https://nullrabbit.ai/research 2026-04-15T20:38:11.699Z Research insights on DePIN security, blockchain infrastructure, and decentralized network protection https://nullrabbit.ai/twitter.png © 2025 NullRabbit. All rights reserved. https://nullrabbit.ai/research/validator-scan-findings-solana-sui-april-2026 2026-04-14T00:00:00.000Z 2026-04-14T00:00:00.000Z Simon

NullRabbit scanned 5,715 validator hosts across Solana and Sui, running 10,139 scans and identifying 1,340 CVE findings across 155 hosts. Here's what the validator attack surface actually looks like.

https://nullrabbit.ai/research/slashr-features 2026-04-06T00:00:00.000Z 2026-04-06T00:00:00.000Z Simon

Slashr tracks validator delinquency, jailing, slashing, and missed votes across Solana, Ethereum, Sui, and Cosmos in real time. Wallet checks, rankings, automated scanning, and reliability reports -- all from on-chain data.

https://nullrabbit.ai/research/slashr-mcp 2026-04-05T00:00:00.000Z 2026-04-05T00:00:00.000Z Simon

Slashr now has a Model Context Protocol server. Any MCP-compatible AI tool -- Claude Code, Claude Desktop, or custom agents -- can query live validator incident data, scan results, and network summaries directly.

https://nullrabbit.ai/research/introducing-slashr 2026-03-26T00:00:00.000Z 2026-03-26T00:00:00.000Z Simon

Validators go down constantly. Almost nobody is watching it happen in real time, across chains, in one place. So we built slashr.dev, a live incident feed tracking Solana, Ethereum, Sui, and Cosmos.

https://nullrabbit.ai/research/defi-under-the-microscope 2026-03-25T00:00:00.000Z 2026-03-25T00:00:00.000Z Simon

A first look at what DeFi validator infrastructure looks like at the kernel level. We crack open the consolidated dataset -- embedding galaxies, jitter fingerprints, RTT ridgelines, and 10,000 anomaly events across 642 silent hosts.

https://nullrabbit.ai/research/what-does-a-defi-network-look-like 2026-03-20T00:00:00.000Z 2026-03-20T00:00:00.000Z Simon

Every blockchain network has a physical fingerprint. We pointed our eBPF/XDP scanner at 1,075 hosts across multiple DeFi validator networks and mapped 3,001 timing fingerprints to reveal the structure underneath the consensus layer.

https://nullrabbit.ai/research/bpf-xdp-production-challenges 2026-03-18T00:00:00.000Z 2026-03-18T00:00:00.000Z Simon

Building a production BPF/XDP scanner is an exercise in humility. Orphaned XDP programs, async Rust deadlocks, stale binaries, silent TC failures -- here is everything that broke and what we did about it.

https://nullrabbit.ai/research/sui-validator-network-exposure 2026-03-13T00:00:00.000Z 2026-03-13T00:00:00.000Z Simon

We scanned 138 Sui validators across 20 countries using kernel-level temporal fingerprinting. 41% have SSH exposed, 57 run unexpected internet-facing services, and 9 confirmed CVEs sit on 4 hosts -- including 2 critical at CVSS 9.8. Here is what we found and why it matters for DeFi.

https://nullrabbit.ai/research/open-sourcing-autonomous-defence-arsenal 2026-02-26T00:00:00.000Z 2026-02-26T00:00:00.000Z Simon

We're open-sourcing the tooling behind NullRabbit's autonomous kernel-level network defence: the scanning, intelligence, observation, and adversarial validation layers that feed our enforcement pipeline. Six tools, MIT licensed, with more coming.

https://nullrabbit.ai/research/why-autonomous-enforcement-must-earn-authority 2026-02-13T00:00:00.000Z 2026-02-13T00:00:00.000Z NullRabbit Research

The technology to defend networks autonomously exists. The legitimacy to deploy it does not. Introducing earned autonomy: a governance framework where defensive authority is demonstrated before granted, scoped per abuse class, and continuously re-earned or revoked.

https://nullrabbit.ai/research/building-the-jig-claiming-the-time-dimension 2026-02-05T00:00:00.000Z 2026-02-05T00:00:00.000Z NullRabbit Research

