Adrien: 0:00

For the adoption outside Web3,. Security is really important because people let's say people that are not so aware of it they just know our crypto. It's a bit shady, it's a bit scammy, like many, many malicious actors use it for criminal activities, I could say so. The reputation is not so positive.

Joeri: 0:24

Hello everyone and welcome to the Web3 CMO Stories podcast. My name is Joeri Billast and I'm your podcast host, and today I'm so excited to be joined by Adrien. Hi Hi, Joeri, thanks for having me Excited to have you guys. Adrien Resch is a driving force and co-founder behind two innovative projects in the Web3 space, in the Web3 security space, I should say AuditOne and Safura. As a co-founder and contributor, he's building a more resilient, decentralized future by strengthening both audit quality and risk coverage. By strengthening both audit quality and risk coverage At AuditOne, Adrien leads a global network of expert auditors focused on peer-reviewed smart contracts and AI system audits, and with Safura, he's addressing the next critical layer coverage by pioneering on-chain asset cover. Together, these projects form a solid trust layer of the decentralized world. Trust is really important. Adrien, we met first time at a Web Summit some months ago, but for people that don't know the projects that we are talking about today, can you give us more information about the origin? What inspired you to create a cybersecurity ecosystem for Web3 and AI?

Adrien: 1:49

Yeah, sure, that was already a great introduction. So AuditOne we founded more than three years ago actually, time is flying and back then so before that I was actually working as a consultant consulting Web3 projects on risk management and finance. Back then it was almost shocking that no project gave any serious care about their risk management and their security management and their security. So this was actually something when, like after a few projects, we realized there's really a gap when it comes to risk management and security. So this is then why I participated in an accelerator. There I also met one of my co-founders and we actually started then working on a platform approach. For, yeah, now it's called Audit One.

Adrien: 2:47

Back then we called it CoinRisk, so actually also had a pivot in between. But yeah, actually back then it was a managed marketplace where we would vet and onboard auditors that would then basically audit or review the security of smart contracts. But now actually it has become a fully-fledged ecosystem, you could say, with three main pillars. So one of them is actually the security services. Then second, we have the asset cover, so for the protection of the assets, and third is the agent. So we have an agent that is actually like dynamically assessing projects on different metrics. You could say so liquidity, how are buy and sell volumes, how's the security of the project, and then always, as kind of social agent, you could say posting on on x to inform users before interacting and investing in in protocols. Yeah, and this has become like a whole ecosystem with many, many users that participate.

Joeri: 3:57

Basically well, yeah, different interesting questions about all that. Um, but you know we are always talking like a podcast I recorded this morning about, you know, mass adoption adoption for a Web3, but also for AI systems. And then I'm wondering how do you see the role of security in driving adoption?

Adrien: 4:21

yeah.

Adrien: 4:21

So most people that are active in web3, they know that on a daily base or maybe it has become a bit better, but, like, let's say, a few years ago, on daily base, protocols were hacked.

Adrien: 4:33

Many reasons for that are due to technical issues, but then also, let's say, the social engineering and things like phishing make it really easy for hackers to get to the assets or something valuable at a company. So the thing is, I think, for the adoption outside Web3, security is really important because people, let's say, people that are not so aware of it, they just know our crypto. It's a bit shady, it's a bit shady, it's a bit scammy, like many, many malicious actors use it for, for, yeah, criminal activities, you could say. So the reputation is not so positive and I think security and trust is therefore, yes, so important to onboard those people, because if you focus on the good projects I mean, there's definitely scams, but there's also very incredible projects you would see a lot of, yeah, potential to to make the, the world a better place and to basically eliminate any kind of intermediary or something that is in between the user and the actual product or the actual financial system, so to say absolutely, the trust is really important in web3.

Joeri: 5:53

As we said, people that are in web3 they are already, you know, scared about clicking on a link or doing or interacting with someone, because they understand what can happen. But also people outside of web3. You know, they see you have to hold. It is all about scams and so on, because that's what we see in the media, of course. But yeah, you mentioned your agent, you mentioned all the things smart contracts and the systems. It's a key part of your services. So what is setting you apart from the competitors?

