Ninja Knows, ShoGun Stops — The Day 1 to Day 5 Roadmap

--

Ninja Medium Series (5/5) — Kazuki Kaneshiro / Founder, ZKSC Inc.

Press enter or click to view image in full size

What the Title Means — Splitting the Roles

Ninja’s Intelligence Core is the “know” part.

Shogun sits under Ninja as the “stop” layer. It’s a Control Layer function that lives alongside the Intelligence Core and Delivery Layer.

These two are unified into a single platform we call Agentic Security Controlplane — a three-layer architecture. It’s the security base for DeFi and Agentic Finance.

Why split “know” and “stop”? Because Web2 financial institutions learned over 50 years that judgment (fixing the facts) and execution (stopping the action) should belong to different teams with different responsibilities. Credit card fraud detection is done by the detection team. Transaction stops are handled by a separate operations team. Auditors audit the detection logic itself. Three roles, separated. If one gets compromised, the other two can catch it.

Web3 hasn’t done this yet. Detection and execution collapse into one contract, one screen, one human’s judgment. In the Radiant case and the Bybit case, a signer looking at one screen was carrying both detection and execution at once. If they’d been split, one side would have stopped it.

Splitting Ninja and Shogun brings this Web2 principle into DeFi and Agentic Finance.

Three-Layer Architecture — Agentic Security Controlplane

Here’s the actual structure.

Ninja (Agentic Security Controlplane)
│
├── Ninja Intelligence Core (Know)
│   ├── Entity Intelligence    — Know the counterparty
│   ├── Action Intelligence    — Read the action
│   ├── Position Intelligence  — Track the assets
│   └── Learning               — Evolve through feedback
│
├── Ninja Delivery Layer (Deliver)
│   ├── NinjaScan (Telegram Bot)
│   ├── Dashboard
│   ├── API
│   └── MCP
│
└── Shogun (Govern / Stop)
    ├── Policy Engine
    ├── Whitelist Management
    ├── Approval Flow
    └── Automated Actions

Ninja Intelligence Core is the “know” part. It has three Intelligence domains plus Learning. Entity tells you who the counterparty contract is. Action parses what the calldata is actually trying to do. Position tracks what your wallet depends on. Learning updates the knowledge base from incidents and user reports. Layer 1 (deterministic) fixes the facts. Layer 2 (LLM) translates them into something a human can read. We don’t hand judgment to the LLM.

Ninja Delivery Layer is the “deliver” part. It’s NinjaScan (a Telegram Bot), a web Dashboard, a B2B API, and MCP (Model Context Protocol) for AI agents that want to reference Ninja. Different channels, but the Intelligence Core behind them is one and the same. Humans and AI make decisions from the same facts.

Shogun is the “stop” layer. The Intelligence Core tells you: “The counterparty is risky. Here’s the intent. Here’s where your dependencies are broken.” Shogun takes that and actually stops the transaction, demands approval, or freezes assets. You define rules in the Policy Engine ahead of time. You register safe counterparties in the Whitelist. You require multi-party agreement in the Approval Flow. Transactions that don’t meet the conditions trigger automated actions.

Ninja sees with eyes. Shogun stops with hands. Same division of labor as the human body.

Day 1 Foundation — It Starts Today

On April 22, 2026, at EAG Hong Kong, we release NinjaScan (Telegram Bot). That’s Day 1.

Day 1 ships the Intelligence Core’s Entity + Action and the Delivery Layer’s NinjaScan. Users are B2C individuals.

• /check 0x... — returns a risk score for any contract (Entity Intelligence)
• /scan <tx> — returns intent and warnings for any transaction (Action Intelligence)

Mode: On-demand. The user asks the bot. No charge. Free tier only, so we can build the individual user base fast. Differentiation isn’t LLM chat — it’s the ML accuracy of the Ninja Risk Engine. Backed by a 90 million EVM contract analysis DB, we return accuracy on unverified contracts and unknown function selectors that existing tools can’t match.

Behind Day 1, we run B2B pilots with one or two partners in parallel. That’s the prep for the full B2B rollout (API, Shogun) from Day 2 onward. The log data from individual users becomes concrete evidence for pilot pitches — “here’s what Ninja actually detects in the wild.”

Day 1 is the minimum setup of “an independent second channel.” Separate from the operational UI (Safe Wallet, browser extension), in a different place (Telegram), analyzing the transaction in front of you right now. If Radiant’s third signer had sent calldata to NinjaScan before signing, they might have spotted the screen being compromised. Day 1 starts there.

