The Ethereum Foundation is releasing artificial intelligence on the ETH network to find bugs before hackers do



short

  • Ethereum Foundation researchers use artificial intelligence agents to shape the network’s critical infrastructure.
  • The agents helped uncover a vulnerability in peer-to-peer software that was later disclosed.
  • AI-powered audits have already uncovered errors in blockchain projects, including Zcash.

The Ethereum Foundation uses swarms of AI agents to attack Ethereum– Before someone else does.

In a Blog post On Thursday, researchers at the Ethereum Foundation on the protocol’s security team said they published a series of… Artificial intelligence agents Against the software that Ethereum relies on, to search for vulnerabilities in cryptographic systems, protocol code, and smart contracts.

“We ran coordinated AI agents against the types of systems that the network relies on, such as systems software, cryptographic codes, and contracts that must be valid,” the researchers wrote. “Customers have found real bugs.”

One of the bugs discovered involved a remotely launched panic in the gossipsub of libp2p, part of the peer-to-peer layer used by Ethereum consensus clients. The issue has been fixed and disclosed on Github as CVE-2026-34219.

known as Red teamThis practice involves companies deploying security researchers to attack their own systems, attempting to infiltrate or disrupt networks to uncover vulnerabilities before malicious hackers find them. While the red teams attack the system, it is up to… Blue teams To defend him.

Human researchers have traditionally searched for vulnerabilities through manual code review, but AI agents can scan entire code bases, test potential exploits, and generate findings for review.

“It was not a surprise that customers found errors,” the team wrote. “The surprise was how little effort went into finding them, and how much effort went into distinguishing between real bugs and those that looked real.”

According to the Ethereum Foundation, agents are organized into specialized roles, including reconnaissance, hunting, gap-filling, and validation. Some look for potential attack paths, while others try to reproduce failures and check if they work against production code.

“The scheme exists for a reason,” they wrote. “It imposes a specific, testable claim and a clear definition of what has been done. An agent who has to write observable evidence cannot fall back on, ‘This looks risky.’”

The increasing role of artificial intelligence in vulnerability research was made clear in April, when I discovered a preview copy of Anthropic’s Claude Mythos 271 weaknesses In Mozilla Firefox browser.

The researchers compared AI agents to fluffOr tools that test software for defects. However, unlike jammers, AI agents can generate reports on vulnerabilities, evaluate the impact, and create proof-of-concept tests.

But detailed does not always mean correct. The results generated by AI can appear convincing even when they are wrong, leaving researchers with the task of filtering out duplicates, false positives and vulnerabilities that cannot actually be exploited.

“There is one rule that is more important than any other. A candidate is not a hit until there is a self-contained artifact that reproduces failure against real code, and this applies to someone who did not write it,” the researchers wrote. “The transcriber doesn’t read what’s written, and he doesn’t care how reliable the model is. It either works or it doesn’t.”

AI tools have already helped security researchers discover flaws in blockchain networks.

In May, security researcher Taylor Hornby used the term anthropic Closing of business 4.8 During the audit with the help of artificial intelligence that found a serious security vulnerability in ZikashOrchard’s private pool. The flaw has been around for about four years and could have allowed an attacker to create it Fake ZEC with no visible trace on the chain. Network upgrade to Restore trust in Zcash supplies Still in the works.

The Ethereum Foundation’s experiment brings the technology in-house, using artificial intelligence agents to test its code to find vulnerabilities.

“AI has not replaced the security researcher, it has driven business,” the Ethereum Foundation said. “Proxies allow us to cover a much larger area than we could do manually. In return, they require a more accurate judgment, across a much larger pile of confident-sounding claims.”

“It’s a trade worth making, as long as you remember that the referee is the real product,” they added.

Daily debriefing Newsletter

Start each day with the latest news, plus original features, podcasts, videos and more.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *