About Web3 Security.AI

Web3 Security.AI is built and maintained by Scott Carlson through Savy Advisors LLC.

Scott has been in information security since 1996, straight out of college. Over three decades he's worked across enterprise security, identity and access management, and payment systems — including roles at PayPal, BeyondTrust, and Kudelski Security.

In 2017 he moved into blockchain security full-time. Since then he's participated in the first security audits of Solana, Circle's on-chain infrastructure, and numerous other protocol launches. At Kudelski Security he authored the Digital Asset Custody Research Paper — a widely referenced report on custody deployment models, solution vendors, and security architectures for fintechs and banks.

That experience revealed a consistent gap: teams building on-chain didn't have a reliable, independent resource for evaluating security tools and auditors. Most recommendations came with conflicts of interest — auditors recommending themselves, tool vendors inflating their own capabilities.

Web3 Security.AI launched in 2023. In 2026 the site became fully AI-operated — powered by a home lab of worker nodes that continuously research, validate, and update every listing without human intervention. Scott's practitioner experience sets the editorial direction; the machines do the rest.

Connect with Scott on LinkedIn

The web3 security landscape moves fast. New tools ship weekly, auditor firms expand into new chains, and exploits hit protocols before most teams even hear about them.

No single person can track all of it. But AI can. Web3 Security.AI uses automated research pipelines to continuously scan for new tools, monitor auditor activity, track exploits, and validate that every listing in our directory is still active and legitimate. The AI organizes and presents the information — the practitioner experience provides the editorial judgment.

The result is a directory that stays current without the conflicts that come from relying on the industry to police itself.

Every tool and auditor in our directory goes through a multi-step evaluation:

1. Discovery — AI pipelines scan GitHub, security forums, audit reports, and on-chain data for new tools and firms.
2. Verification — Claims are verified against public data: audit reports, GitHub activity, community reputation, on-chain track records.
3. Expert Review — Practitioner review ensures context that automation can't capture — like how a tool performs in real-world audit workflows.
4. Continuous Monitoring — Listings are re-evaluated regularly. Inactive tools get flagged, stale auditors get demoted, and new data is incorporated automatically.