u/Any_Good_2682

Hi everyone,

I’ve been working on a computer vision approach to a specific security problem in the "Agentic Economy": identifying malicious transaction patterns that are mathematically obfuscated but topologically distinct.

The Problem

Traditional rule-based security engines and even standard GNNs often struggle with "splitting attacks"—where a high-value transaction is fragmented into thousands of micro-transactions to bypass statistical thresholds. However, when these flows are projected as a 2D graph topology, they exhibit very specific adversarial signatures (Star patterns, centralized hubs, mixing chains).

The Approach: VLM for Graph Classification

Instead of relying on graph embeddings, I’ve experimented with a Vision-Language approach using Qwen2-VL-2B-Instruct. The intuition is that VLMs are increasingly efficient at recognizing structural relationships in 2D layouts.

Technical Specs:

Base Model: Qwen2-VL-2B-Instruct.

Fine-tuning: LoRA (r=16, alpha=32) targeting attention projections (q, k, v, o).

Dataset (Dogon-10K): I generated 10,000 synthetic transaction graph images using NetworkX and Matplotlib. The dataset covers four classes: NORMAL, DRAIN_STAR, MIXING_CHAIN, and COORDINATED_CLUSTER.

Hardware / Stack: Trained on an AMD MI300X using the ROCm stack. This was a great opportunity to stress-test PEFT/TRL on AMD hardware for vision-centric tasks.

Why VLM over GNN?

While GNNs are the standard for graph data, the "image-based" approach allowed for faster prototyping of adversarial pattern recognition without the complexity of building a custom graph auto-encoder for every new chain's schema. The VLM’s ability to interpret "visual intent" proved highly effective at distinguishing a decentralized organic ecosystem from a coordinated sybil attack.

Model & Code

The LoRA weights are available on Hugging Face for anyone interested in testing visual graph classification:

The full source code for the inference engine and the Dogon dataset generator is currently being cleaned up.

GitHub: [Under Construction]

I’m particularly interested in hearing if anyone else is using VLMs for visual anomaly detection in abstract data structures (like graphs or network logs).

Hi everyone,

I’ve been working on a computer vision approach to a specific security problem in the "Agentic Economy": identifying malicious transaction patterns that are mathematically obfuscated but topologically distinct.

The Problem

Traditional rule-based security engines and even standard GNNs often struggle with "splitting attacks"—where a high-value transaction is fragmented into thousands of micro-transactions to bypass statistical thresholds. However, when these flows are projected as a 2D graph topology, they exhibit very specific adversarial signatures (Star patterns, centralized hubs, mixing chains).

The Approach: VLM for Graph Classification

Instead of relying on graph embeddings, I’ve experimented with a Vision-Language approach using Qwen2-VL-2B-Instruct. The intuition is that VLMs are increasingly efficient at recognizing structural relationships in 2D layouts.

Technical Specs:

Base Model: Qwen2-VL-2B-Instruct.

Fine-tuning: LoRA (r=16, alpha=32) targeting attention projections (q, k, v, o).

Dataset (Dogon-10K): I generated 10,000 synthetic transaction graph images using NetworkX and Matplotlib. The dataset covers four classes: NORMAL, DRAIN\_STAR, MIXING\_CHAIN, and COORDINATED\_CLUSTER.

Hardware / Stack: Trained on an AMD MI300X using the ROCm stack. This was a great opportunity to stress-test PEFT/TRL on AMD hardware for vision-centric tasks.

Why VLM over GNN?

While GNNs are the standard for graph data, the "image-based" approach allowed for faster prototyping of adversarial pattern recognition without the complexity of building a custom graph auto-encoder for every new chain's schema. The VLM’s ability to interpret "visual intent" proved highly effective at distinguishing a decentralized organic ecosystem from a coordinated sybil attack.

Model & Code

The LoRA weights are available on Hugging Face for anyone interested in testing visual graph classification:

Hugging Face:

https://huggingface.co/Ibonon/imina\\\_na\\\_lora

The full source code for the inference engine and the Dogon dataset generator is currently being cleaned up.

GitHub: \[Under Construction\]

I’m particularly interested in hearing if anyone else is using VLMs for visual anomaly detection in abstract data structures (like graphs or network logs).

Hi everyone,

I’ve been working on a computer vision approach to a specific security problem in the "Agentic Economy": identifying malicious transaction patterns that are mathematically obfuscated but topologically distinct.

The Problem

Traditional rule-based security engines and even standard GNNs often struggle with "splitting attacks"—where a high-value transaction is fragmented into thousands of micro-transactions to bypass statistical thresholds. However, when these flows are projected as a 2D graph topology, they exhibit very specific adversarial signatures (Star patterns, centralized hubs, mixing chains).

The Approach: VLM for Graph Classification

Instead of relying on graph embeddings, I’ve experimented with a Vision-Language approach using Qwen2-VL-2B-Instruct. The intuition is that VLMs are increasingly efficient at recognizing structural relationships in 2D layouts.

Technical Specs:

Base Model: Qwen2-VL-2B-Instruct.

Fine-tuning: LoRA (r=16, alpha=32) targeting attention projections (q, k, v, o).

