Close Menu
Chain Tech Daily

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    PUMP lost $700M in market cap as Alon Cohen shut down airdrop rumor

    July 10, 2026

    Announcing Grants for Advocacy Non-Profits

    July 10, 2026

    Ethereum Foundation reveals why AI still fails at finding real bugs

    July 10, 2026
    Facebook X (Twitter) Instagram
    Chain Tech Daily
    • Altcoins
      • Litecoin
      • Coinbase
      • Crypto
      • Blockchain
    • Bitcoin
    • Ethereum
    • Lithosphere News Releases
    Facebook X (Twitter) Instagram YouTube
    Chain Tech Daily
    Home » Ethereum Foundation reveals why AI still fails at finding real bugs
    Crypto

    Ethereum Foundation reveals why AI still fails at finding real bugs

    James WilsonBy James WilsonJuly 10, 20264 Mins Read
    Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email



    The Ethereum Foundation has revealed that the biggest challenge in AI-assisted security research has become proving which reported vulnerabilities are genuine rather than finding potential bugs.

    Summary

    • Ethereum Foundation says verifying AI bug reports is harder than generating them.
    • AI agents found a real libp2p vulnerability, later disclosed as CVE-2026-34219.
    • The Foundation says human validation and reproducible proof remain essential for protocol security.

    According to the Ethereum Foundation’s Protocol Security team, recent experiments with coordinated AI agents uncovered real software flaws across systems that Ethereum depends on, but the organization said the majority of the effort now goes into separating valid findings from convincing false positives.

    The team described the results in a technical post explaining how it has been testing AI agents against systems software, cryptographic libraries, and high-assurance smart contracts.

    The Protocol Security Team has been pointing AI agents at Ethereum’s protocol code. Our core takeaway wasn’t about finding bugs, it was about triage.

    Here are field notes from the work.https://t.co/HVtc8XcrJK

    — Ethereum Foundation (@ethereumfndn) July 9, 2026

    One confirmed discovery involved a remotely triggerable panic in the gossipsub component of libp2p, which forms part of the peer-to-peer networking layer used by Ethereum consensus clients. The Ethereum Foundation said the vulnerability was fixed and later disclosed as CVE-2026-34219.

    Instead of treating AI agents as decision-makers, the Foundation said they should be viewed as tools that generate hypotheses requiring independent verification. While agents can inspect source code, trace execution paths, and prepare proof-of-concept material, the Foundation said they also produce reports based on unreachable code, duplicate known issues, debug-only crashes, or weak formal proofs that fail to demonstrate a real security problem.

    The team said the unexpected finding was not that AI could identify bugs, but that validating those reports consumed far more time than generating them.

    Multi-agent workflow filters unreliable reports

    To reduce unreliable findings, the Ethereum Foundation said it deploys multiple AI agents against the same software repository, with each agent handling a different stage of the review process. Instead of relying on a central coordinator, the agents exchange information through the repository itself by sharing state in version control.

    According to the Foundation, the workflow begins with reconnaissance, where broad attack surfaces are narrowed into specific testable ideas. Hunting agents then follow each hypothesis through the code and attempt to build a working reproducer. Gap-filling agents track accepted and rejected reports to avoid repeating earlier work, while validation agents independently examine every candidate, remove duplicates, and determine whether a report qualifies as a legitimate vulnerability.

    The Foundation said every accepted report must identify a reachable target, define a clear security invariant, explain the failure mechanism, provide observable evidence, include a self-contained reproducer, and carry a deduplication key. These requirements are intended to ensure that every claim can be tested directly against production code.

    Human validation remains the deciding factor

    At the center of the process, the Ethereum Foundation said one principle overrides everything else: a vulnerability does not count unless someone other than the reporting agent can reproduce it against the real codebase. According to the Foundation, this requirement removes reports built around impossible attack paths, debug-only failures, or formal verification results that appear mathematically correct without proving a meaningful security property.

    Beyond technical validation, the Foundation said surviving candidates are also evaluated for practical exploitability. A flaw that any network participant can trigger carries different security implications than one requiring privileged access or unrealistic computing resources.

    The Foundation added that AI agents remain inconsistent when judging exploit reachability, attack severity, or vulnerabilities that emerge only through long sequences of valid interactions. In those situations, it said the agents perform better as assistants for stateful testing frameworks than as replacements for experienced security researchers.

    The latest security update comes only weeks after the Ethereum Foundation completed a major internal restructuring. In a June 23 announcement, the organization said it had reduced its workforce by about 20%, with 54 employees leaving following a months-long review under its Mandate and Treasury Management Policy.

    According to the Foundation, the restructuring was intended to focus staff and resources on responsibilities that only the organization can perform while continuing long-term Ethereum development.



    Source link

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Tumblr Email
    James Wilson

    Related Posts

    Crypto July 10, 2026

    Bitdeer unveils $36M Nevada factory to shake up Bitcoin mining

    Crypto July 9, 2026

    Paul Grewal exits Coinbase legal helm before crucial CLARITY vote

    Crypto July 9, 2026

    Bitcoin climbs above $63K as easing oil prices lift risk appetite

    Crypto July 9, 2026

    CME Group hits CFTC roadblock as 24/7 crude futures face delay

    Crypto July 9, 2026

    Trump White House rejects SEC snub claims before CLARITY showdown

    Crypto July 9, 2026

    Bank of Korea defends bank-first stablecoin plan amid bill deadlock

    Leave A Reply Cancel Reply

    Don't Miss
    Coinbase July 10, 2026

    PUMP lost $700M in market cap as Alon Cohen shut down airdrop rumor

    Pump Fun’s PUMP token fell 14% on Wednesday at the same time as the company’s…

    Announcing Grants for Advocacy Non-Profits

    July 10, 2026

    Ethereum Foundation reveals why AI still fails at finding real bugs

    July 10, 2026

    Roman Storm says he’s been ‘financially cancelled’ after payroll firm axe

    July 10, 2026
    Stay In Touch
    • Facebook
    • Twitter
    • YouTube
    • LinkedIn
    Our Picks

    PUMP lost $700M in market cap as Alon Cohen shut down airdrop rumor

    July 10, 2026

    Announcing Grants for Advocacy Non-Profits

    July 10, 2026

    Ethereum Foundation reveals why AI still fails at finding real bugs

    July 10, 2026

    Roman Storm says he’s been ‘financially cancelled’ after payroll firm axe

    July 10, 2026

    Subscribe to Updates

    Get the latest creative news from SmartMag about art & design.

    Don't Miss
    Coinbase July 10, 2026

    PUMP lost $700M in market cap as Alon Cohen shut down airdrop rumor

    Pump Fun’s PUMP token fell 14% on Wednesday at the same time as the company’s…

    Announcing Grants for Advocacy Non-Profits

    July 10, 2026

    Ethereum Foundation reveals why AI still fails at finding real bugs

    July 10, 2026

    Roman Storm says he’s been ‘financially cancelled’ after payroll firm axe

    July 10, 2026

    Subscribe to Updates

    Get the latest creative news from SmartMag about art & design.

    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    About Us
    About Us

    ChainTechDaily.xyz delivers the latest updates and trends in the world of cryptocurrency. Stay informed with daily news, insights, and analysis tailored for crypto enthusiasts.

    Our Picks
    Lithosphere News Releases
    X (Twitter) Instagram YouTube LinkedIn
    © 2026 Copyright

    Type above and press Enter to search. Press Esc to cancel.