In brief

  • Ethereum Foundation researchers are using AI agents to red-team critical network infrastructure.
  • The agents helped uncover a peer-to-peer software vulnerability that was later disclosed.
  • AI-assisted audits have already surfaced bugs in blockchain projects, including Zcash.

The Ethereum Foundation is using swarms of AI agents to attack Ethereum—before someone else does.

In a blog post on Thursday, Ethereum Foundation researchers on the Protocol Security team said they have deployed a series of AI agents against the software Ethereum relies on, hunting for vulnerabilities in cryptographic systems, protocol code, and smart contracts.

“We've been running coordinated AI agents against the kinds of systems the network depends on, like systems software, cryptographic code, and contracts that have to be right,” the researchers wrote. “The agents found real bugs.”

One of the bugs discovered included a remotely triggered panic in libp2p’s gossipsub, part of the peer-to-peer layer used by Ethereum consensus clients. The issue was fixed and disclosed on Github as CVE-2026-34219.



Known as red teaming, the practice involves companies deploying security researchers to attack their own systems, attempting to infiltrate or disrupt networks to uncover weaknesses before malicious hackers find them. While red teams attack a system, it's up to blue teams to defend it.

Human researchers have traditionally searched for vulnerabilities by reviewing code manually—but AI agents can scan entire codebases, test potential exploits, and generate findings for review.

“Agents finding bugs wasn't the surprise,” the team wrote. “The surprise was how little of the work went into finding them, and how much went into telling the real bugs from the ones that just looked real.”

According to the Ethereum Foundation, the agents are organized into specialized roles, including reconnaissance, hunting, gap-filling, and validation. Some search for possible attack paths, while others attempt to reproduce failures and verify whether they work against production code.

“The schema is there for a reason,” they wrote. “It forces a specific, testable claim and a clear definition of done. An agent that has to write down an observable proof can't fall back on "this looks risky."

The growing role of AI in vulnerability research was demonstrated in April, when a preview version of Anthropic’s Claude Mythos discovered 271 vulnerabilities in Mozilla’s Firefox browser.

The researchers compared AI agents to fuzzers, or tools that test software for flaws. However, unlike fuzzers, AI agents can generate vulnerability reports, assess impact, and create proof-of-concept tests.

But detailed does not always mean correct. AI-generated findings can appear convincing even when they are wrong, leaving researchers to filter out duplicates, false positives, and vulnerabilities that cannot actually be exploited.

"One rule matters more than any other. A candidate isn't a finding until there's a self-contained artifact that reproduces the failure against the real code, and that runs for someone who didn't write it," the researchers wrote. "The reproducer doesn't read the write-up, and it doesn't care how confident the model sounded. It either runs or it doesn't."

AI tools have already helped security researchers uncover flaws in blockchain networks.

In May, security researcher Taylor Hornby used Anthropic’s Claude Opus 4.8 during an AI-assisted audit that found a critical vulnerability in Zcash’s Orchard privacy pool. The flaw had existed for roughly four years and could have allowed an attacker to create counterfeit ZEC without an obvious on-chain trace. A network upgrade to restore confidence in Zcash’s supply is still in the works.

The Ethereum Foundation’s experiment brings the technology in-house, using AI agents to test its own code to find vulnerabilities.

“AI didn't replace the security researcher. It moved the work,” the Ethereum Foundation said. “Agents let us cover far more ground than we could by hand. In exchange, they ask for more careful judgment, across a much bigger pile of confident-sounding claims.”

“That's a trade worth making,” they added, “as long as you remember that the judgment is the real product.”