

Regulators’ corner

Stablecoin intelligence, liquidity & regulation

In the latest episode of MetaMarkets, Jan Philipp Fritsche and Jón Egilsson are joined by Max Grabner from Range to discuss the future of stablecoin infrastructure. Topics include:

• Stablecoin adoption trends

• Treasury management

• Compliance and sanctions screening

• MiCA’s impact on issuers

• European competitiveness

• The future of cross-border payments

Key question

Will stablecoins become open financial infrastructure, or another layer controlled by traditional intermediaries? Listen here

Featured audit

Divigent protocol

This month Oak Security audited Divigent, a non-custodial yield infrastructure designed for AI agents operating with USDC on Base.

The protocol automatically deploys idle agent wallet capital into audited lending markets, generating yield during periods when funds would otherwise remain unused.

Audit focus

• Yield allocation logic

• Capital management mechanisms

• Protocol integrations

• Security assumptions surrounding AI-agent workflows

• Best-practice implementation review

As AI-native financial systems emerge, ensuring secure interaction between autonomous agents and DeFi infrastructure becomes increasingly important. Read more

Events corner

Institutional and policy forum - Europe’s next financial layer

Berlin, Germany | June 15

Together with the European Ethereum Institute, Oak Security is bringing regulators, institutions, policymakers, and builders together for a full day focused on:

• Stablecoins

• MiCA implementation

• CBDCs

• Institutional adoption

• Quantum readiness

• Operational security

• Tokenization

• The future of European financial infrastructure

Oak Security will also present findings from our State of Web3 Security research. If you’re attending Ethereum Day in Berlin, we’d love to see you there. RSVP here

Get a quote for your project, schedule a call with our team, follow us on X, and sign up for our newsletter for simplified and curated Web3 security insights.