The Cardano Threat Intelligence (CTI) initiative will establish a community-driven, open-source platform for security education, threat reporting, and vulnerability documentation within the Cardano ecosystem. Built on Andamio’s learn-to-work infrastructure, the project will combine educational content with real-world intelligence workflows to grow a network of skilled contributors and enhance the ecosystem’s overall resilience.

The development work under this proposal includes:

1. Creation of the CTI Knowledge Base: We will research, document, and publish detailed reports on at least 13 unique vulnerabilities and weaknesses relevant to Cardano’s architecture (on-chain, off-chain, network, etc.). Each report will follow a standardized format using the CTI template and be categorized using the CTI numbering system.
2. Finalization of the CTI CIP: The Cardano Improvement Proposal (CIP) for CTI will be finalized and submitted, outlining the formal structure for vulnerability classification, Watchdog participation, and threat disclosure.
3. Train the Trainers - Developing PBL capacity: It is crucial to generate the capacity to scale this initiative. This stage will empower the broader community to contribute and participate in this project as it grows and evolves along with Cardano. Participants trained as PBL educators will contribute to this and later iterations of this initiative, designing and creating content to educate participants.
4. Development of Security Training Modules and Educational Resources: Leveraging the Andamio platform, we will design and deploy a Project-Based Learning (PBL) curriculum focused on blockchain security, smart contract auditing, and secure development practices. This curriculum will include hands-on challenges using intentionally vulnerable smart contracts, paired with a suite of at least five high-quality video demonstrations that walk learners through real-world attack scenarios, exploit analysis, and remediation techniques. These interactive resources will provide both theoretical knowledge and practical experience, enabling participants to build the skills needed to identify and mitigate security risks in Cardano smart contracts.
5. Deployment of the CTI Platform on Andamio: All training materials, threat reports, and participation pathways will be published via the Andamio platform. Contributors who complete courses and demonstrate expertise will be able to join the CTI Watchdogs—a decentralized security working group responsible for ongoing threat detection and disclosure.
6. Community Onboarding and Public Disclosures: The first cohort of CTI participants will be onboarded, and public disclosure practices will be initiated via GitHub, social media, and Andamio. This includes publishing new CTI reports and engaging the broader Cardano community in collaborative threat monitoring.
7. CTI Watchdog Operations and Rewards Management: Once operational, CTI Watchdogs (vetted security contributors) will use Andamio’s project management infrastructure to review, verify, and process newly submitted reports of vulnerabilities and weaknesses from the community. Verified reports will be published through the CTI repository, and the original reporters will be rewarded accordingly—with rewards managed transparently and distributed using Andamio’s built-in incentive mechanisms.
8. Ongoing Community Engagement and Threat Disclosure: CTI Watchdogs will also be able to coordinate and distribute reward arrays for broader community contributions (e.g., triage support, translations, reproductions). Public disclosures will be shared through GitHub, the CTI repository, social channels, and the Andamio platform, creating a transparent and collaborative model for security research in Cardano.

By the end of the project, CTI will deliver a working threat intelligence and security education system—setting a new standard for decentralized, community-led security in blockchain ecosystems.

This proposal seeks to address a critical gap in proactive security awareness, threat detection, and coordinated vulnerability disclosure within the Cardano ecosystem.

While Cardano continues to grow in adoption, complexity, and smart contract usage, there is currently no standardized, community-driven framework for:

• Identifying and documenting vulnerabilities in a structured and actionable way
• Educating developers, auditors, and stakeholders about security best practices
• Coordinating responsible disclosure of on-chain and off-chain threats
• Empowering ecosystem contributors to actively participate in securing the protocol

As a result, vulnerabilities can go undetected, underreported, or misunderstood, increasing the risk of exploits, loss of funds, reputational damage, and ecosystem fragmentation.

