Skip to content

FAQ

Common questions about what Common Defense does, who we protect, and how we work, from signer compromise and the Communication Firewall to certification and incident response.

What does Common Defense do?
Common Defense is an AI cyber lab, protecting AI companies, crypto protocols, and fintechs. We secure the communication channels and operations that attackers actually target. We protect the identity, communications, pipelines, cloud, signing keys, and model weights around your app, through proactive review, continuous monitoring, incident response, and certification.
Who does Common Defense protect?
AI and ML companies, Web3 protocols, and fintechs. For these teams, the asset attackers want lives outside the app. It's the model weights, the source code, the treasury, or the trust a bank places in their infrastructure.
How is Common Defense different from a traditional security firm?
Most firms are built around stolen customer data and testing the app. We focus on the operation around it: the identity, pipelines, cloud, keys, and communications attackers move through. Our red-team experience comes from Web3, one of the most adversarial environments in technology.
What is a signer or key compromise?
It's when an attacker gains the power to move a protocol's funds. Sometimes they steal a private key. More often they trick a legitimate signer into approving a malicious transaction. The largest crypto losses trace back to it: Bybit lost $1.5B, Ronin $625M, and WazirX $230M.
What is the Communication Firewall?
It's cross-channel monitoring of the places attackers social-engineer your team: email, WhatsApp, Telegram, Slack, SMS, and voice. Single-channel filters miss attacks that span surfaces. The Communication Firewall correlates signals across channels, catching impersonation before it becomes a wire transfer or a signed transaction.
How is your certification different from SOC 2?
SOC 2 attests that your controls exist and operate, and you should have it. It wasn't built to tell a buyer whether an attacker can reach your keys, treasury, or model weights. Our certification scores exactly that, against a fixed checklist across six areas, pass or fail. It runs alongside SOC 2, not in its place.
How fast can you respond to an active incident?
If an intrusion is underway, email bd@commondefense.ai or start at our Active Incident page. We run live incident response: containment, eradication, and recovery. We move at the speed the intrusion forces.
What does a vCISO engagement include?
Senior security leadership without a full-time hire. You get strategy and risk judgment, a hardening roadmap sequenced by real risk, and the assurance your partners need. It's grounded in an environment we already monitor and harden. And if an incident hits, your response starts with a team that knows your setup.
What is an OpSec Review?
A review of the operation around your app: your credentials, access graph, exfiltration paths, sensitive assets, and supply chain. We evaluate it the way an AI-enabled adversary would. You leave with a prioritized hardening plan your team can execute.
How do we engage Common Defense?
Email bd@commondefense.ai or request a demo. We start with a scoping conversation to understand your environment and the assets that matter most. From there we propose the right engagement: a review, ongoing monitoring and vCISO, incident response, or certification.

Close every gap before it becomes an incident.

Contact Us