Superhuman software security. The only security product software engineers love.

Joined March 2024
68 Photos and videos
Pinned Post
Almanax has been acquired by @depthfirstlabs!
.@AlmanaxAI is joining @depthfirstlabs! @mmwtsn and I started the company two years ago because we'd grown tired of seeing weekly multi-million-dollar hacks destroying blockchain companies and stealing people's life savings. We believed the industry needed to move from annual security audits and pentests to continuous ones, and that AI would eventually get us there. We were among the first to see the potential of AI in cyber and build new solutions in this space. When we started, most security teams told us our product wouldn't work, they didn’t need more findings, and they didn't trust AI to be good. But then we saw how the commercial tools our clients were using were missing many of the vulnerabilities we were detecting, while producing an absurd number of false positives. We ended up working with some of the largest blockchain companies: Solana, Stellar, Aptos, Privy and Bridge (now part of Stripe), DFNS, Algorand. When people didn't believe, we showed them results: we found issues in Vitalik's code (arguably one of the best software engineers on Earth), ethically disclosed hundreds of vulnerabilities (to Ripple, Coinbase, Fireblocks), and won security competitions against thousands of researchers. As we progressed, we realized that while crypto companies were among the most vulnerable (exploits directly steal money), the problem was widespread beyond blockchain. The rise of vibe coding created an enormous new attack surface and new models and harnesses were detecting vulnerabilities that had gone unnoticed in software packages for decades, some of which power most of today’s internet. The time between CVE public disclosure and first confirmed in-the-wild exploitation has dropped from 2.3 years in 2018 to eight hours today. This and the release of frontier cyber models shook the industry. So we expanded our product support to languages and tech stacks used widely by enterprises. But the scale of what needs to be done requires more than what any one small team can do alone We believe joining forces with depthfirst will significantly accelerate our shared vision to secure the world’s software. depthfirst is already swinging at the same future we set out to build, with the team and the resources to lead the way. Their bet, and now ours, is that the next major security platform will be in product security. As their investor @arshammem put it, every category eventually gets one company whose name becomes synonymous with it: Palo Alto Networks for the network, CrowdStrike for the endpoint, Wiz for the cloud. Product and application security, notwithstanding many attempts, is still left without a crowned victor. We think depthfirst can be that company. Thanks to our great team, investors, and customers who believed in us and shared our vision of the world. Our ambition is now even bigger and we’re excited to build that future with @qasimmith, @andreamichi, Daniele, and the entire @depthfirstlabs team.
2
5
497
Almanax reposted
@AlmanaxAI saw where security was heading before most people believed it. finding vulns in code written by some of the best engineers alive, disclosing to Ripple, Coinbase, and Fireblocks along the way. now joining @depthfirstlabs to build the next great security platform. x.com/Hadronfc/status/207156…
Big one for @AlmanaxAI! One of the sharpest teams we've watched work, and they're chasing something the whole space actually needs. Excited to see what you guys cook up at @depthfirstlabs. go build 🫡 x.com/francescpicc/status/20…
2
2
71
Almanax reposted
Big one for @AlmanaxAI! One of the sharpest teams we've watched work, and they're chasing something the whole space actually needs. Excited to see what you guys cook up at @depthfirstlabs. go build 🫡 x.com/francescpicc/status/20…
.@AlmanaxAI is joining @depthfirstlabs! @mmwtsn and I started the company two years ago because we'd grown tired of seeing weekly multi-million-dollar hacks destroying blockchain companies and stealing people's life savings. We believed the industry needed to move from annual security audits and pentests to continuous ones, and that AI would eventually get us there. We were among the first to see the potential of AI in cyber and build new solutions in this space. When we started, most security teams told us our product wouldn't work, they didn’t need more findings, and they didn't trust AI to be good. But then we saw how the commercial tools our clients were using were missing many of the vulnerabilities we were detecting, while producing an absurd number of false positives. We ended up working with some of the largest blockchain companies: Solana, Stellar, Aptos, Privy and Bridge (now part of Stripe), DFNS, Algorand. When people didn't believe, we showed them results: we found issues in Vitalik's code (arguably one of the best software engineers on Earth), ethically disclosed hundreds of vulnerabilities (to Ripple, Coinbase, Fireblocks), and won security competitions against thousands of researchers. As we progressed, we realized that while crypto companies were among the most vulnerable (exploits directly steal money), the problem was widespread beyond blockchain. The rise of vibe coding created an enormous new