Even with the short week, Web3 was busy discussing cybersecurity disclosure, stablecoins and security vulnerabilities with AI agents. Read more below.
Repealing cybersecurity incident public disclosure requirements is a big mistake
“It would be a huge mistake for the SEC to repeal the cybersecurity incident public disclosure requirements, because then, no one would be holding companies accountable if a breach does occur, which they do, all the time.
“Sure, the four-day rule does give cybercriminals leverage against companies they attack, and that can create negative publicity, and even lead to lawsuits, like it did in Coinbase’s case. But users deserve to know if their data has been stolen and is potentially being misused against them. They deserve to know this as soon as possible, not six or twelve months down the line, or potentially even never.
“In fact, evidence shows that without specific requirements, many organizations don’t properly report information that should be public, not only so that users can protect themselves in the case of a breach, but also so that others can learn and evolve their own security systems.
“Yes, it’s painful, but transparency makes it much easier for those of us on the right side of the law to prepare for the next cyberattack. And trust me as a cybersecurity professional: they’re coming, and they’re only getting more sophisticated. So the more information we can learn from, the better. The financial sector should lead the way on this, rather than lobby to relax the rules.
“However, I would advocate for clearer guidelines on what constitutes a ‘material’ incident, and perhaps a longer timeline in cases involving active law enforcement. Like with any regulation, it’s important to make sure it’s fit for purpose.”
– David Carvalho, founder and CEO of post-quantum cybersecurity infrastructure Naoris Protocol
Stablecoin shifts benefit RWAs
“Stablecoin data is showing a clear structural shift in crypto. According to OKG Research, 52% of newly minted stablecoins over the past 30 days flowed directly into RWA yield pools or institutional settlement hubs. This represents a unique turning point, as freshly minted stablecoins bypass centralized exchanges and other intermediaries to flow directly into on-chain financial infrastructures.
“It also confirms what is now an undeniable fact within the crypto ecosystem: Real-world assets (RWAs) are no longer a side narrative, but the most active sector absorbing capital in crypto today.
“The market capitalization of stablecoins has hit a new all-time high of $246 billion, up 3.39% since April. Combined with RWA inflows, this tells us that new crypto investors are seeking stability through stablecoins, but not just to hold them on the sidelines. Instead, they are using stables to actively participate in the crypto ecosystem.
“We’re seeing this across multiple layers. USDC usage on Ethereum, for example, just reached record levels, driven by growing adoption across DeFi protocols like Aave, Curve, and Uniswap. Stablecoins are becoming the base layer for DeFi activity – and not just for traders, but for institutions and payment systems.
“BlackRock’s BUIDL fund, now approaching $3 billion in AUM, is already working on using RWA-backed assets as DeFi collateral on Avalanche. Meanwhile, the market cap of U.S. tokenized treasuries has just surpassed $7 billion, reflecting strong demand for on-chain exposure to traditional assets.
“The long-awaited bridge between traditional and decentralized finance seems to finally be under construction, and the fact that stable, real-world value is underpinning it is very encouraging.
“Speculation and ‘Degen’ culture will always have a strong place in crypto, but a globally open financial system needs a more reliable foundation. And this is why RWAs will lead the next wave of crypto liquidity.”
– Kevin Rusher, founder of Real World Asset (RWA) borrowing and lending ecosystem RAAC
Beware of AI agent security risks
“The potential ‘zero-day’ for tech-focused businesses isn’t a North Korean hacker – it’s the autonomous swarm of AI agents that the world is rushing to deploy. Every plug-in, permission, and action log is a fresh exploit vector we will all pay for if we don’t handle this threat correctly and promptly.
“Fighting that with more firewalls is whack-a-mole. The answer is always the same: transparency.
“History needs two things to be trustworthy: immutability and availability. By recording each plug-in manifest and runtime trace on a permanent ledger like Arweave, then distributing access across hundreds of independent gateways, we can lock down both.
“If an attacker edits code, the hash mismatch is public. If they – or ‘it’ – try to bury evidence, another gateway still serves the file.
“Developers can still ship patches, but they’re just added as new, timestamped versions, making rollback attacks obvious. Auditors, journalists, and regulators can fetch proofs without special credentials and verify them in minutes.
“When we treat the problem like supply-chain security rather than a metaphysical debate about ‘alignment’, we can truly contain the risk. Freeze what matters, publish the diffs, keep the data online, and when anyone inspects the trail, an AI agent can’t rewrite its past without spectators.”
– Phil Mataras, founder of permanent cloud network AR.IO