Adrien: 6:23

Yeah, so many competitors for a long time have been agencies, so you could say there are a few auditors within the company. They have been auditing projects, but it's really hard then to be specialized in all the different types of solutions because the, let's say, the dApps or the blockchains that exist, they are so different. They have different programming languages, they have different complexities, there are different smart contracts interacting with each other. So, yeah, one human auditor can only focus on so much in his lifetime or his career. So it makes sense to onboard actually many, many auditors. So now we have a few hundred and all of them are basically specialized in different sectors or on different types of smart contracts, different languages, and then, depending on the requirements of the client, we can always then tailor the auditor pool based on the needs of the client.

Adrien: 7:23

So, basically, if it was a DAX where people trade on, let's say, in Solidity, we could then find the auditors that have audited most projects actually with this kind of environment or setup. So this is something which is one advantage. And then we are focusing also on the full suit security or like full suit trust infrastructure, which means pre-deployment we have the audits and then post-deployment we have a bug bounty to incentivize ethical hackers, basically to look at those projects if there are still any problems. And then we also have now, with safura, the asset cover. So basically, if people want to secure themselves from from cyber attacks, they can buy this asset cover and they will be reimbursed if something happens to their assets. And this is something where, like all in one, as like one ecosystem, also with the agent, we gather a lot of risk assessment data and all of that is basically working, yeah, together to create this, yeah, great infrastructure or ecosystem for the user and I'm now wondering if you provide tools that allow clients to evaluate their smart contact security themselves.

Joeri: 8:43

But but how difficult is it? Do they need technical expertise and how does it empower your users? Yeah, talk to me about that.

Adrien: 8:54

Yeah. So out of all of those auditors, most of them have a security engineering background. So most of them have been working and probably pen testing or something else that is, with a similar background. But some of them just started with smart contract security. And now with, let's say, all the large language models, with all the content on YouTube, all the resources, yeah, it's so easy for someone to get started and to learn anything Like the knowledge or the learning materials, democratized within all domains. You could say so for our users, our auditors. They benefit from the academy, where we also share resources. We also want to offer workshops, and it's not only limited to smart contract audits anymore, so we focus on knowledge that spans across ISO compliance also. So, for example, 27001, the ISMS training. There's different gaps. You can, you can close and we help you to have the right tools, the right infrastructure to yeah, to begin and to accelerate this, this process. Basically, aside from then earning money with the, the jobs you can have on audit one yeah, yeah, I know you also have a audit token.

Joeri: 10:21

It's part of your ecosystem. Maybe can you explain the role of the token and how it creates a circular economy or and it's also for the benefit of your clients, but also for the auditors and for the community- yeah, exactly so it's.

Adrien: 10:36

You could say it's like a loyalty program as, like the main aspect of it, because the more tokens our clients hold and lock, the more discounts they will get on the services that we have. So, services like the audits, we also have phishing simulations, we have KYB, kyc, so also focusing a lot of on compliance, compliance and a more holistic security approach, and all of this is basically, then, much more accessible and affordable with the token holdings, the auditors. They receive it as kind of an add-up or markup on their normal payment, so usually they are paid in stable coins or fiat money and they will also rank on our platform. So the the system is a bit gamified. Everyone has a level and this level increases by the effort somebody takes and like how many audits they conduct, how active they are on the platform, and with level, the multiplier of the audit token also increases. So another incentivization basically to be active.

Adrien: 11:46

And now, actually, with the agent, the token also works as kind of a credit system. So, as you know it, with ChatGBT there's credits and like the more you use Chat, chat gbt, the more you consume those credits, and this is the same then with our audit agents. So if users interact with it. If other agents interact with it, they kind of they need to use this as kind of a fuel to to run the, the audit, one agent basically.

Joeri: 12:17

So, yeah, this incentive system for the for the auditors, but also staking is possible, I understand yeah, so staking is possible.

Adrien: 12:26

You would get all the tokens from it, but this is something so it makes most sense. If you're an auditor or a project, so necessarily not as a just as a web3 user when you interact with a protocol, so to say.

Joeri: 12:42

And we mentioned both AuditOne and Safura, which is a coverage protocol Can you explain a bit more how coverage pools and risk mitigation mechanisms work and how they are a game changer in the Web3 space?

Adrien: 13:02

work and how they are a game changer in the web3 space.

Adrien: 13:05

Yeah, so for users it's usually really hard to understand is a protocol secure or not?

