Crypto

Ethereum Foundation uses AI agents to hunt network bugs

The Foundation says AI security agents found real flaws in Ethereum-related infrastructure, including a libp2p issue that has been fixed and disclosed.

Theo Nakamura

By Theo Nakamura · Staff Writer

· 3 min read

Ethereum Foundation uses AI agents to hunt network bugs
Photo: Decrypt

The Ethereum Foundation is using artificial intelligence to stress-test parts of the Ethereum network that need to work under pressure. For ETH holders and crypto users, the point is straightforward: security failures in core infrastructure can affect confidence in the network, even when they do not directly involve the ETH token itself.

In a Thursday blog post, researchers on the Ethereum Foundation’s Protocol Security team said they have been running coordinated AI agents against software used by Ethereum. AI agents are programs that can pursue tasks with some autonomy, such as reading code, testing possible bugs and writing up results for humans to review.

The team said the work focused on systems software, cryptographic code and smart contracts. Smart contracts are blockchain programs that execute transactions automatically when their rules are met.

The researchers said the agents “found real bugs.” One example was a remotely triggered panic in gossipsub, a component of libp2p used in Ethereum’s peer-to-peer layer by consensus clients. Consensus clients are the software validators use to help the network agree on the state of the blockchain.

According to the Foundation, that issue was repaired and later disclosed on GitHub as CVE-2026-34219. A CVE, or Common Vulnerabilities and Exposures entry, is a standard identifier used to track publicly disclosed security flaws.

How the AI testing works

The Foundation described the effort as red teaming, a security practice where a team tries to break into or disrupt its own systems so weaknesses can be found under controlled conditions. The defensive side of that process is often called blue teaming.

Traditional software audits rely heavily on human researchers reading code and testing theories. The Foundation said AI agents can widen that process by scanning large codebases, trying out possible exploit paths and producing findings that security teams can check.

The researchers said the hard part was not getting AI systems to flag problems. The harder task was deciding which findings were genuine and which only appeared dangerous. The team wrote that “agents finding bugs wasn’t the surprise,” adding that much of the effort went into separating valid issues from false alarms.

To make that process stricter, the Foundation said its agents are split into roles. Some look for areas of concern, some search for specific weaknesses, some fill gaps in the investigation and others validate whether a reported issue can actually be reproduced against production code.

The team also said it requires agents to use structured reports, or schemas, that force a clear claim and a measurable standard for proving it. In the Foundation’s words, an agent required to produce observable proof cannot rely on saying that something merely “looks risky.”

The Foundation also pointed to a broader trend in blockchain security: AI-assisted audits have already identified bugs in crypto projects, including Zcash. The Ethereum work suggests AI is becoming part of the security toolkit for major blockchain infrastructure, with humans still needed to confirm what the machines find.

This story draws on original reporting from Decrypt.

More from Crypto

All Crypto