The Cardano Threat Intelligence (CTI) initiative directly addresses this problem by:

• Creating a public knowledge base of real-world vulnerabilities, categorized and risk-assessed
• Developing educational content and interactive training modules to raise security literacy
• Establishing reporting processes and a community Watchdog team to triage and validate threats
• Driving community engagement around proactive security contributions and responsible disclosure

By bridging the gap between technical research, security education, and community operations, this proposal lays the foundation for a sustainable and decentralized threat intelligence capability that protects Cardano’s users, developers, and long-term mission.

The Cardano ecosystem is rapidly expanding, yet it lacks a dedicated, standardized infrastructure for security education, threat identification, and coordinated vulnerability disclosure. This creates a critical gap in ecosystem resilience, as developers, auditors, and community contributors often operate without access to structured security knowledge or formal threat intelligence processes.

Without a proactive security framework, vulnerabilities—whether in smart contract logic, infrastructure configuration, or broader network design—can go unnoticed, unreported, or misunderstood. This not only increases the likelihood of security incidents but also discourages adoption by teams that lack resources for high-cost third-party audits.

Moreover, existing threat intelligence in the Cardano space is fragmented, with no public repository for recurring weaknesses, no taxonomy for vulnerability classification, and no clear pathways for contributors to formally participate in security monitoring or disclosure efforts.

This proposal seeks to address these issues by launching the Cardano Threat Intelligence (CTI) initiative—a security education and intelligence framework built on Andamio. CTI will empower the community to identify, assess, and disclose threats through open training, structured documentation, and the creation of a shared security knowledge base. It will create pathways for individuals to become certified CTI Watchdogs, ensuring that security is not only everyone’s responsibility but also everyone’s opportunity.

This proposal represents a foundational build-out phase of the Cardano Threat Intelligence (CTI) initiative. By the end of this tranche, CTI will deliver a fully functional and publicly accessible platform—integrated into Andamio—with core systems, educational infrastructure, and threat intelligence processes operational. This lays the groundwork for a long-term, self-sustaining security network for the Cardano ecosystem.

Key Milestones and Deliverables

1. Team Formation & Kickoff

Deliverables:

• Finalized hires and contributor agreements for core roles.
• Clear alignment on project scope, roles, deliverables, and timelines.
• Onboarding sessions completed; workflows and communication tools established.

Acceptance Criteria:

• All key contributors confirmed and onboarded.
• Shared understanding of expectations and responsibilities.
• Functional infrastructure in place for team collaboration and milestone tracking.

2. Train the Trainers Workshops

Deliverables:

• Four structured workshops covering backwards design, SLT development, course building, and content planning.
• Miro board and full recordings documenting workshop outcomes.
• Assembly of the core PBL design and education team.

Acceptance Criteria:

• Complete video recordings of all workshops.
• Finalized course outline and content development plan.
• Team documentation and education delivery framework.

3. CTI CIP Finalization and Educational Content Development

Deliverables:

• A completed CIP draft defining CTI’s framework, identifier format (CTI-YYYY-AAA-TT-N), and Watchdog roles.
• Five smart contract security videos demonstrating real-world vulnerabilities and remediation strategies.
• Design and deployment of interactive exercises and PBL modules on Andamio.

Acceptance Criteria:

• Submission-ready CTI CIP reviewed and approved internally.
• High-quality videos illustrating exploitation techniques and secure coding principles.
• Interactive, skill-building content fully deployed on Andamio.

4. CTI Platform Deployment and Community Onboarding

Deliverables:

• Deployment of the CTI platform on Andamio with knowledge base and training materials.
• First cohort onboarding, including auditors, developers, and researchers.
• Communication channels for vulnerability reporting and collaboration.

Acceptance Criteria:

• Fully functional CTI platform with all planned features and courses live.
• Successful onboarding of initial participants.
• Established communication processes for community engagement.

5. CTI Watchdog Implementation and Initial Operations

Deliverables:

• Recruitment and setup of the CTI Watchdogs team with defined roles and criteria.
• Implementation of vulnerability review and categorization workflows.
• Processing of initial community-submitted vulnerabilities.

Acceptance Criteria:

• Operational CTI Watchdogs team with clear responsibilities.
• Efficient triage and review workflows in place.
• Verified processing of early vulnerability reports from the community.