attack surface and new models and harnesses were detecting vulnerabilities that had gone unnoticed in software packages for decades, some of which power most of today’s internet. The time between CVE public disclosure and first confirmed in-the-wild exploitation has dropped from 2.3 years in 2018 to eight hours today. This and the release of frontier cyber models shook the industry. So we expanded our product support to languages and tech stacks used widely by enterprises. But the scale of what needs to be done requires more than what any one small team can do alone We believe joining forces with depthfirst will significantly accelerate our shared vision to secure the world’s software. depthfirst is already swinging at the same future we set out to build, with the team and the resources to lead the way. Their bet, and now ours, is that the next major security platform will be in product security. As their investor @arshammem put it, every category eventually gets one company whose name becomes synonymous with it: Palo Alto Networks for the network, CrowdStrike for the endpoint, Wiz for the cloud. Product and application security, notwithstanding many attempts, is still left without a crowned victor. We think depthfirst can be that company. Thanks to our great team, investors, and customers who believed in us and shared our vision of the world. Our ambition is now even bigger and we’re excited to build that future with @qasimmith, @andreamichi, Daniele, and the entire @depthfirstlabs team.
1
2
9
1,101
Almanax reposted
@AlmanaxAI is joining @depthfirstlabs! The window to get AI security right is narrowing. As models get more capable and the attack surface expands, defenders need to move faster than the threat. When we met @francescpicc and team, it was clear they had been working through the same hard problems and shared our view of where security is going. We’re thrilled to welcome them onboard.
1
4
17
1,178
Almanax reposted
Welcome to the team @AlmanaxAI - Great to have you onboard
@AlmanaxAI is joining @depthfirstlabs! The window to get AI security right is narrowing. As models get more capable and the attack surface expands, defenders need to move faster than the threat. When we met @francescpicc and team, it was clear they had been working through the same hard problems and shared our view of where security is going. We’re thrilled to welcome them onboard.
1
1
14
735
Almanax reposted
.@AlmanaxAI is joining @depthfirstlabs! @mmwtsn and I started the company two years ago because we'd grown tired of seeing weekly multi-million-dollar hacks destroying blockchain companies and stealing people's life savings. We believed the industry needed to move from annual security audits and pentests to continuous ones, and that AI would eventually get us there. We were among the first to see the potential of AI in cyber and build new solutions in this space. When we started, most security teams told us our product wouldn't work, they didn’t need more findings, and they didn't trust AI to be good. But then we saw how the commercial tools our clients were using were missing many of the vulnerabilities we were detecting, while producing an absurd number of false positives. We ended up working with some of the largest blockchain companies: Solana, Stellar, Aptos, Privy and Bridge (now part of Stripe), DFNS, Algorand. When people didn't believe, we showed them results: we found issues in Vitalik's code (arguably one of the best software engineers on Earth), ethically disclosed hundreds of vulnerabilities (to Ripple, Coinbase, Fireblocks), and won security competitions against thousands of researchers. As we progressed, we realized that while crypto companies were among the most vulnerable (exploits directly steal money), the problem was widespread beyond blockchain. The rise of vibe coding created an enormous new attack surface and new models and harnesses were detecting vulnerabilities that had gone unnoticed in software packages for decades, some of which power most of today’s internet. The time between CVE public disclosure and first confirmed in-the-wild exploitation has dropped from 2.3 years in 2018 to eight hours today. This and the release of frontier cyber models shook the industry. So we expanded our product support to languages and tech stacks used widely by enterprises. But the scale of what needs to be done requires more than what any one small team can do alone We believe joining forces with depthfirst will significantly accelerate our shared vision to secure the world’s software. depthfirst is already swinging at the same future we set out to build, with the team and the resources to lead the way. Their bet, and now ours, is that the next major security platform will be in product security. As their investor @arshammem put it, every category eventually gets one company whose name becomes synonymous with it: Palo Alto Networks for the network, CrowdStrike for the endpoint, Wiz for the cloud. Product and application security, notwithstanding many attempts, is still left without a crowned victor. We think depthfirst can be that company. Thanks to our great team, investors, and customers who believed in us and shared our vision of the world. Our ambition is now even bigger and we’re excited to build that future with @qasimmith, @andreamichi, Daniele, and the entire @depthfirstlabs team.
