- Ethereum Foundation researchers deployed AI agents to red-team critical network infrastructure, uncovering real bugs.
- The agents discovered a remotely triggered panic in libp2p’s gossipsub, fixed and disclosed as CVE-2026-34219.
- AI-assisted audits have also surfaced critical flaws in blockchain projects, including ZCash’s Orchard privacy pool.
The Ethereum Foundation revealed Thursday that its Protocol Security team has deployed swarms of AI agents to attack the network’s own infrastructure, hunting for vulnerabilities before malicious Hackers find them. According to a blog post, these agents targeted cryptographic systems, protocol code, and smart contracts — and they found real bugs.
One discovered vulnerability involved a remotely triggered panic in libp2p’s gossipsub, a peer-to-peer layer used by Ethereum consensus clients. The issue was fixed and published on GitHub as CVE-2026-34219.
This practice, known as IBM.com/think/topics/red-teaming”>red teaming, typically involves human researchers manually reviewing code for weaknesses. However, these AI agents can scan entire codebases, test exploits, and generate detailed findings for review — far outpacing manual methods.
The team organized the agents into specialized roles: reconnaissance, hunting, gap-filling, and validation. Some search for attack paths, while others attempt to reproduce failures against production code.
“A candidate isn’t a finding until there’s a self-contained artifact that reproduces the failure against the real code,” the researchers wrote. “The reproducer doesn’t read the write-up, and it doesn’t care how confident the model sounded.”
The challenge, they noted, is that AI-generated findings can appear convincing even when wrong. Researchers must filter out duplicates, false positives, and non-exploitable bugs — a task they described as more demanding than the initial discovery.
“AI didn’t replace the security researcher,” the team added. “It moved the work.”
Similar AI-assisted audits have already uncovered critical flaws in other blockchain networks. In May, security researcher Taylor Hornby used Anthropic’s Claude Opus 4.8 during an audit that found a vulnerability in Zcash’s Orchard privacy pool — a flaw that had existed for roughly four years and could have allowed counterfeit ZEC creation without an on-chain trace.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