Dataset (Dogon-10K): I generated 10,000 synthetic transaction graph images using NetworkX and Matplotlib. The dataset covers four classes: NORMAL, DRAIN\_STAR, MIXING\_CHAIN, and COORDINATED\_CLUSTER.

Hardware / Stack: Trained on an AMD MI300X using the ROCm stack. This was a great opportunity to stress-test PEFT/TRL on AMD hardware for vision-centric tasks.

Why VLM over GNN?

While GNNs are the standard for graph data, the "image-based" approach allowed for faster prototyping of adversarial pattern recognition without the complexity of building a custom graph auto-encoder for every new chain's schema. The VLM’s ability to interpret "visual intent" proved highly effective at distinguishing a decentralized organic ecosystem from a coordinated sybil attack.

Model & Code

The LoRA weights are available on Hugging Face for anyone interested in testing visual graph classification:

Hugging Face:

https://huggingface.co/Ibonon/imina\\\_na\\\_lora

The full source code for the inference engine and the Dogon dataset generator is currently being cleaned up.

GitHub: \[Under Construction\]

I’m particularly interested in hearing if anyone else is using VLMs for visual anomaly detection in abstract data structures (like graphs or network logs).

Hey r/ethereum,

I just submitted ArcWarden to a lablab.ai hackathon on Arc L1. Wanted to share what I built because the concept is a bit different from what you usually see in the agentic space.

The problem

Autonomous AI agents managing USDC wallets on blockchain have zero native security layer. A compromised agent can drain a wallet in seconds. Existing solutions cost $0.30+ per transaction — on $0.001 nano-payments, that's structurally impossible to justify economically.

What I built

ArcWarden is an autonomous security agent that charges $0.001 USDC to evaluate every transaction from another agent before it executes. It has its own Circle wallet, its own treasury, and autonomously pays its own intelligence providers (Claude API). It's not a monitoring tool bolted on the outside — it's a participant in the economy it secures.

4 simultaneous protection layers:

Behavior analysis — amount vs. agent historical average, frequency spikes, trust score

Anti-splitting — 10-minute sliding windows. An attacker fragmenting $45 into 90 micro-transactions of $0.50 gets blocked at transaction #9

Service reputation — if 3 agents report a fraudulent service, every subsequent agent is automatically protected. Collective learning, no human in the loop

Contract analysis — EVM bytecode inspection, unprotected drain functions, upgradeable proxy detection

Every decision returns ALLOW / BLOCK / ESCALATE in under 5ms.

What makes this real and not just a demo

The thing I'm most proud of: a Vyper 0.4.3 smart contract deployed on Arc testnet that immutably records every blocked attack — pattern hash, attacker address, attempted amount, risk score, triggering layer.

Contract v1 (migrated for a technical reason — the EVM selector changed when I updated the ABI from String[64] to address as first param, producing a completely different 4-byte selector that was silently rejected by the EVM) recorded 748 attacks for $1,682.92 USDC protected during testing.

The active v2 contract is fully verifiable here:

👉 https://testnet.arcscan.app/address/0x17430A67e11535466cC5f17e736D5e4643B86ba1

That's real onchain proof. Not screenshots.

The ecosystem runs in a real closed loop:

5 autonomous agents with real Circle Developer-Controlled Wallets — PayerAgent, AttackerAgent, LearnerAgent, GrayZoneAgent, MonitorAgent. They pay ArcWarden in real USDC. ArcWarden receives, evaluates, pays Claude for ambiguous cases, logs decisions on Arc. 389 onchain transactions confirmed.

The economic loop:

ArcWarden security cost: $0.001/decision

Traditional SIEM: $0.30+ per transaction

Savings: 99.7% — only viable because of Arc's near-zero fees (~$0.000003 per tx)

ArcWarden is itself an economic agent. It earns revenue, pays its own expenses, manages its own P&L, and autonomously switches operating modes (NORMAL → DEGRADED → EMERGENCY) based on its treasury balance — zero human intervention.

Bonded Oracle model

ArcWarden operates with a Guaranty Fund — it deposits USDC as collateral to prove solvency before accepting clients. This bridges the gap between anonymous agents and accountable security providers. The fund is managed via the smart contract and verifiable by anyone on ArcScan.

The honest part

The demo video was too technical. Reviewers didn't understand what they were looking at and scored 1/5 across the board. The code is solid, the presentation wasn't. Lesson learned the hard way.

Tech stack

Python / FastAPI · asyncio · web3.py · Vyper 0.4.3 · Circle DCW ×6 · x402 protocol · Next.js · SQLite · numpy · Claude API (optional escalation)

Links

🔗 GitHub: https://github.com/ibonon/Arcwarden

⛓️ Smart contract (v2 active): https://testnet.arcscan.app/address/0x17430A67e11535466cC5f17e736D5e4643B86ba1

Live demo on x= https://x.com/i/status/2047584585643425915

🏆 lablab.ai submission: https://lablab.ai/ai-hackathons/nano-payments-arc/omni/arcwarden-autonomous-security-oracle

Feedback welcome — especially on the Risk Engine architecture and the Oracle economic model.

Solo build · Ouagadougou, Burkina Faso · 5 days