Ethereum Foundation’s Protocol Security team revealed they have been running coordinated AI agents against critical network infrastructure, successfully uncovering a remotely-triggerable panic in libp2p’s gossipsub, a core peer-to-peer component used by Ethereum consensus clients.
The vulnerability, fixed and disclosed as CVE-2026-34219, was found through a systematic triage process. The real discovery, the team noted, wasn’t the bugs, but that most of the work went into telling real bugs from confident-sounding noise.

The search process: AI agents, not oracles
This is how it works: The Foundation runs many AI agents in parallel against a single target, coordinating through version control with no central coordinator. As for the “roles,” they include:
- Recon (turning attack surfaces into testable hypotheses)
- Hunting (tracing code paths and building reproducers)
- Gap-filling (writing next hypotheses and tracking coverage)
- Validation (independently re-checking candidates)
A candidate only counts as a finding if it includes a self-contained artifact that reproduces the failure against the real code. “A candidate isn’t a finding until there’s a self-contained artifact that reproduces the failure against the real code, and that runs for someone who didn’t write it,” the team noted.
The triage challenge: Signal vs. noise
The team found that most candidates are wrong, duplicate, or out of scope. The goal is to reject the wrong ones fast and back the real ones with proof that’s hard to argue with.
But three common false positives emerged:
- Panics that only happen in debug builds
- Reproducers that build internal values by hand in ways no real input could produce
- Formal proof statements that don’t constrain the behavior you actually care about
So the team noted that “an AI agent writes the useless version as fast as the real one, and just as confidently,” so the check has to be automatic.
Then, what is the main challenge of using AI for security auditing? Well, as said, the real work is triage: most AI-generated candidates are false positives or duplicates. This means that AI agents are good at reading code and spec together but bad at bugs spanning sequences of steps, and often produce “confident-sounding noise” that must be filtered out.
Security shift: Triage as the real product
What the Ethereum Foundation is doing actually points to a big shift in how tech security works. Companies like Cloudflare and Anthropic are seeing the same thing: when you use AI for research, the real challenge is not just finding bugs anymore; instead, you should focus on recognizing/knowing which results to trust.
For example, Anthropic’s Frontier Red Team had an agent churn out a thousand reports, but they still needed experts to sift through them to find the 86 percent that were actually legit. Turns out, generating the data is the easy part.
After all, this Foundation’s approach is bigger than just Ethereum. The AI agents are organized into specialized roles (reconnaissance, hunting, gap-filling, validation) with work coordinated through version control rather than a central controller. The strict verification pipeline ensures every candidate includes a self-contained reproducer that runs against production code; “a candidate isn’t a finding” without it.
For the Web3 ecosystem, the lesson extends beyond tooling. For instance, as AI agents become more capable, the response must be structural:
- Formal identity standards (EIP-8004 for agent registration)
- Payment standards (x402 for autonomous micropayments)
- Defense-in-depth security frameworks
Finally, the Ethereum Foundation’s expanded bug bounty (now up to $1 million for critical protocol vulnerabilities) signals how seriously it treats this shift. But the bottleneck hasn’t disappeared. It’s just moved from finding bugs to validating them, and that’s where human judgment remains essential. And this whole could be summarized as: “At the end of the day, human judgment is still the secret sauce for making sure those findings are the real deal.”





