Software is being given authority. Trust must be provable, not assumed.
Expertise
- Verifiable authority
- AI agent security
- Applied cryptography
- Confidential computing
- Key management
- Infrastructure security
- Security strategy
Technologies
- AWS Nitro · Intel TDX · AMD SEV
- MPC · HSMs · PKI · Attestations
- Rust · Python · Go
- Reproducible Builds
I work with teams building systems that hold or delegate authority — keys, credentials, agents, policies, and privileged actions — and help make that authority constrained, auditable, and provable.
The recurring question is simple: under what conditions should a system be allowed to release authority?
A private key. A signing capability. An access token. A privileged API call. A delegated permission into a system too complex to simply trust.
My focus is on the primitives that make this provable: confidential computing, remote attestation, ZK proofs, and policy-bound credentials that constrain what a system can do before it acts — and let it demonstrate that constraint to the parties relying on it.
Once systems can act, security is not only about preventing compromise. It is about deciding what they are allowed to do, under which conditions, and what they can prove before authority is granted.
How we can work together
- Advisory Retainer Ongoing technical advisory for founders and engineering teams — hands-on engagement on trust models, agent security, and cryptographic design, working directly alongside the team.
- Technical Audits & Threat Modeling Hands-on codebase review and threat model validation for any company with security-critical work — engaged at the design phase before decisions harden, or brought in to independently assess architecture as the system grows in complexity.
- Architecture & Research Sprints Fixed-term design and build sprints — trust model design, working prototypes, and technical narratives that turn hard security primitives into concrete, testable designs before assumptions harden into the product.
- Fractional Security & Product Advisor Part-time embedded engagement for security-critical companies — moving hands-on between product design, architecture, engineering, and research as a security principal with a stake in what gets built.
- Full-Time Role The right long-term mission — a role with real scope, building and leading at the intersection of security, product, and engineering, at a company where security is foundational to what gets shipped.
Consulting Fit & Boundaries
| Domain | What I Do | What I Don't Do |
|---|---|---|
| How I Work | Embedded and hands-on — I read the code, stress-test the architecture, and work directly with the engineering team. | High-level advisory disconnected from the technical reality of the product. |
| Core Expertise | Trust architecture, verifiable execution (TEEs, ZK), applied cryptography, policy engines, wallet security, AI agent security. | Corporate compliance (SOC2, ISO), internal IT risk management, checkbox security. |
| Technical Audits | Hands-on codebase reviews, architectural threat modeling, and policy engine assessments in high-assurance domains. | Routine vulnerability scanning, endpoint security management, or automated report delivery. |
| System Architecture | Design and review of trust models, credential systems, confidential computing stacks, and secure enclave deployments. | Generic infrastructure setup, cloud migration, DevOps, or network administration. |
| Strategic Role | Fractional security strategy and trusted advisory for founders and engineering leadership. | Full-time operational CISO, traditional IT management, or staff augmentation. |
| Ideal Environment | Systems where security is foundational: sensitive assets, autonomous agents, cryptographic infrastructure, or security-critical products. | Environments treating security purely as a regulatory afterthought. |
Current projects
- Agent credentials
- Policy enforcement
- Verifiable execution
I'm developing practical frameworks for agent credential control, policy enforcement, and verifiable execution — the missing security layer between increasingly capable AI systems and the real-world authority they are being given.
An early path toward a TEE-backed credential gateway for AI agents. It gives tools revocable phantom tokens instead of real API keys, centralizes route scoping and rotation, and moves credential injection toward an attestable TDX trust boundary.
A practical diagnostic for engineering teams building on confidential computing. Designed to answer the question theoretical attestation guarantees leave open: how much of this system can actually be independently verified in production?
What I've built
Vincent Kobel
Over more than a decade, I have worked on and shipped production systems with high security requirements across cybersecurity, digital assets, applied cryptography, confidential computing, key management, and infrastructure.
I have built security functions from scratch, designed custody and wallet security architectures, supported institutional blockchain and staking infrastructure, and worked with product and engineering teams to turn complex trust assumptions into concrete systems.
Built and owned Kiln's security function from scratch, scaling it to a 7-person team across product security, cloud security, infrastructure security, detection and response, GRC, and security operations. Ran threat modeling, architecture reviews, and trust model design for staking, wallets, and key management systems. Led incident response, audit readiness, and a major security incident from detection through resolution.
Built Blockdaemon's cybersecurity program, then owned wallet product security and digital asset security for MPC, confidential computing, and custody products. Led architecture decisions, roadmaps, and commercial technical discussions, working directly with AWS Nitro Enclaves in production. Initiated and drove the strategic acquisition of Sepior, adding MPC IP and a specialist team to Blockdaemon's custody stack.
Founding team member. Owned security architecture for Harmonize, Metaco's institutional cryptocurrency custody platform, from initial threat model through global launch — protecting billions in digital assets for institutional clients. Designed and implemented across HSMs, PKI, MPC, confidential computing, and containerization. Built specialized tooling in Python and Rust. Helped scale the team to over 30 engineers. Metaco was acquired by Ripple in 2023.
Delivered penetration tests, security assessments, applied cryptography, threat modeling, and secure architecture reviews for finance, telecom, critical infrastructure, and high-security event environments, including cybersecurity work supporting the World Economic Forum.
On consciousness and AI
I care about the distinction between intelligence and consciousness: between systems that process, optimize, and simulate understanding, and beings for whom there is something it is like to be. Capability is not understanding. Performance is not presence. As AI systems gain authority over decisions, tools, credentials, and people, this distinction matters because it shapes what we should expect from them, what we should refuse to project onto them, and where human judgment must remain non-delegable.