AssumptionsKill Systems
We build domain-specific AI security agents for complex protocol architectures.
One agent per domain.
All of them sharing intelligence to stop cascading failures.
Our Mission
Bluethroat Labs exists to accelerate the security maturity of Web3. Security cannot be solved with generic tools. Every domain has its own assumptions, attack surfaces, and failure modes that must be understood from first principles.
We build domain-specific AI security agents to study these domains deeply, surface vulnerabilities earlier, and share intelligence across systems.
Success means closing the gap between how fast Web3 ships and how slowly it learns from its mistakes.
We began with Trusted Execution Environments. Studying these systems from first principles led to confirmed findings across every major TEE-heavy protocol in Web3.
The same methodology was then applied to consensus engines, a fundamentally different domain, and the same result followed: Novel vulnerabilities in live production systems.
Our agents reason about systems they have never seen before.
Two domains tested. The methodology holds.
Complex protocols span multiple domains. Securing them requires more than a single agent or a single audit.
We build an ecosystem of domain-expert AI agents that reason together across subsystems. Each agent understands its domain. Together they understand your protocol.
Not a tool. An ecosystem of domain experts custom-built for your protocol.
Security that compounds with time.
Our Work
We operate across three fronts. We find real vulnerabilities in production systems. We build internal AI security systems tailored to your protocol. And we turn what we learn into public knowledge that raises the bar for the industry.
Vulnerability Research
Our research takes us deep into production codebases. When we find something real, we pursue it — across TEE protocols, consensus implementations, ZK systems, and beyond. We proactively reach out to concerned teams and responsibly disclose vulnerabilities. The patterns we uncover eventually flow back into our public research.
Internal AI Security Systems
We design and build internal AI-driven security tooling and workflows tailored to your protocol. Shaped around your codebase, threat model, and engineering reality, these systems evolve with the protocol. We can hand over the full stack to your team or remain involved on a light retainer.
The TEE Security Handbook
Every domain we study produces knowledge that shouldn't stay private. The TEE Security Handbook documents real failure modes, vulnerable patterns, and practical guidance for safely deploying TEE-heavy Web3 systems — built from confirmed findings across production codebases, not just theoretical analysis. More handbooks on the way.
ATTESTATIONS
Bluethroat Labs stepped in immediately and delivered a no-cost pre-audit within days that surfaced several high-impact issues across our stack. The findings were clear, actionable, and prioritised; we were able to address them quickly. The engagement was professional, responsive, and deeply technical. Bluethroat Labs provided genuine, full-stack, protocol-aware expertise and addressed our problems with urgency and care. We're grateful for their help and would gladly recommend them to any team.
Rishabh Gupta
Founder
One of the best audit experience we have been a part of. Rahul (and Parth) were great to work with. Their attention to details on contract design and adversarial thinking helped us along the audit process. They have delivered a well structured and comprehensive audit report. Since a picture is worth more than a 1000 words, here's one, along with a short story of what went down.
Alessandro T
Co-founder
We're proud to have worked with Bluethroat Labs on our backend, frontend, and cloud audit to improve the security of our DeFi application. The audit was thorough and insightful, the team was professional, responsive, and communicative throughout, especially around daily findings and updates. It gave us added clarity and confidence in our existing setup, and allowed us to move forward with greater focus while keeping security at the core of our process. We'd consider working with Bluethroat Labs again in the future and would happily recommend them to any team looking to secure their infrastructure with care and precision.
Paul
Co-founder
Our Team
A small team of domain experts obsessed with understanding how systems actually break. We are researchers and builders who believe domain-specific security is how Web3 wins — and we are here to prove it.