Day 2 Continuous Monitoring — Dependency Visibility + Start of Paid Plans

Day 2 shifts from On-demand to Continuous.

• Dashboard arrives. See your wallet positions and dependencies in one web view.
• Position Intelligence goes live. It tracks the allocation structure inside vaults.
• Learning v1 starts. Off-chain user reports and external threat intelligence come in.
• Continuous monitoring — no need to ask the bot. Your wallet gets watched 24/7 in the background.
• Paid plans launch. Free / Lite / Pro. Free tier stays as a user acquisition channel.

Two prerequisites: Day 1 validates willingness to pay, and the B2B pilots run in parallel.

Day 2’s core is turning what the Resolv case taught us into infrastructure.

The Resolv incident on March 22, 2026 didn’t start when the private key broke. The key broke, about 80M USR got minted uncollateralized, and a 99.7% depeg happened (1.00 → 0.003). That alone put Resolv’s direct loss at 23M–25M. But after that, surrounding protocols that were accepting depegged USR as collateral (Morpho Blue, Euler, Fluid, etc.) kept running their automated logic. They racked up over 10M in additional bad debt. The total ecosystem-wide spillover hit more than 300M (PeckShield named it “Shadow Contagion”).

No one was independently verifying “dependency health.”

Position Intelligence is designed as the layer that sees this. Your positions, the protocols holding them, what those protocols depend on internally, the health of those dependencies — we build the map, and we detect anomalies on the map. The moment Resolv’s key breaks, your dashboard shows: “Your Morpho Blue position depends on USR. USR is 99% depegged.”

When Web2 banks evaluate real estate collateral, they cross-check four independent sources: official land prices (government source), appraisals (private source), physical inspection (physical source), and comparable transactions (market source). If one lies, the other three catch it. Day 2’s Position Intelligence implements this “collateral evaluation across multiple independent sources” at DeFi speed.

Day 3 Protocol Expansion — B2B API + Shogun + MCP

Day 3 expands Ninja into a B2B platform. At the same time, Shogun (govern / stop) shows up for the first time.

• Target: DeFi protocol operators
• B2B API (Read / Monitor / Control — three tiers)
• Read API: access to Entity / Action Intelligence
• Monitor API: continuous monitoring + alert delivery + protocol-specific monitoring items
• Control API: Shogun’s Policy Engine + automated actions
• MCP support — the standard interface for AI agents to reference Ninja as a Single Source of Truth
• Protocol-specific monitoring — flash loan defense, vault strategy deviation detection, governance proposal analysis
• Learning runs at full capacity

Shogun starts here. In Day 1–2, Ninja only “told you.” The user looked, the user judged. From Day 3, if you define a policy ahead of time, only transactions that meet the conditions go through. The rest get stopped automatically.

• Policy Engine: write rules like “if the vault’s internal strategy deviates from the baseline, auto-pause new deposits into this pool”
• Whitelist Management: explicitly register trusted contracts and addresses. Moving assets outside the whitelist goes to the Approval Flow.
• Approval Flow: transactions above a threshold require multi-party signatures + confirmation from an independent source (passing a NinjaScan check)
• Automated Actions: auto-pause on anomaly detection, asset freeze proposals, position unwinding

Shogun isn’t a “stop switch.” It’s an automated execution engine for pre-defined policy decisions. Think of it as the Web2 financial institution’s transaction-stop system + workflow engine + audit log, all rolled into one.

And MCP. This is the groundwork for Day 5. We set up the standard interface for AI agents to reference the Ninja Intelligence Core as early as Day 3. When AI agents autonomously assemble transactions, they consult Ninja. “Is this contract safe?” “Is this intent reasonable?” “Where do my assets depend?” The AI asks, and acts on the answer.

Day 4 Institutional Control — Governance DSL

Day 4 expands Shogun for institutions.

• Target: CEXs, institutional investors, family offices, compliance teams
• Per-institution governance policy DSL — write policy to match each company’s compliance requirements
• Automated compliance reports — action logs output in a form that stands up to audit
• SLA-backed API lines — dedicated infrastructure for institutions
• Institutional Dashboard

If Day 3’s Shogun is the base package for protocol operators, Day 4 is the phase where “you can write governance to match your own complex business requirements.”

