# Protecting the Decentralized Edge with PGDN By [PGDN Network News](https://paragraph.com/@pgdn) · 2025-08-07 defi, sui, blockchain --- Most people assume validator infrastructure is secure by default. The (potential) future of banking _should_ be secure right? With all the recent crypto breaches, we assumed things would be protected. What we actually found was quite a shock. **PGDN** is an AI-powered platform built to protect the decentralized edge, not by reacting to threats, but by proactively surfacing the weak points that make them possible. PGDN is an **agentic detection system**: a purpose-built infrastructure intelligence layer that autonomously identifies, monitors, and scores validator nodes, RPC endpoints, and exposed components across decentralized networks. The results are normalized, scored, and published as a permanent, verifiable audit trail - on-chain. Everyone’s Auditing Apps - No One’s Watching the Infrastructure --------------------------------------------------------------- In Web3, billions are poured into smart contract audits, formal verification, and protocol-level bug bounties. And yet: * The nodes running those contracts are often **unpatched** * Their RPCs are **publicly exposed** * Their dashboards and ports are **wide open** * Their infrastructure hygiene is **untested, unaudited, and untracked** > The external attack surface is growing, and no one’s looking. That’s the gap PGDN exists to close. In another article, we’ll cover the moment a security engineer from a major network sends us an outdated _internal_ ddos audit, shortly after we sent him a report of a critical vulnerability on an external port. * * * Why We Scan Validators ---------------------- Because they’re the actual entry points for attackers. Smart contracts might hold the funds, but **validators hold the keys to uptime, censorship, consensus, and exposure**. If a validator goes down — or worse, is compromised — the entire network can be weakened or manipulated. Here’s what we regularly find: * RPC nodes running vulnerable versions * Prometheus dashboards with no auth * Default passwords still active * BFT ports exposed globally * Misconfigured TLS or proxies In any other industry, this would trigger an incident response. In crypto, it’s often invisible. * * * Our Approach ------------ PGDN doesn’t guess. We verify. * ![](https://cdn.jsdelivr.net/npm/emoji-datasource-apple/img/apple/64/2705.png) We only scan **publicly routable infrastructure** * ![](https://cdn.jsdelivr.net/npm/emoji-datasource-apple/img/apple/64/2705.png) We do not brute-force or exploit anything * ![](https://cdn.jsdelivr.net/npm/emoji-datasource-apple/img/apple/64/2705.png) We fingerprint passively and match known CVEs * ![](https://cdn.jsdelivr.net/npm/emoji-datasource-apple/img/apple/64/2705.png) We normalize, score, and **publish findings on-chain** Every scan produces a **validator trust score**, traceable back to the original data, hashed and timestamped for full accountability. * * * We're Not Just Scanning - We're Setting the Standard ---------------------------------------------------- This isn’t about attacking networks. It’s about making them stronger. We’re building a **living, on-chain reputation layer** for validator infrastructure one that protocols can rely on, and node operators can prove against. Because decentralization without visibility is just security by assumption. * * * Coming Next ----------- In Part 2, we scan the [Sui.io](http://Sui.io) mainnet and find that over **20% of validators expose critical misconfigurations**. Some of them are shockingly easy to fix. None of them should have existed. * * * _PGDN - protecting the decentralized edge (and sometimes that means seeing what others choose not to)._ --- *Originally published on [PGDN Network News](https://paragraph.com/@pgdn/protecting-the-decentralized-edge-with-pgdn)*