Enterprise security used to be a relatively static discipline. You defined your perimeter, set your access controls, and audited quarterly. But the emergence of digital assets has introduced an entirely new category of risk that traditional security architectures weren’t designed to handle. And increasingly, artificial intelligence is becoming the critical layer that bridges the gap.
Liang Wang (Miles Wong) is Chief Product Officer at TecStation, where he leads the commercialisation of institutional Multi-Party Computation (MPC) custody and Wallet-as-a-Service platforms. Before that, he built digital platforms at Baidu serving hundreds of millions of users, founded a cross-border blockchain venture platform across Asia Pacific, and developed a proprietary NFT infrastructure platform in London. He’s also an active angel investor, deploying approximately $3 million across more than 30 early-stage companies in AI, robotics, and fintech through AngelList.
When you talk about AI reshaping enterprise security, what specific layer are you referring to?
The decision layer — the part that determines whether a given action should be allowed, flagged, or blocked. Traditional enterprise security is mostly rules-based: static policies, role-based access, threshold-based approvals. That works when your operational patterns are predictable.
Digital asset custody breaks that model. When you’re managing cryptographic keys that control real financial value across multiple parties using MPC protocols, the decision layer needs to be dynamic. The patterns of legitimate use are more variable, attack vectors are more sophisticated, and the consequences of a wrong decision are immediate and irreversible. You can’t roll back a blockchain transaction. AI comes in not as a replacement for cryptographic security, but as an intelligence layer that makes the existing controls smarter.
Can you give a concrete example inside a custody platform like TecStation’s?
Transaction anomaly detection. In traditional banking, you have stable patterns — a corporate account moves predictable amounts to known counterparties. Outliers get flagged. In digital asset custody, an institutional client might execute a routine rebalancing that looks identical to an unauthorised transfer — unusual amounts, odd timing across time zones, new destination addresses for a new protocol interaction.
An AI layer learns each client’s actual behavioural baseline — their signing cadence, how patterns shift during market events versus routine operations. It flags genuine anomalies instead of generating noise. At TecStation, reducing false positives is an operational necessity: excessive alerts create fatigue, which is itself a security vulnerability.
For readers outside cryptography — what is MPC, and why does AI change how it’s managed?
MPC custody splits the private key — the secret controlling the assets — across multiple parties. No single person ever holds the complete key. To authorise a transaction, a threshold of parties must participate in a joint computation. Powerful for security, but operationally complex.
AI becomes valuable in managing that complexity. Take key lifecycle management: when someone with key share access leaves the organisation, shares need rotation. AI can trigger this automatically from HR system events, detect anomalous access patterns, and optimise timing to minimise disruption. Without automation, organisations rotate infrequently because it’s slow and expensive — and infrequent rotation is itself a risk.
How is this different from general AI-for-cybersecurity?
Irreversibility. In most enterprise security, a breach is damaging but recoverable — data can be restored, accounts reset. In digital asset custody, if keys are compromised and assets move to an attacker-controlled address, they’re gone. No chargeback, no reversal.
That makes the cost function asymmetric: missing a real threat is orders of magnitude worse than a false positive. And you can’t treat the AI as a black box — institutional clients need explainable decisions. Every AI-driven action in a custody workflow needs an audit trail a regulator can inspect. Explainability isn’t a research luxury here. It’s a compliance requirement.
You’ve invested in over 30 startups. What are you seeing in AI-for-security?
Too many teams building features, not enough building infrastructure. Adding an AI model to an existing security workflow is the easy play — but the moment a major platform ships comparable capability, the startup’s value evaporates.
The durable play is infrastructure: behavioural analytics that work across multiple chains and custody providers. The moat comes from proprietary training data, not model architecture. If a startup has unique transaction data and models that learn patterns nobody else can replicate — that’s interesting. If they’ve fine-tuned a foundation model on a public threat database — that’s a weekend project.
You’ve gone from a 30-person team to operating solo with AI. How has that changed your security posture?
The attack surface inverts. With a team, security is organisational — policies, credential management across 30 people. Solo with AI, the risk is data handling: I process founder decks, portfolio financials, and client specs through AI workflows.
I use a tiered sensitivity framework. Public information goes through any capable tool. Proprietary but non-critical data uses tools with clear no-training policies. Truly sensitive material — investment terms, security architectures — never touches a third-party AI. I’d estimate 90% of operators using AI in financial work haven’t thought through this hierarchy.
Where does AI have the biggest impact on enterprise security in the next two to three years?
Three areas. First, automated policy generation — security policies that adapt in real time based on actual risk profiles, not static documents reviewed quarterly.
Second, cross-chain intelligence. Most digital asset security monitoring happens in silos. AI models synthesising threat data across chains and custody providers will catch patterns that single-platform analysis misses.
Third, governance automation. In institutional custody, governance is as critical as security. AI can automate the operational layer — ensuring processes are followed, documented, and auditable — without removing humans from the actual decisions.
The common thread is the principle I apply at TecStation: AI doesn’t replace the human in the security stack. It replaces the latency between what the human needs to know and when they know it.