Skip to content

Ethereum deploys AI agents to hunt bugs, discovers libp2p vulnerability

The Ethereum Foundation deploys AI agents to red-team critical network infrastructure
Share this article

Ethereum Foundation’s Protocol Security team revealed they have been running coordinated AI agents against critical network infrastructure, successfully uncovering a remotely-triggerable panic in libp2p’s gossipsub, a core peer-to-peer component used by Ethereum consensus clients.

The vulnerability, fixed and disclosed as CVE-2026-34219, was found through a systematic triage process. The real discovery, the team noted, wasn’t the bugs, but that most of the work went into telling real bugs from confident-sounding noise.

Ethereum deploys AI agents to hunt bugs, discovers libp2p vulnerability: The real challenge was triage: agents produced many false positives, and most of the work went into filtering real bugs from "confident-sounding noise." The Ethereum Foundation found that agents are good at reading spec and code together, but bad at bugs spanning sequences of steps, where their role should be suggesting what to test rather than replacing the test harness.
Source: Pixabay

The search process: AI agents, not oracles

This is how it works: The Foundation runs many AI agents in parallel against a single target, coordinating through version control with no central coordinator. As for the “roles,” they include:

  • Recon (turning attack surfaces into testable hypotheses)
  • Hunting (tracing code paths and building reproducers)
  • Gap-filling (writing next hypotheses and tracking coverage)
  • Validation (independently re-checking candidates)

A candidate only counts as a finding if it includes a self-contained artifact that reproduces the failure against the real code. “A candidate isn’t a finding until there’s a self-contained artifact that reproduces the failure against the real code, and that runs for someone who didn’t write it,” the team noted.

Ethereum deploys AI agents to hunt bugs, discovers libp2p vulnerability: The real challenge was triage: agents produced many false positives, and most of the work went into filtering real bugs from "confident-sounding noise." The Ethereum Foundation found that agents are good at reading spec and code together, but bad at bugs spanning sequences of steps, where their role should be suggesting what to test rather than replacing the test harness.
Example of a candidate before it counts as a finding. (Source: Ethereum)

The triage challenge: Signal vs. noise

The team found that most candidates are wrong, duplicate, or out of scope. The goal is to reject the wrong ones fast and back the real ones with proof that’s hard to argue with.

But three common false positives emerged: 

  • Panics that only happen in debug builds
  • Reproducers that build internal values by hand in ways no real input could produce
  • Formal proof statements that don’t constrain the behavior you actually care about

So the team noted that “an AI agent writes the useless version as fast as the real one, and just as confidently,” so the check has to be automatic.

Then, what is the main challenge of using AI for security auditing? Well, as said, the real work is triage: most AI-generated candidates are false positives or duplicates. This means that AI agents are good at reading code and spec together but bad at bugs spanning sequences of steps, and often produce “confident-sounding noise” that must be filtered out.

Ethereum deploys AI agents to hunt bugs, discovers libp2p vulnerability: The real challenge was triage: agents produced many false positives, and most of the work went into filtering real bugs from "confident-sounding noise." The Ethereum Foundation found that agents are good at reading spec and code together, but bad at bugs spanning sequences of steps, where their role should be suggesting what to test rather than replacing the test harness.
Where AI agents excel and how they mislead. (Source: Ethereum)

Security shift: Triage as the real product

What the Ethereum Foundation is doing actually points to a big shift in how tech security works. Companies like Cloudflare and Anthropic are seeing the same thing: when you use AI for research, the real challenge is not just finding bugs anymore; instead, you should focus on recognizing/knowing which results to trust. 

For example, Anthropic’s Frontier Red Team had an agent churn out a thousand reports, but they still needed experts to sift through them to find the 86 percent that were actually legit. Turns out, generating the data is the easy part.

After all, this Foundation’s approach is bigger than just Ethereum. The AI agents are organized into specialized roles (reconnaissance, hunting, gap-filling, validation) with work coordinated through version control rather than a central controller. The strict verification pipeline ensures every candidate includes a self-contained reproducer that runs against production code; “a candidate isn’t a finding” without it.

For the Web3 ecosystem, the lesson extends beyond tooling. For instance, as AI agents become more capable, the response must be structural: 

  • Formal identity standards (EIP-8004 for agent registration)
  • Payment standards (x402 for autonomous micropayments)
  • Defense-in-depth security frameworks

Finally, the Ethereum Foundation’s expanded bug bounty (now up to $1 million for critical protocol vulnerabilities) signals how seriously it treats this shift. But the bottleneck hasn’t disappeared. It’s just moved from finding bugs to validating them, and that’s where human judgment remains essential. And this whole could be summarized as: “At the end of the day, human judgment is still the secret sauce for making sure those findings are the real deal.”

About The Coin Headlines

The Coin Headlines strives to bring trust into crypto media. At a time when every soundbite and headline can move the markets from red to green and vice-versa, The Coin Headlines promises to bring verified, credible and timely news and analysis from the world of crypto, blockchain, Web3, tech and markets. Founded in 2026, The Coin Headlines is based in the UAE with a team of experienced journalists and editors covering breaking news and updates from around the world.

From covering the biggest events to interviewing some of the most popular KOLs in the industry, The Coin Headlines keeps you informed of the latest trends and insights.

At The Coin Headlines our focus is clear: Real-time news updates, market movements, whale transfers, macroeconomic trends, tech and AI and geopolitical breaking news. The news we report goes through a strict editorial audit before its published to ensure the readers only get verified and credible information. We realize the world of crypto is dynamic, volatile, and many times, confusing. At The Coin Headlines we break down these complex issues into simple articles which cater to not just the experienced trader but also the student and first-time investor who wants to understand the space before committing to it.