Security remains one of the biggest challenges in crypto. Over $11 billion in DeFi assets have been stolen to date, nearly 10% of total TVL. As AI accelerates the speed of both code creation and exploitation, the gap between attackers and defenders continues to widen. To unpack this evolving landscape, Octane founder Giovanni Vignone joined On The Brink with Castle Island for a deep conversation about the state of onchain security, why manual audits alone are no longer enough, and how AI is reshaping the future of defense.
On the Brink Podcast: Giovanni Vignone on Protecting Onchain Assets
Security remains one of the biggest challenges in crypto. Over $11 billion in DeFi assets have been stolen to date, nearly 10% of total TVL. As AI accelerates the speed of both code creation and exploitation, the gap between attackers and defenders continues to widen. To unpack this evolving landscape, Octane founder Giovanni Vignone joined On The Brink with Castle Island for a deep conversation about the state of onchain security, why manual audits alone are no longer enough, and how AI is reshaping the future of defense.
🎧 Listen to the Full Conversation
How Attackers Are Evolving and Why Teams Must Shift Left
“The risk profile in crypto is probably the highest out of any space I've ever seen. Effectively, all hacks lead to the equivalent of bank account liquidations, where end users actually lose digital assets, tokens, real money. Security is really important.”
Attackers once relied on manual reconnaissance. Now they use AI to find and simulate vulnerabilities to use maliciously. Many protocol teams, by contrast, still treat security as a final-check activity before launch, relying solely on manual audits.
Gio argues that has to change. He urges builders to adopt a shift-left mindset by embedding automated checks directly into continuous integration and deployment pipelines. Each pull request should trigger vulnerability analysis so issues are caught before merge, not after mainnet deployment.
It’s a cultural shift as much as a technical one: founders must budget time and attention for security as a product-development priority, not a compliance box.
What Pre-Deployment Security Really Looks Like
“One of our most important missions at Octane is to make sure that teams we work with deploy securely and don't get hacked.”
Octane’s platform embodies that philosophy. Every pull request is automatically scanned by Octane’s AI-powered vulnerability-detection engine, surfacing potential exploits and generating code-level remediation diffs within 15 to 40 minutes.
The system provides developers with continuous security intelligence, functioning as an always-on security engineer that evolves with every commit.
Behind the software stands Octane’s elite security research team, with over $1 million in verified bug bounty earnings. They perform targeted manual reviews before launches and guide teams through remediation best practices.
Octane also encourages customers to utilize comprehensive security measures for smart contracts: static analyzers, at least two manual audits from different firms, public audit competitions, live bug-bounty programs, operational security measures, and incident response.
Economics of Security and Why Early Investment Pays Off
“The biggest bull case for security I can give to any founder listening, is that it will be cheaper for you to approach this from day one, even though you don't think so.”
Founders often postpone security to save money, only to pay far more later. Gio breaks down the math:
Teams that wait until launch typically spend $50k – $200k on their first audit, uncover dozens of high-severity issues, then require follow-up audits that can push costs to $100k – $400k+ and delay mainnet releases by months.
By contrast, starting security from day one with continuous testing drastically reduces audit findings and accelerates remediation. AI and automated tooling catch vulnerabilities early and continuously, so by the time a team goes through manual audits, their vulnerability count is far lower. Since those risks have already surfaced throughout development, remediation is faster, the number of required audits drops, and total security spend decreases.
The Vision: Smart Contract Security Accessible to All
“Our long-term vision is to really scale the automation part of it so that our AI systems are effectively handling 95% of the bulk of vulnerability identification and remediation.”
A striking example came from a recent engagement with Covenant protocol. The founder challenged Octane to find a critical bug in already-audited code. If successful, he’d sign a contract. Within 45 minutes, Octane identified a real critical vulnerability, leading to a full-year partnership.
By automating 95% of vulnerability detection and remediation, Octane aims to make smart contract security affordable and accessible for startups while reducing systemic risk across the entire crypto ecosystem.
Octane’s goal is to make continuous, autonomous, developer-first security the new default for smart contracts. Every team that ships securely is one fewer opportunity for attackers and one step closer to a safer decentralized future.
