Blockchains are prone to 51% and 67% attacks depending on its consensus protocol, which means if 51% of miners are malicious then the blockchain network is compromised or hacked. The same goes for 67% attack.
For the case of Bitcoin, if malicious miners control 51% of computing power then, the network is compromised.
For the case of Ethereum, if malicious miners control 67% of the nodes, then the network is compromised.

Depending on the consensus protocol used in the blockchain, the 51% or 67% attack can be in terms of computational power (Bitcoin) or number of nodes (Ethereum 2.0)

Now, the limits are pushed, and it is no longer 51% or 67% but is 91%, which means the blockchain network is compromised only if the number of malicious miners in the network are more than 91%

How?

This is based on “Hypergeometric Distribution” which in turn is based on randomness and entropy. The below equation explains, with 90% malicious nodes in the P2P network, with 10^-9 probability of error, with number of nodes (N) tending to inifinity then only 200 nodes (randomly elected) out of N nodes can validate a transaction.

Hypergeometric Distribution

Where, N is the number of nodes, 0.9 is 90% malicious nodes, 0.1 is 10% good nodes, n is the number of validations, p = 90001 (the probability to have at least 1 good node), 10^-9 is the probability to not have 1 good node in the 200 selected nodes (aviation standards).

In simple terms, consider a village of 100,000 people, with 90000 liars and 10000 truth-tellers. Alice and Bob are citizens of the village.
When Alice sends Bob 10 units (of some currency), the transaction is validated by randomly selecting 200 people out of 100000 people. The hypergeometric distribution ensures that in the 200 randomly selected people there is at least 1 truth-teller and that truth-teller will ensure that the transaction is not falsified/hacked and also makes sure to eliminate/banish the 199 liars.

This is not only the safest and secure blockchain, but also highly scalable since just 200 nodes are needed to validate a transaction