Safe Labs CEO Rahul Rumalla on why approval alone isn't control, and how Safe's Workspace, Shield Copilot, and Security Hub bring continuous protection to treasuries.
Safe{Labs}
8 July 2026
)
Multisig made shared approval possible. But approval alone isn't control, and for onchain teams managing real money, that gap is starting to matter a lot.
That's the case Rahul Rumalla, CEO of Safe Labs, laid out at DappCon 2026. Tracing the shift from Cypherprise, Safe's 2025 philosophy on how onchain organizations should hold and govern assets, into an actual product built around one idea: control needs to be continuous, not a one-time checkbox.
AI has made it cheaper and faster to scan code, hunt for vulnerabilities, and build exploits. Web3 hands attackers an open book: public contracts, public configs, public approvals, sitting there indefinitely. Mandiant's data shows the average time-to-exploit shrinking by about a week. Weak assumptions are easier to find than ever. Account setup hasn't kept pace.
Here's the deeper problem: audits check components, not workflows. A contract can be audited, the frontend clean, the infra solid, and the system connecting them can still be fragile. Safe's answer is to protect the whole path — setup, operate, sign, monitor, respond — as one continuous layer, not a pile of separately-verified parts.
As teams grow, a single multisig rarely stays single. It splits into a reserve, a payments account, a grants pool, DeFi positions, protocol admin, each with a different job, different risk, different rules. Treating them all the same is how mistakes happen.
Multisig answers one question: who can approve? Rahul argues teams need to ask two more:
Negative control: what should this account never be allowed to do?
Delegated control: what can act on its own, safely, within limits?
Positive, negative, and delegated control together are what actually define an account, not just its signer list.
A ‘payments Safe’ isn't just a wallet with approvers. It's an account with a defined role: it holds an operating balance (never the treasury), sends only to known vendors, needs finance-signer approval, and runs under daily limits and allowlists. Multiply that logic across reserve, grants, DeFi ops, and protocol admin, and each account gets its own threshold, its own guardrails, matched to what it's actually for, all inside one workspace.
Bots, modules, co-signers, automation, genuinely useful, but only when scoped tightly. A treasury Safe can grant a bot permission to execute approved workflows, stay within spend limits, and trigger verification, while being explicitly blocked from changing owners, installing modules, or touching reserve funds. The rule of thumb: delegation should be narrow, visible, and revocable.
More accounts, more signers, more chains, control only holds up if someone can see all of it, continuously, in one place. That's the gap Safe's newest tools are built to close:
Workspace: every Safe a team runs, members and roles shared across accounts, activity consolidated into one view.
Shield Copilot: simulates and scans every transaction before signing, flagging things like incompatible Safe versions or low-activity recipients before you approve, not after.
Workspace Security Hub: a live security score per account, backed by a growing set of automated checks.
The roadmap pushes protection closer to how teams actually operate:
Policies, timelocks, and spend limits to define what an account can and can't do.
SafeNet and verifier integrations for independent checks before execution.
Risk monitoring for DeFi exposure, depeg risk, and protocol-level threats.
When risk changes, controls should respond.
Multisig gave teams shared approval. The next era is shared, continuous control, separating responsibilities, setting rules, verifying transactions, monitoring accounts, and responding to risk, as one connected system instead of five disconnected habits.
The future of self-custody is continuous assurance. Not just approval. Confidence across the whole workflow.
Safe{Labs}
8 July 2026
Copy link