Inline defence without understanding is guesswork. Before machines act, they need evidence. Why we're open-sourcing our scanning system, building jigs instead of shortcuts, and claiming time as a first-class signal in infrastructure security.

https://nullrabbit.ai/research/earned-autonomy-paper 2026-01-28T00:00:00.000Z 2026-01-28T00:00:00.000Z NullRabbit Research

Machines attack at machine speed. Humans defend at human speed. The technology to close this gap exists - the governance doesn't. A framework for when machines should be permitted to act without human approval.

https://nullrabbit.ai/research/validating-inline-enforcement-with-xdp 2026-01-21T00:00:00.000Z 2026-01-21T00:00:00.000Z NullRabbit Research

Inline enforcement operates at machine speed, but trust cannot. IBSR is a validation step: using XDP to observe real traffic, simulate enforcement, and generate evidence before any blocking is enabled.

https://nullrabbit.ai/research/on-earned-autonomy 2026-01-13T00:00:00.000Z 2026-01-13T00:00:00.000Z NullRabbit Research

Machines attack at machine speed. Humans defend at human speed. We propose a governance framework for closing that gap--not through blind trust, but through demonstrated competence.

https://nullrabbit.ai/research/building-the-jig-inline-defence-testing 2025-12-18T00:00:00.000Z 2025-12-18T00:00:00.000Z NullRabbit Research

The XDP logic came together in days. The infrastructure to prove it works took weeks. That ratio matters more than most people realise.

https://nullrabbit.ai/research/solana-ddos-guard-inline-defence 2025-12-17T00:00:00.000Z 2025-12-17T00:00:00.000Z NullRabbit Research

Solana reportedly absorbed a sustained ~6 Tbps volumetric DDoS attack with no downtime. That's real progress. It's also not the same thing as being protected.

https://nullrabbit.ai/research/cloudflare-dos-limitations 2025-12-16T00:00:00.000Z 2025-12-16T00:00:00.000Z Simon Morley

I assumed Cloudflare would protect me from all denial-of-service attacks. It doesn't. A reality check on origin IP bypasses, non-HTTP floods, and why the gap between the edge and your kernel matters.

https://nullrabbit.ai/research/xdp-defence-mqtt 2025-12-02T00:00:00.000Z 2025-12-02T00:00:00.000Z Simon Morley

Demonstrating the complete XDP detection pipeline with MQTT eventing. Shows kernel-level SYN-flood detection, userspace processing, and real-time remote alerting - all in milliseconds.

https://nullrabbit.ai/research/xdp-inline-defense-for-validators 2025-11-19T00:00:00.000Z 2025-11-19T00:00:00.000Z NullRabbit Labs

Validator nodes face constant exposure. This deep dive explains how NullRabbit Guard uses eBPF and XDP to enforce security directly inside the NIC driver, dropping scans and abnormal traffic at line rate before they reach the kernel or your node.

https://nullrabbit.ai/research/2025-09-research-sui 2025-09-24T00:00:00.000Z 2025-09-24T00:00:00.000Z Simon Morley

NullRabbit's September 2025 benchmark provides a consolidated security snapshot of all Sui validators. Scores ranged from 15 to 93, with a median of 45, and 18.5% meeting our good practice threshold. This dataset and heatmap give validators tools to improve, while offering delegators transparency when choosing staking providers.

https://nullrabbit.ai/research/sui-validator-slashing-warning 2025-09-12T00:00:00.000Z 2025-09-12T00:00:00.000Z NullRabbit Team

Recent Ethereum validator slashings showed how fragile infra can be. Our scan of Sui uncovered something worse: nearly 40% of validator voting power exposed.

https://nullrabbit.ai/research/sui-validator-network-exposed 2025-09-02T00:00:00.000Z 2025-09-02T00:00:00.000Z NullRabbit Team

NullRabbit's August 2025 scan of the Sui validator set revealed nearly 40% of voting power exposed to SSH, CVEs, and misconfigurations - leaving the network one step away from consensus failure.

https://nullrabbit.ai/research/welcome-to-research-hub 2025-09-01T00:00:00.000Z 2025-09-01T00:00:00.000Z NullRabbit Team

Introducing our new research hub where we share insights on DePIN security, blockchain infrastructure, and decentralized network protection.