{"id":97781,"title":"Crosslayer Labs: We discovered (and can protect you against) a new attack allowing hackers to spoof any website(!)","tagline":"TLS certificates no longer guarantee website authenticity. We built Crosslayer Labs to stop hackers from stealing user credentials. ","body":"**Tl;dr** Crosslayer Labs detects attacks on Internet infrastructure that allow hackers to impersonate websites and APIs. We would know; our team previously invented technology that secures every single web connection (HTTPS) worldwide.\n\n### The Problem\n\nImagine you are visiting [brex.com](http://brex.com) - but you’ve been redirected to an adversary spoofing Brex, while the lock icon on your browser still checks out.  Suddenly, all your startup money is drained. Science fiction? No, these are the next generation of security threats.\n\n\u003chttps://www.youtube.com/watch?v=Z7U3183IJf4\u003e \n\n### The Solution\n\nCrosslayer Labs protects websites and APIs from hijack attacks. We discover and monitor network dependencies for your domain (across the entire network stack) to detect when someone is impersonating your website. Our approach is unique in the way that it combines data from your entire network stack.\n\n[https://www.youtube.com/watch?v=QgYjFO1j08A](https://www.youtube.com/watch?v=QgYjFO1j08A\u0026authuser=0)\n\n### Team\n\nWe are a team of serious security researchers: we invented a technology called Multi-Perspective Issuance Corroboration (MPIC) that is used to sign digital certificates (over 3 billion and counting) for all websites. \n\n**Prateek** is a Professor at Princeton, and his research has revolutionized the security and privacy of internet communications and AI systems. He helped secure every single web connection (HTTPS) worldwide and enhanced the security of deployed LLMs (e.g., GPT 3.5 and GPT4V at OpenAI). He is the recipient of the ACM Grace Hopper Award, IEEE Fellow,  ACM Distinguished Member, and Distinguished Alumni awards from IIT Guwahati and UIUC.  \n\n**Henry** is a member of the CA/Browser Forum and former research staff at Princeton University. Henry’s research uncovered a fundamental security vulnerability in how TLS certificates are issued to websites. He is an author of the MPIC standard at the CA/Browser Forum and he founded the Open MPIC project that implements MPIC for 1.5 million certificates a day. His work also led to DNSSEC adoption by CAs, and he is a recipient of the IRTF’s applied networking research prize.\\\n\\\n**Grace** just finished her PhD at Princeton, where she  performed transformative research on the web PKI, and was named runner up for the Privacy Enhancing Technology Award and the Andreas Pfitzmann Best Student Paper Award. Grace mapped the attack surface of millions of websites to shape how MPIC was deployed by leading CAs, including working with Google Trust Services.  \n\n### Ask\n\nKnow any CISOs or security heads who would lose their job if their website was impersonated? We'd love to meet. Think: crypto exchanges, fintech, banks, health care, tax portals.  Email: [contact@crosslayerlabs.com](mailto:contact@crosslayerlabs.com)","slug":"PR7-crosslayer-labs-we-discovered-and-can-protect-you-against-a-new-attack-allowing-hackers-to-spoof-any-website","created_at":"2026-02-13T16:10:15.717Z","updated_at":"2026-05-25T00:44:47.376Z","total_vote_count":6,"url":"https://www.ycombinator.com/launches/PR7-crosslayer-labs-we-discovered-and-can-protect-you-against-a-new-attack-allowing-hackers-to-spoof-any-website","share_image_url":"//bookface-static.ycombinator.com/assets/ycdc/yc-og-image-c440a0ad1dacfb86eeeb343717479cc54d256614449b4ef719977a0a451f8bc8.png","company":{"id":31016,"name":"Crosslayer Labs","slug":"crosslayer-labs","url":"https://www.crosslayerlabs.com/","logo":"https://bookface-images.s3.amazonaws.com/small_logos/0d04232f7799c42a8a176b06d7c366c511a6cab7.png","batch":"Winter 2026","industry":"B2B","tags":[],"search_path":"https://bookface.ycombinator.com/company/31016"}}