Copy
Trading Bots
Events
More

Ethereum Foundation Uses AI Agents to Find Protocol Bugs

2026/07/13 17:15Browse 0

The Ethereum Foundation's Protocol Security team has deployed a fleet of coordinated AI agents to hunt for vulnerabilities in the blockchain's core code, and the effort has already uncovered genuine security flaws. According to a report from the foundation, the AI agents successfully identified a remotely triggerable panic in the libp2p gossipsub library, a critical component of Ethereum's peer-to-peer communication layer. The vulnerability has been patched and publicly disclosed as CVE-2026-34219.

AI Shifts the Security Workload

The project revealed that the hardest part of AI-assisted security work is not finding potential bugs but rigorously triaging them to separate real issues from false positives. "Agents finding bugs wasn't the surprise. The surprise was how little of the work went into finding them, and how much went into telling the real bugs from the ones that just looked real," the team noted. AI did not replace the security researcher; it moved the work. The time once spent on forming and chasing hypotheses now goes into judging results at scale, including building oracles, running triage, maintaining known-issue lists, and handling disclosure.

Structured Agent Roles and Human Oversight

Agents were organized into distinct roles for reconnaissance, hunting, gap-filling, and independent validation. Every candidate bug required a reproducible proof against real code before being considered a genuine finding. The team emphasized that the bottleneck shifted from finding bugs to trusting the results—a better place for human judgment, but still a bottleneck that must be acknowledged. "Ignoring that is how you end up shipping a wrong 'it's fine,'" they warned.

The approach demonstrates how AI can expand coverage of complex systems while keeping human judgment essential for verification. The Ethereum Foundation's work highlights a growing trend in blockchain security, where AI tools are used to augment—not replace—human researchers in protecting critical infrastructure.

Disclaimer: This page may contain third-party information and does not necessarily reflect BYDFi's views or opinions. This content is for general reference only and does not constitute any representation, warranty, financial advice, or investment advice. BYDFi is not responsible for any errors, omissions, or any results arising from the use of such information. Virtual asset investments involve risks. Please carefully evaluate the risks of the product and your risk tolerance based on your financial situation. For more information, please refer to our Terms of Use and Risk Disclosure.