An example. Say an institutional investor’s compliance desk requires large DeFi transactions to go through an independent third-party review. Instead of writing code, you can write this in the DSL:

rule: large_defi_review
  when: tx is large AND tx.category IN [DeFi_Swap, Token_Approve_All]
  require: approval_from(compliance_desk)
  require: ninja_entity_check(counterparty) >= SAFE
  on_timeout: auto_reject

That’s Shogun’s governance DSL. Compliance writes their own requirements in their own words. Audit reviews the DSL, not the code. Change history goes into compliance reports automatically. The approval flow design that Web2 financial institutions built — Four-Eyes Principle, separation of duties, audit trails — implemented at DeFi and Agentic Finance speed.

SLA-backed API lines guarantee uptime and response times at production-grade levels, by contract. Not best-effort — contract-based. This is where the infrastructure becomes something large institutions can actually commit to.

Day 5 AI↔AI Controlplane — Agentic Finance, Finished

Day 5 is the finished form of Ninja’s long-term vision.

• Target: AI agent providers, AI2AI ecosystems
• Agent-to-agent transaction policy agreement protocol — AIs agree on policy before trading
• Cryptographic proof of action logs — agent actions can be verified without tampering, after the fact
• Automated isolation of anomalous agents — agents that violate policy get isolated automatically

Day 3’s MCP was “AI → Ninja reference.” Day 5 is “AI ↔ AI mediation.”

When Agentic Finance hits full speed, AI agents trade autonomously with each other. Agent A supplies liquidity to a DeFi protocol. Agent B borrows from it. Agent C monitors both. No humans in the loop.

At that point, the question becomes: who sets the policy, who detects violations, who stops them?

Shogun at Day 5 works as “notary + arbitrator + enforcer” for AI-to-AI trades. Before Agent A and Agent B start trading, they agree on policy through Shogun. Transaction facts get recorded deterministically at Layer 1. Action logs are stored with cryptographic proofs. If a policy violation happens, Shogun isolates the offending Agent automatically.

Why do AIs need this? Because AIs are much faster than humans. The secondary damage in the Resolv case stopped at “just over $10M” because humans were running things. If AIs had been running it fully autonomously, the damage would be multiples of that, in seconds. No time for a human to go “wait, something’s off.”

So we embed the stop mechanism into the trading protocol between agents. That’s the trust infrastructure for the Agentic Finance era.

Industry Timeline — Regulation Aligns With Ninja’s Value

The Day 1–5 rollout lines up with how regulation is moving.

SEC DeFi Front-End No-Action Letter (issued April 13, 2026, valid through April 13, 2031)

The U.S. SEC Division of Trading and Markets issued a no-action letter for DeFi front-end and self-custody wallet UI providers. It says they don’t need to register as broker-dealers under certain conditions. Five-year time-limited measure. Three of the key conditions, summarized:

1. User autonomy — the front-end doesn’t intervene in trading decisions
2. Neutrality — doesn’t recommend or steer toward specific trades or counterparties
3. Transparency — conflict of interest disclosure, cybersecurity measures, MEV strategy disclosure

The third point, “transparency,” lines up directly with what Ninja Intelligence Core provides. Ninja’s B2B API has a concrete use case as infrastructure for DeFi front-end providers to meet SEC conditions. Day 3’s B2B API lands here.

EU AI Act (in force since August 2024, main provisions fully apply from August 2026)

A broad AI regulation framework. High-risk AI has to be explainable and auditable. Agentic Finance AI agents are likely to fall under “high-risk AI” in finance.

Ninja’s Layer 1 (deterministic) / Layer 2 (LLM) two-layer architecture matches this regulatory direction. Layer 1 is 100% reproducible. Layer 2 just translates Layer 1 facts into human language — it doesn’t overturn the judgment. AI agent action logs get fixed at Layer 1 and transformed into a human-auditable form at Layer 2. That’s the technical answer to the EU AI Act’s “explainability” requirement. Day 5’s AI↔AI Controlplane lands here.

MiCA (fully in force December 2024, final transition period through July 2026)

A broad regulatory framework for crypto-asset markets. Scope for DeFi protocols isn’t fully defined yet — the detailed rules are still being written. The direction points to rising demands for transparency and security, which we read as a tailwind.

Japan — PSA Amendment (scheduled June 2026) + FIEA Amendment (Cabinet decision April 2026)

The PSA amendment mainly targets crypto-asset exchanges. The FIEA amendment is a fundamental shift — it reclassifies crypto-assets as “financial instruments.” Moving from PSA (payment means) to FIEA (financial instruments) will significantly change the regulatory environment for DeFi-related services in the medium term. Stronger security requirements for DeFi access through exchanges broadens the use case for Day 4’s institutional Shogun.

