Ethereum Foundation Turns AI Loose on ETH Network to Find Bugs Before Hackers Do

Summary

The Ethereum Foundation’s Protocol Security team is using coordinated AI agents to red-team Ethereum’s software stack, including cryptographic code, protocol logic, and smart contracts. The agents have already found real bugs, including a remotely triggered panic in libp2p’s gossipsub, which was fixed and disclosed as CVE-2026-34219. The setup uses specialized agent roles for reconnaissance, gap-finding, and validation, with a strict requirement that each finding include a reproducible proof against the real code. The main benefit is scale: AI can scan far more code than humans, generate testable exploit ideas, and help assess impact. The main cost is review burden, since many outputs are false positives or non-exploitable claims that sound convincing. The team says AI has not replaced security researchers; it has shifted their work toward judgment and verification.