Adrien: 13:08

So if I invest in in tokens, if I invest in, yeah, let's say, any kind of dap, it's really hard for me to to be secure and to like really know long term that I'm not affected by any malicious activities. So the asset cover if you purchase it let's say, you pay two percent up to five percent for, like more risky protocols you secure yourself with it, which means you could yield on the token or the yeah, like whatever strategy you are you're going for, and then if something happened to the protocol, you would get your money back. It's like a like a money guarantee or asset guarantee. So let's say, if a protocol protocol generates a yield of 15, 20 percent which is quite common in the DeFi space it's not that much to pay like 2% to 5% for the security or the cover. But then if something happened, you are safe, you will get your assets back and I think that's a great advantage for users to really have this confidence then to be able to invest in anything that they like.

Joeri: 14:23

I also understand that with Safura, you are taking a community-driven approach and Web3 asset cover. How do the token and your decentralized risk sharing model provide you with the security and with the flexibility?

Adrien: 14:41

risk sharing model provide you with the security and with the flexibility. Yeah, so the, the entity is actually incorporated as a DAO, so it's a. It's a fully fleshed, entitled DAO, you could say, and it's not controlled by one person. So it's actually right now, I think we are 10 people in the core team and we actually all spend across the world. So it's super interesting because you have all this diversity in it. But you also have people with different mindsets, different cultural backgrounds, they have different values and we are all working together towards this same goal to make this risk sharing work.

Adrien: 15:19

And the token is basically the facilitator of all of that. So if people get into the protocol with like an interest, they have to get the SAFU token, basically like the cover they could buy with another token. So we deployed on Sonic, which is a layer one EVM chain, and, like with Sonic or with the stable coin, you could pay the cover, but then actually, if you wanted to be part of the governance and like to benefit from the protocols business model, you would have to to hold the safu token, and the safu token actually generates fees that come from the covers that people buy. So this is actually how the model I mean, it's much more complex, but that's, let's say, the high-level approach.

Joeri: 16:11

Your platform clearly emphasizes that collaboration, so with auditors, clients, community members playing vital roles. How are these partnerships creating a network effect and how are they driving the growth of your platform?

Adrien: 17:39

yeah, so you would say, right now we work with over 50 clients.

Adrien: 17:44

They are also all across the world and and it's really a key factor to have to work with other dApps or protocols in the space, because everyone is having his own community.

Adrien: 18:01

So if you want to have a lot of exposure to all those people, it's really good to work with people together with protocols, together to announce that you are active on x, basically that you have something. So, for example, with some protocols, we are working on the risk metrics for the agent. With others we have, let's say, like a treasury to finance projects when they need audits. So there's a lot of touch points where you can interact with each other. You can, you can reward communities of the other protocols, basically, and for us, as a security or trust anchor, it makes a lot of sense because all those ecosystems they need someone to yeah, to care about those things. Right, because not many people care about it. Most people in crypto they care about financial return. So this is something we are very conscious about and, like our large auditor network, then helps to have many different people looking for it people looking for it absolutely now.

Joeri: 19:16

We mentioned already trust very important in Web3 regulatory compliance. How does that enhance the confidence in in your ecosystem, for both the clients and and the token holders?

Adrien: 19:25

yeah, yeah, we are fully compliant with audit one audit one is actually located in germany. It's headquartered in germany, although actually everyone from the team is has a different nationality. Like, I think out of 10 people, we have nine different nationalities from the, from the core team and the. The token was actually also reviewed by the BaFin, which is like the German financial authority. So this is all, basically, yeah, there's no uncertainty around it, right? We are not doing anything. That is where we might then have something backfired at us.

Adrien: 20:03

This is something which is really important for us, especially because we're acting in the cybersecurity space something which is really important for us, especially because we're acting in the cybersecurity space. And then, with the clients we work with, we also look at the compliance aspect. So where they are located, are they actually? Yeah, is it legal what they are doing? Because you need to be really careful of the local Joeri you need to comply with right. So this is also something where we have partners, where lawyers work with us, because when it comes to the legal aspect, you need expertise in this designated Joeri.

