Software is being given authority. Trust must be provable, not assumed.
Capabilities
- Verifiable authority
- AI agent security
- Applied cryptography
- Confidential computing
- Key management
- Infrastructure security
- Security strategy
AWS Nitro · Intel TDX · AMD SEV
MPC · HSMs · PKI · Attestations
Rust · Python · Go
Reproducible Builds
I work on security architecture for systems where trust needs to be explicit.
That includes applied cryptography, key management, infrastructure security, protocol review, cloud and deployment architecture, blockchain systems, and increasingly AI systems that act through tools, credentials, and external services.
The recurring question is simple: under what conditions should a system be allowed to release authority?
A private key. A signing capability. An access token. A privileged API call. A delegated permission into a system too complex to simply trust.
My current focus is verifiable authority: combining security architecture, cryptographic controls, confidential computing, remote attestation, zero-knowledge proofs, and policy-bound credentials so that high-value actions are constrained, auditable, and defensible.
This applies to AI agents, but not only to AI. It is the same problem behind custody systems, cloud infrastructure, CI/CD pipelines, secrets management, vendor integrations, and critical internal workflows.
Once systems can act, security is not only about preventing compromise. It is about deciding what they are allowed to do, under which conditions, and what they can prove before authority is granted.
How we can work together
- Advisory Retainer Flexible, ongoing guidance for founders and CTOs on trust models, AI safety architecture, and cryptographic primitives.
- Architecture & Research Sprints Fixed-term engagements to design or review the trust model of autonomous agents or sensitive infrastructure before it hardens.
- Fractional Security Strategy & Leadership Embedded, part-time strategy for early-stage companies where security is part of the product's core architecture.
- Full-Time Role Open to the right long-term mission — ideally a company where security is foundational to its products and identity.
Current work
I'm developing practical frameworks for agent credential control, policy enforcement, and verifiable execution — the missing security layer between increasingly capable AI systems and the real-world authority they are being given.
Vincent Kobel
Over more than a decade, I have worked on and shipped production systems with high security requirements across cybersecurity, digital assets, applied cryptography, confidential computing, key management, and infrastructure.
I have built security functions from scratch, designed custody and wallet security architectures, supported institutional blockchain and staking infrastructure, and worked with product and engineering teams to turn complex trust assumptions into concrete systems.
Built and owned Kiln's security function from scratch, scaling it to a 7-person team across product security, cloud security, infrastructure security, detection and response, GRC, and security operations. Ran threat modeling, architecture reviews, and trust model design for staking, wallets, and key management systems. Led incident response, audit readiness, and a major security incident from detection through resolution.
Built Blockdaemon's cybersecurity program, then owned wallet product security and digital asset security for MPC, confidential computing, and custody products. Led architecture decisions, roadmaps, and commercial technical discussions, working directly with AWS Nitro Enclaves in production. Initiated and drove the strategic acquisition of Sepior, adding MPC IP and a specialist team to Blockdaemon's custody stack.
Founding team member. Owned security architecture for Harmonize, Metaco's institutional cryptocurrency custody platform, from initial threat model through global launch — protecting billions in digital assets for institutional clients. Designed and implemented across HSMs, PKI, MPC, confidential computing, and containerization. Built specialized tooling in Python and Rust. Helped scale the team to over 30 engineers. Metaco was acquired by Ripple in 2023.
Delivered penetration tests, security assessments, applied cryptography, threat modeling, and secure architecture reviews for finance, telecom, critical infrastructure, and high-security event environments, including cybersecurity work supporting the World Economic Forum.
On consciousness and AI
The distinction between intelligence and consciousness — between systems that process and optimize, and beings that actually experience — shapes what we should expect from AI, how much authority we grant it, and where human judgment must remain non-delegable. Capability is not the same as understanding. Performance is not the same as presence.