Skip to main content
Secle
Pillar P/03 · Emerging Systems Security

The code can be flawless and the system still broken.

Emerging systems fail where classic security doesn't look: in the incentives of a decentralized protocol, and in what an autonomous agent decides to do with the tools you gave it. Two specialties of equal weight. In both, the bug doesn't live in a line of code but in the logic that governs the system.

The difference

Security of mechanisms and behavior, not just code.

A contract can be perfectly written and still be exploitable. If rewards or transaction ordering allow value to be extracted, someone with capital and patience will do it.

An AI agent can execute exactly the code it has and still be hijacked, when a hidden instruction redirects its goal or a tool does more than its name suggests.

Two surfaces, one method. We read the system the way a rational attacker would: we look for the incentive or goal deviation that turns a legitimate operation into a lever.

Model · emerging surfaceFIG. E0
Emerging systemIncentive surfaceAgent surfaceOraclesMEV / orderingIncentivesGoal hijackingTool abuseMCP / memory
Priority vectors

What we look at first.

The order isn't alphabetical. We prioritize by what a rational attacker would try first, given cost and return.

Oracles
Oracle manipulationMoving the reference price to liquidate, arbitrage, or drain a pool. The contract works; the data it consumes doesn't.
MEV
Reordering and extractionControlling transaction order within a block: front-running, sandwich attacks, selective censorship.
Incentives
Exploitable design and collusionValidators who earn more by working against the protocol than by following it. The attack is simply following the incentive.
Injection
Indirect goal hijackingHidden instructions in data the agent treats as trusted. The model obeys whoever it shouldn't.
Tools
Tool use abuseA tool with more reach than necessary, invoked for an unintended action. The permission was the bug.
Supply chain
Plugin and MCP chainThird-party servers and plugins that expand what the agent can do, and what a third party can do through it.
Our approach

We treat these systems the way a rational attacker would: we look for where incentives or goals can be diverted to turn a legitimate operation into an advantage.

We combine economic mechanism analysis with agent behavior analysis. We don't just evaluate whether the code is correct, but whether the system as a whole holds up when participants or agents act selfishly or are manipulated.

What we deliver
  • A model of both risk surfaces (incentives + agent behavior)
  • Identification and prioritization of relevant attack vectors
  • Mitigation recommendations by cost and effectiveness
  • Secure-design criteria applicable to systems with incentives and autonomous agents
  • A living model that can be updated as the system evolves

Who it's for Teams building or redesigning decentralized systems, protocols with economic incentives, or systems involving autonomous agents where value (data, money, or critical decisions) is at stake.

Two specialties

Real depth on both new fronts.

Of equal weight. Explore whichever interests you.

Want to review this front with us?

A technical conversation, no sales script. We'll tell you honestly whether the risk is in your code, your incentives, or your agent, and whether we can help.

[email protected]