Working groups and discussions are great, but recent exploits were not novel imo (I'm not talking about the method in which access was gained, be it phishing, social engineering, etc., but what the attackers were able to do after keys were obtained.) USR was an unlimited mint on a SERVICE_ROLE. Drift was a 2/5 multisig with 4 new signers and 0 timelock. So, I'd say the two aren't mutually exclusive. You need coordination AND you need to actually give a care about opsec, access controls, and privilege separation. Right now, too many teams treat risk/security as someone else's problem until it's everyone's problem. Crypto also has a penchant for reinventing the wheel. We love to rename things! But solutions for different threats already exist - CrowdStrike - Palo Alto - Wiz - etc We don't need to rebuild Web2 security from first principles. We need to adopt what works and focus energy on the stuff that's actually novel, which actually sounds like what @andrewhong5297 is describing here. AI and better tooling can make the technical stuff less intimidating, but only if there's a culture/standard around it