6
9
47
4,892
Almanax reposted
If you’re a project building on Solana, DM us
Reminder that Solana builders are eligible for a free year of @AlmanaxAI - Detection - Threat Modeling - PR Reviews - Custom Rules - Agents Learning - AI Triage - Auto-Patching
2
2
6
712
Almanax reposted
Almost 75% of exploited vulnerabilities are now zero-days, meaning that an exploit occurred before disclosure. That number was at around 50% last year, and 16% in 2018
9
19
70
12,357
Almanax reposted
Attackers only need one way in. Defenders have to protect against every scenario. Successful exploits have been skyrocketing as agentic coding expands the attack surface and AI makes attacks more scalable. It’s an arms race, and defenders now have access to subsidized AI security thanks to the @solana foundation. Hit our DMs for access.
Reminder that Solana builders are eligible for a free year of @AlmanaxAI - Detection - Threat Modeling - PR Reviews - Custom Rules - Agents Learning - AI Triage - Auto-Patching
1
9
662
Almanax reposted
Frequency of highly sophisticated exploits is a good indication. Attackers’ cost to do this at scale has plummeted
Is there any reason to believe recent DeFi hacks are directly a result of smarter models?
1
6
480
We're now SOC 2 Type II compliant!
@AlmanaxAI has completed its SOC 2 Type II audit! Security is at the core of what we build, so this mattered to us from day one. Our customers trust us with sensitive codebases, security findings, and internal workflows. We take that seriously, and the bar for us has to be high. Over the past seven months, we worked with @TrustVanta to strengthen our controls and build the internal processes behind how we operate. They were a strong partner throughout the process.
1
5
346
Almanax reposted
congrats!
1
2
8
495
Excited to announce: @AlmanaxAI was awarded an @arbitrum grant! We’re now bringing superhuman AI security to Arbitrum builders. 20 projects will get complimentary AI security audits, threat models & patches. As hacks accelerate in scale and frequency, defenders have now access to the most powerful AI tools. @ArbitrumDevs — DM us to apply
7
1
12
923
Almanax reposted
And projects building on @solana get subsidized AI security scans with @AlmanaxAI thanks to our collaboration with @SolanaFndn
Solana was built for security. As the ecosystem scales, so does our investment in the tools, standards, and support. Today that commitment deepens with a new security program, active monitoring, formal verification for top protocols, and a new crisis response network. Learn more 👇
1
1
6
539
Almanax reposted
We love helping builders ship secure code @AkitaInuASA
1
3
292
Almanax reposted
Thank you for your amazing support for ecosystem projects! Let's keep the Stellar ecosystem secure!
1
2
212
We’re proud to play a role in securing the @StellarOrg ecosystem!
Just published the Stellar Community Fund 2025 Impact Report: 154 projects awarded, 82 mainnet launches, $70M in external funding raised by SCF alumni. So proud of what the Stellar ecosystem, community, and our @StellarOrg team built together this year! ✨🤩 medium.com/stellar-community…
5
3
14
590
Almanax reposted
Yesterday I had the pleasure of moderating a panel at @Stanford University on agent security. The lineup was stacked: - @danboneh, Stanford cryptography professor - @ilblackdragon, co-author of one of the most cited papers of all time, “Attention Is All You Need”, and co-founder of @NEARProtocol - @curtis0x, co-founder of @ElectricCapital We’re no longer talking just about models that answer questions. @openclaw pushed agents from chatbots to Jarvis-like systems, with memory, planning, and direct access to email, calendar, shell, browser, GitHub, and wallets. What is the new attack surface? What should we trust these agents with today, and where do they still fall short? How should we think about the rogue AGI risk? It was a fascinating conversation.
1
5
18
1,932