Put it all together. From 2026 through 2031, transparency + explainability + security requirements stack up globally. Ninja’s Day 1–5 roadmap is designed to ride this regulatory timeline.

Compared to Competitor Types — Why Ninja Is the Only End-to-End Integration

Split DeFi security, portfolio visualization, and Agentic Finance security into three types. Ninja’s position becomes clear.

Security Alert type — Blockaid, Hypernative, GoPlus, Forta. Specialized in telling you about danger. Blockaid has raised 83M, Hypernative 68M. Widely adopted. But they don’t have a Control Layer. They tell you. The stop is up to the customer. Result: they can’t solve the structural flaw that caused Radiant and Bybit — “the alert fired, but the signer didn’t read it.”

Asset Visualization type — Zapper, Zerion, DeBank, Exponential.fi. Specialized in showing positions. They display “what you hold.” But they don’t offer security evaluation. They show you, but you can’t see the danger. They can’t handle dependency risk like the Resolv case.

Control Layer type — DeFi Saver (partially) and Ninja. Goes all the way to policy execution and automated control. Very few players in the Control Layer. The AI-facing Control Layer is especially empty right now — a market gap.

Ninja integrates all three types end-to-end. See (Security Alert) → Detect (extended Asset Visualization) → Control (Control Layer), all on one platform. Plus MCP support and Day 5’s AI↔AI Controlplane. That positions Ninja as the only player covering AI as well.

This isn’t “one company does everything.” The design idea is that integrating the three types into one Intelligence Core prevents accidents that happen at the boundaries between types. When Security Alert and Asset Visualization come from different companies, you get Resolv-type accidents — “the alert was right, but the dependency view didn’t exist.” Ninja removes the boundary.

My Personal Experience — Compressing 15 Years Into a Third

I spent 13 years at a major consulting firm. I saw dozens of financial institutions running “5-year security improvement” plans.

Fraud detection system overhaul: 3 years. Approval flow redesign: 2 years. Multi-source collateral evaluation: 5 years. AML/KYC automation: 4 years. Enterprise-wide risk integration: 7 years.

That’s the track of human effort Web2 financial institutions built up over 50 years. They got lied to, made mistakes, had systems broken — and each time, they embedded one more countermeasure into the organization.

Web3 has to do this within 15 years. Starting from The DAO in 2016, Web3 has to relive finance’s 50 years by 2031. Less than a third of the time.

The Day 1–5 roadmap is the design for that compression. It’s not about individual product features. It’s a series of choices about “to fold Web2’s 50 years into 15, in what order, what layers, for which audience.” Day 1 for individuals. Day 3 for protocols. Day 4 for institutions. Day 5 for AI. This order is structurally the same as the order Web2 financial institutions went through. Just at triple the speed.

I founded ZKSC in November 2025 to do this compression. Use what humans already built up. Build safety for the Agentic era. Re-implement Web2’s accumulated knowledge at DeFi and Agentic Finance speed. Day 1–5 is the blueprint.

CTA

• Try NinjaScan now: Send any contract address to @NinjaScanBot. Day 1’s Entity + Action Intelligence, live right now.
• PoC partners wanted: DeFi protocols, wallet providers, CEXs, institutional investors — I’m looking for partners to co-design Day 2–4 features → [email protected]
• Investor inquiries: Fund managers and grant reviewers — detailed Day 1–5 financial plan and KPIs available in DD materials → [email protected]
• Whitepaper: Ninja Whitepaper (April 2026 Edition) — a living document, updated regularly
• Follow on Medium + Twitter: Starting next, we shift to Weekly Incident Watch. Every week — NinjaScan’s real data plus industry incident analysis.

DeFi is 15 years. Finance is 50. The difference is how many failures humans have repeated. Ninja and Shogun are built to close that gap.

— Kazuki Kaneshiro / Founder, ZKSC Inc.

References

• Ninja Whitepaper (April 2026 Edition)
• U.S. SEC Division of Trading and Markets — Staff Statement on DeFi Front-End Providers (April 13, 2026)
• European Commission — Markets in Crypto-Assets Regulation (MiCA)
• European Commission — EU Artificial Intelligence Act
• Financial Services Agency, Japan — Payment Services Act amendments (2026), FIEA amendments (April 2026)
• Chainalysis — 2025 Crypto Crime Report
• DeFi Llama — TVL Statistics
• Trail of Bits (Crytic) — not-so-smart-contracts (https://github.com/crytic/not-so-smart-contracts) — the naming of our 90M contract analysis DB is a homage to this repo
• Model Context Protocol (MCP) — Anthropic (2024)