Simply put
- Ethereum Foundation researchers are using AI agents to red-team critical network infrastructure.
- Agents helped discover vulnerabilities in peer-to-peer software that were later revealed.
- AI-assisted audits have already surfaced bugs in blockchain projects, including Zcash.
The Ethereum Foundation is using swarms of AI agents to attack Ethereum before anyone else can.
Researchers from the Ethereum Foundation Protocol Security Team said in a blog post on Thursday that they have deployed a set of AI agents against the software that Ethereum relies on, searching for vulnerabilities in cryptographic systems, protocol code, and smart contracts.
“We have been running tailored AI agents against the kinds of systems that networks depend on, such as system software, cryptographic codes, and contracts that must be correct,” the researchers wrote. “Agents found a real bug.”
One of the bugs discovered involves a remotely triggered panic in libp2p’s gossipsub, which is part of the peer-to-peer layer used by the Ethereum consensus client. This issue has been fixed and published on Github as CVE-2026-34219.
The practice, known as red teaming, involves companies sending security researchers to attack their systems, attempting to penetrate or destroy networks and expose weaknesses before malicious hackers discover them. While the red team attacks the system, it’s up to the blue team to defend it.
Traditionally, human researchers manually review code to search for vulnerabilities, but AI agents can scan the entire codebase, test for potential exploits, and generate results for review.
“It was not surprising that the agent discovered the bug,” the team wrote. “What was surprising was how much effort goes into finding them, and how much effort goes into distinguishing between bugs that just look real and real bugs.”
According to the Ethereum Foundation, agents are organized into specialized roles such as reconnaissance, search, gap filling, and verification. Some explore possible attack paths, while others reproduce failures and verify whether they work against production code.
“This schema exists for a reason,” they write. “It forces specific, verifiable claims and a clear definition of done. An agent who has to write down observable evidence cannot rely on judgments like, ‘This looks dangerous.’
The growing role of AI in vulnerability research was demonstrated in April when a preview version of Anthropic’s Claude Mythos discovered 271 vulnerabilities in Mozilla’s Firefox browser.
The researchers compared the AI agent to a fuzzer, a tool that tests software for defects. However, unlike fuzzers, AI agents can generate vulnerability reports, assess impact, and create proof-of-concept tests.
But being detailed doesn’t necessarily mean being right. Results generated by AI can appear convincing even when they are wrong, so researchers need to weed out duplicates, false positives, and vulnerabilities that cannot actually be exploited.
“One rule is more important than any other; a candidate cannot be considered a discovery until there is a self-contained artifact that reproduces the fault against real code and can be executed by someone other than the person who wrote it,” the researchers wrote. “Reenactors don’t read the writing, and they don’t care how confident the model sounded. It either runs or it doesn’t.”
AI tools are already helping security researchers find flaws in blockchain networks.
In May, security researcher Taylor Hornby used Anthropic’s Claude Opus 4.8 during an AI-assisted audit that uncovered critical vulnerabilities in Zcash’s Orchard privacy pool. This flaw has been around for about four years and could have allowed an attacker to create counterfeit ZEC without leaving any obvious traces on the chain. Network upgrades to restore confidence in Zcash supply are still in the works.
The Ethereum Foundation’s experiment brings this technology in-house, using AI agents to test its own code and find vulnerabilities.
The Ethereum Foundation said, “AI has not replaced security researchers. AI has driven research.” “Deputies let us cover much more ground than we could do manually. In exchange, they require more careful judgment against a much larger pile of confident claims.”
“It’s a worthwhile deal,” they added, “as long as you remember that the verdict is genuine.”

