Blue Motion Labs: security, compliance, and AI governance notes
I'm John Abraham. I write practical security, AI governance, and crypto risk frameworks, and take on a small number of consulting engagements.
Playbooks
A security checklist for on-chain treasury and multisig setups
ChecklistSigner management, quorum design, monitoring, and offboarding risk.
A risk assessment framework for stablecoins and crypto treasuries
FrameworkA layered methodology for scoring stablecoin and crypto protocol risk, from settlement mechanics to end-user exposure.
Field Notes
What actually belongs in an AI agent security policy
FrameworkAgent inventory, kill-switches, API scope governance, and how it maps to the OWASP LLM/Agentic Top 10.
From Web1 to Web3 Security
FrameworkWhy Web3 security failures mostly repeat Web1 and Web2 mistakes, and what a real program needs beyond smart contract audits.
Projects
StableScope
Live toolA stablecoin registry and search tool with a live freeze-events monitor.
Stablecoin Risk Assessment Framework
Open sourceThe layered scoring methodology behind the stablecoin risk note, maintained as an open repo.
MCPCheck
In devA free tool that scans any MCP server for security red flags (risky permissions, missing auth, hidden prompt-injection risks) before you add it to your AI agent.
Hookd
AI dev testA one-day test of shipping an entire stack with AI tooling: iOS app, REST API, companion site, and App Store publishing, all in a day. Rough around the edges by design, more a capability test than a polished product.
Work with me
- Security program design and implementation, from the ground up
- Risk management, so security investment goes where it delivers the most value
- Fractional CISO retainers
- Compliance readiness projects (SOC 2, ISO 27001)
- AI governance policy work for teams running production AI agents