Ethereum Foundation reveals how automated AI agents work in code tests

Key conclusions

  • Autonomous AI agents effectively detect vulnerabilities in network infrastructure code, but most of the reports provided are false positives.
  • The use of algorithms changes the nature of researchers’ work, shifting the focus from searching for errors to mass verification of reports.

The Ethereum Foundation officially announced in a published announcement that coordinated AI agents efficiently locate vulnerabilities in the network, but generate a huge number of false alarms. The protocol security team uses these automated tools to test key systems, including system software, smart contracts and cryptographic code. Although algorithms actually find real threats, the process of separating real errors from anomalies that only resemble a failure currently consumes the most time and human resources.

How AI agents work in infrastructure testing

The efficiency of the algorithms in finding vulnerabilities surprised the developers themselves, but immediately revealed the other side of the coin. Instead of manually writing tests and tracking potential vulnerabilities from scratch, engineers now face hundreds of automated reports daily. These tools massively identify potentially dangerous parts of the architecture, drastically changing the daily routine of auditors, who have gone from finding faults to judges analyzing a constant stream of notifications.

Most indications generated by machines contain logical errors, duplicate previous reports or completely exceed the established scope of the examination. The technical team emphasizes that they do not consider this phenomenon to be a defect of the method itself, but its natural specificity. The main goal of engineers was to efficiently reject incorrect hypotheses and precisely document those reports that pose a real risk to the stability of the systems.

Real successes and limitations of technology

The AI ​​proved its usefulness by targeting a serious vulnerability in the gossipsub element of libp2p. This is a key component of the peer-to-peer layer used by Ethereum network consensus clients. The bug made it possible to remotely trigger a critical system error (so-called panic). Developers have already fixed this vulnerability and published technical documentation of the defect, which confirms that AI agents can bring tangible benefits.

However, automatic systems have serious limitations. The software can deal with simple, single errors, but has great difficulty in identifying complex vulnerabilities that become apparent only as a result of a specific sequence of many subsequent events. For this reason, specialists now treat these tools as an advanced search engine rather than an infallible oracle.

The distribution of responsibilities within security teams has changed. After-holiday time used to be spent on creating theories and manually searching for programming vulnerabilities, now it is devoted to building verification systems, triaging reports, maintaining a register of known errors and managing the process of their safe disclosure. The bottleneck has not disappeared from the development process, but has moved towards verification and trust in the results obtained.

New reality and restructuring of security structures

Changes in the approach to auditing coincide with deeper transformations within the organization itself. The Ethereum Foundation recently underwent an operational reorganization that resulted in a staff reduction of 20% of total FTEs. A smaller team now has to manage time more effectively, which directly requires the implementation of modern algorithms.

Any anomaly detected by the machine gains the status of an official error only when a human can independently reproduce the failure directly in the working source code. Human judgment remains a critical element in ecosystem protection because AI agents cannot independently assess the business and operational context of detected anomalies. Machines perform repetitive analytical work, but the ultimate responsibility for the stability of billions of funds deposited on the network rests with programmers.