6. Public Engagement, Disclosure & Sustainability

Deliverables:

• Public disclosure of validated vulnerabilities via GitHub, CTI repository, and social media.
• Community-facing events (e.g., webinars, Twitter Spaces) to foster engagement.
• Iterative improvements to the platform and a long-term sustainability plan.

Acceptance Criteria:

• Timely and transparent publication of vulnerability disclosures.
• Positive community feedback and increased participation.
• A clear, actionable roadmap for ongoing platform support and expansion.

Final Outcomes for the Community

By the end of this phase, the community will receive:

• CTI Platform Live on Andamio: A user-friendly, accessible learning and contribution platform featuring hands-on security training and a comprehensive threat intelligence library.
• Finalized CTI CIP: A peer-reviewed and submitted Cardano Improvement Proposal defining CTI’s structure, classification system, and governance model.
• Public Vulnerability Repository: A living GitHub repository of categorized and disclosed Cardano vulnerabilities, following the CTI identifier format.
• Project-Based Learning Curriculum: A deployed PBL track focused on smart contract security, including real-world exercises and intentionally vulnerable code.
• CTI Watchdog Onboarding Pathway: A transparent credentialing and onboarding path for community contributors to become active security reviewers.
• Active Disclosure & Engagement Process: A recurring cycle of vulnerability disclosures, community education, and ecosystem-wide security collaboration.

With this foundation, CTI will operate as a self-sufficient, open-source platform—driven by community contribution and committed to protecting Cardano’s future through education, transparency, and collaborative security practices.

The total estimated cost for the successful delivery of the Cardano Threat Intelligence (CTI) initiative is ₳424,000, spanning a 12-month development and implementation period. This budget has been carefully calculated using a conservative ADA to USD exchange rate of ₳1 = $0.50, ensuring that the project remains viable and fully funded even in bear-market conditions.

The budget is designed to support the entire CTI lifecycle, from research and curriculum development to technical implementation and community activation. It covers personnel costs, content production, platform deployment, and community engagement activities.

In the initial phase (₳68,000), funds are allocated to form the core project team, including an Education Project Manager (PM) / Coordinator, instructional designers, and subject matter experts (SMEs). This stage ensures that operational workflows are defined and that team members are aligned on expectations and deliverables.

The second milestone (₳68,000) focuses on training the trainers and planning the CTI curriculum. Funding supports the delivery of four structured educational design workshops, development of a course architecture, and the work of trainers, instructional designers, and project-based learning (PBL) specialists.

The third and most resource-intensive milestone (₳106,000) involves drafting the Cardano Improvement Proposal (CIP) for CTI, creating educational content (including video demonstrations), and designing hands-on exercises. Costs here reflect the contributions of cybersecurity SMEs, content writers, a video producer, and PBL developers.

The fourth milestone (₳68,000) supports the deployment of CTI training modules and the knowledge base to the Andamio platform. This includes QA testing and final content integration, primarily led by SMEs and the Education PM.

During Milestone Five (₳66,000), the project will onboard and train CTI Watchdogs—responsible for managing the threat intelligence workflow. This phase includes the implementation of reporting processes and initial vulnerability intake operations.

The final milestone (₳48,000) funds the public disclosure of validated vulnerabilities, hosting of community workshops, and development of a sustainability plan. It also covers community engagement efforts such as GitHub repository management and social media outreach.

Personnel costs are distributed as follows over the relevant time periods:

• Education PM / Coordinator is engaged throughout the full year, with an estimated cost of ₳132,000.
• Two SMEs (Smart Contract Developers & Cybersecurity Experts) contribute over 8 months at a total of ₳128,000.
• Instructional Designer, active for 8 months, is budgeted at ₳56,000.
• Train the Trainers Instructor, engaged for 4 months, is allocated ₳28,000.
• PBL Curriculum Developer, contributing over 4 months, is budgeted at ₳24,000.
• Content Writer / Script Developer, engaged for 7 months, totals ₳42,000.
• Video Producer, involved in 2 months of content creation, accounts for ₳14,000.