Joeri: 20:41

Basically, yeah, yeah, absolutely. Advice from experts is always welcome, certainly in this space, and you're working with so many different I would say partnerships or stakeholders. Now I know it's also in your plans to go towards a DAO structure, so curious if you can talk a bit more about that, what it means for your project, how in the future look like looks, yeah so actually we incorporated beginning of this year, so the DAO is now.

Adrien: 21:13

I think when we talked back in Portugal, we discussed this and now it's actually all set up. So the DAO is incorporated. We have now basically the legal structure behind it and the DAO can act with its own multi-signature wallet basically. So it's actually fully in crypto. There are services that we need to pay then, but actually most of the services can also be paid in crypto that we need for a Sephora. So this is something which is really exciting for us and then also have proposals to then adapt with. Adapt to new changes. The governance is really decentralized, you could say, from now on.

Joeri: 21:57

It's always what I like to ask my guests and what are you the most excited about? You're definitely excited about this DAO structure. Are there other milestones or features that you are excited about that you will bring to the users this year or maybe next?

Adrien: 22:14

Yeah, actually, we just won a hackathon one week ago, which is about our agent tooling, and this is the agent I shortly talked about. So it's an agent that has different sources talked about. So it's an agent that has different sources. So, let's say, sources like our own auditor security database from audit one, where we also look at all the different auditors in the space and audit firms, audit contest platforms. We also have data sources like DexScreener, where we receive yeah, when we get data, that is, regarding the liquidity, the buy-sell volume, how the prices fluctuate, and so all of those metrics.

Adrien: 22:57

We then put into a risk scoring system, you could say. And then at the end we have different scores and any agent or any platform can then request those scores and then decide if they want to interact with the protocol because, yeah, due to a higher risk score, it's rather safe. Or, let's say, if it's a really low score, they could say, ah, no, it's, it's too risky, they might get hacked, they might rug, pull the project, because it's not really clear who the team behind is. So, yeah, this is basically accessible to anyone, you could say, and we are also posting or providing information from this on X, as like most people are in the crypto space, are active on X, they can go to the account and then see, like on a daily base, how the stats fluctuate and if, let's say, any security incident happens, you will also get to know about it. So you might be fast enough to convert your money or get it out.

Joeri: 24:07

Basically, Well, the future for sure sounds exciting, Adrien. Other events on your schedule that people can meet you in the future?

Adrien: 24:19

Yeah, actually a lot of events. So I will be at the Sonic Summit in Vienna next month. The month after we will be at the berlin blockchain week in in berlin. We might also go to singapore again to the talk 2049 and then to defcon in argentina, maybe also to to can, to the ecc. But it's a lot and you know you also have to do all the other stuff.

Joeri: 24:51

But yeah, the schedule might look like this basically, I know how it is, so you need to make choices all the time and now, now that I'm living in portugal, it's for me easier to go to these conferences here around. I will also be speaking at a few places in lisbon and Porto, porto. Actually, it's a panel about blockchain and AI. I love it when it all comes together, like you are doing, converting all these new technologies, but with the security aspect, which is really important. So, Adrien, if people yeah, they want to find out more about you know the project that you mentioned, where would you like me to send them?

Adrien: 25:34

Yeah, so they could definitely reach out to us through our website. So we have different social media links like discord telegram is linked there. You could also reach out to me on linkedin Adrien reich is my name there and then also on x, for example. So, yeah, like any anywhere is fine actually to to reach out. Yeah perfect.

Joeri: 25:54

Like my listeners know, there are show notes, there is a blog article linked to this podcast episode and, guys, if you have a question about audit one, I'm also partnering with them feel free to come to me of here. They reach out to Adrien. If you just mention you, listen to the podcast and he knows. Okay, these guys know all my story because I told it to Joeri. Yeah, so again, it was really a pleasure to have you on the show Joeri, thank you so much, likewise guys, what an interesting and amazing episode.

Joeri: 26:27

I think if you learned so much as I did, yeah, share this episode with your friends, with other entrepreneurs in the Web3 space, or maybe people that are anxious to learn more about Web3 and all the security aspects involved, feel free to share this episode with them. If you're not yet following the show, as I always say, this is now the really good moment to do this to hit the subscribe button. And if you haven't given me a review yet, this would also be a good moment to do this, because with more reviews, I get even more reach. Thank you so much for listening and I hope to see you back next time. Take care.