The layer most Web3 protocols never build for

Description

"Web3 companies are very bad at having this." Mudit Gupta, CTO of Polygon Labs, on the security operations function most protocols ignore entirely — and why it's where the majority of Web3 incidents actually begin. Polygon runs two dedicated security teams. SecOps handles the Web2 attack surface: cloud infrastructure, employee devices, domain security, and phishing simulation. AppSec owns security from the architecture stage, not after code ships. Most Web3 teams have neither structured this way — and Mudit's data on where breaches originate explains why that matters.