To successfully deliver the CTI platform and complete all outlined milestones, this proposal estimates a core team of 5–7 contributors operating over a 12-month development cycle. This team brings together educators, technical experts, and creative contributors to ensure both pedagogical quality and technical accuracy.

Estimated Team Composition

• Curriculum Coordinator / Education PM (1) Oversees the education pipeline, manages timelines, and coordinates curriculum version control and SME reviews.

  • Manages curriculum assets and Miro boards
  • Schedules SME sessions and handles feedback cycles
  • Tracks deliverables across contributors
    ✅ Delivers: Updated curriculum drafts, feedback loop integration, aligned review schedule

• Subject Matter Experts – Smart Contracts & Cybersecurity (2) Provide domain validation and technical oversight to ensure content accuracy and real-world relevance.

  • Review and sign off on vulnerabilities, lessons, and exercises
  • Co-design labs and advise on curriculum scope
    ✅ Delivers: Reviewed content, validation memos, annotated feedback

• Train the Trainer Instructor (1) Leads workshops to prepare new educators and contributors for content creation and facilitation.

  • Delivers 4 workshops on backward design and PBL principles
  • Provides mentorship and support for new facilitators
    ✅ Delivers: Workshop recordings, Miro boards, facilitator cohort

• Instructional Designer (1) Structures the course using backward design, SLTs, and module architecture in collaboration with SMEs.

  • Drafts learning targets, rubrics, and quizzes
  • Aligns technical content with educational goals
    ✅ Delivers: Module blueprints, assessment design, course map

• Content Writer / Script Developer (1) Translates technical insights into learner-friendly materials and video scripts.

  • Writes module narratives and example walkthroughs
  • Develops scripts for smart contract demos
    ✅ Delivers: Written modules, video scripts, explanatory docs

• PBL Curriculum Developer (1) Designs hands-on, challenge-based activities rooted in project-based learning principles.

  • Integrates smart contract tasks and labs
  • Scaffolds activities for progressive skill-building
    ✅ Delivers: Labs, challenge templates, activity rubrics

• Multimedia / Video Producer (1) Produces visually engaging videos and animations to support the curriculum.

  • Records, edits, and polishes educational media
    ✅ Delivers: 5 video lessons, microlearning clips, demo walkthroughs

Estimated Timeline

Total Duration: 12 months
Each milestone is scoped for delivery across a structured development timeline:

• Months 1–2: Team Formation & Kickoff

  • Finalize hires, agreements, and roles
  • Align expectations and deliverables
  • Conduct onboarding sessions and set up workflows

• Months 3–4: Train the Trainers & Curriculum Planning

  • Deliver four core design workshops
  • Finalize the curriculum framework and course architecture
  • Map the CTI knowledge base structure

• Months 5–6: CIP & Educational Content Creation

  • Submit the CTI CIP draft
  • Produce scripts, videos, and labs
  • Complete SME content validation and reviews

• Months 7–8: Platform Deployment & Beta Testing

  • Upload training materials to Andamio
  • Conduct QA and platform testing
  • Onboard beta users and refine platform UX

• Months 9–10: Watchdog Onboarding & Threat Intake

  • Train and initiate the CTI Watchdogs team
  • Launch vulnerability intake and triage workflows
  • Process and categorize initial reports

• Months 11–12: Public Disclosure & Sustainability Planning

  • Publish validated disclosures via GitHub and social channels
  • Host community workshops and feedback events
  • Finalize a sustainability roadmap for ongoing operations

Adrian Hüetter

Smart Contract Developer

Builds scalable and secure smart contracts, enabling Andamio’s credentialing and reputation systems.

James Dunseith

Lead App Developer

Leads the vision and builds Andamio’s contributor-facing application with a focus on seamless UX and decentralized learning experiences.

HongJing (Jingles) K

Technical Product Manager & Solutions Architect

Designs technical solutions bridging product requirements and engineering, enabling scalable platform architecture.

M. Ali Modiri (Mix)

Smart Contract Developer

A malware analyst and CIP 96 author, Ali’s expertise spans from assembly to high-level languages, focused on Plutus smart contract development.

Nelson Kshetrimayum

Lead API Developer

Develops Andamio’s core API infrastructure, ensuring secure, scalable access for contributors and organizations.

Nori Nishigaya

Governance & Community Building Lead

Fosters decentralized governance, cultivating vibrant communities and resilient decision-making frameworks.

Roberto Mayen

Product Manager

Leads the design, and delivery of Andamio’s platform, blending product innovation and community-driven development.

Sebastian Pabon

Key Partnerships & Customer Relations

Cultivates strategic partnerships and drives user onboarding to grow the Andamio ecosystem.

Yoram Ben Zvi

Business Models & Strategy Lead

Develops Andamio’s sustainable business models, aligning decentralized impact with long-term growth.

After the initial development phase, the Cardano Threat Intelligence (CTI) initiative will be maintained and supported through a combination of community involvement, structured operational roles, and long-term sustainability planning. Here’s how ongoing support will be ensured:

1. Ongoing Operations via the CTI Watchdogs Team A core output of this proposal is the formation of the CTI Watchdogs—a dedicated group of trained contributors responsible for:

• Reviewing, validating, and categorizing vulnerability reports
• Maintaining the integrity and accuracy of the CTI knowledge base
• Supporting the disclosure process and coordinating with affected parties This team will operate beyond the funded period, with clear onboarding guidelines, documentation, and roles established during the initial phase.

2. Platform Sustainability via Andamio All educational content and interactive modules will be hosted on Andamio, a decentralized learning platform designed for long-term access and modular updates. The CTI curriculum and vulnerability database will be:

• Continuously updated as new threats and research emerge
• Open to contributions from security professionals and the broader Cardano community
• Integrated into ongoing Andamio learning pathways for auditors, developers, and protocol contributors

3. Community Engagement and Growth To ensure ongoing relevance and participation, CTI will foster:

• Public workshops, webinars, and AMA sessions to share updates and collect feedback
• Collaborations with Cardano ecosystem partners to embed security practices across projects
• Recognition and reward mechanisms (e.g., bounties, contributions tracking) for active participants

https://github.com/input-output-hk/Certification-working-group/pull/25 https://github.com/cardano-foundation/CIPs/pull/499

The success of the CTI initiative relies on the following key dependencies:

• Andamio Platform Integration (External/Internal)

  The CTI curriculum and contributor pathways will be deployed on the Andamio platform, which provides the learn-to-work infrastructure. Andamio’s functionality—including course publishing, credentialing, and on-chain contribution tracking—is essential for delivering and scaling the educational components of this project. As co-creators of Andamio, we have direct control over integration and support.

• Completion and Acceptance of the CTI CIP (Internal)

  Finalizing and submitting the CTI Cardano Improvement Proposal is a foundational step for standardizing the CTI framework. This CIP defines the structure for vulnerability classification, the CTI template, and Watchdog participation. While the draft is already under development, formal submission and community acceptance are key milestones.

• Security Expertise and Vulnerability Discovery (Internal)

  In order to create a meaningful and credible threat intelligence repository, the project depends on identifying real, relevant vulnerabilities in the Cardano ecosystem. This will be achieved through internal audits, research, and collaboration with established security experts.

• Collaboration with Ecosystem Partners (e.g., Vacuumlabs, Mlabs) (External)

  Support from experienced auditing firms and developer groups will help validate early disclosures, test our reporting standards, and ensure alignment with real-world security needs. Initial support from these groups has been positive, and ongoing cooperation will enhance the legitimacy and utility of the CTI knowledge base.

• Community Participation and Onboarding (External)

  To scale the CTI Watchdogs network and ensure sustainability, the project depends on active engagement from the Cardano community, for example Gimbalabs. This includes learners joining the training tracks, researchers submitting findings, and developers providing feedback on reports. Outreach and onboarding will be an ongoing focus throughout the project lifecycle.