
The Protocol Security team at the Ethereum Foundation (EF) deployed coordinated AI agents against critical components of the blockchain infrastructure. These agents examined system software, cryptographic code, and smart contracts.
The Protocol Security Team has been pointing AI agents at Ethereum’s protocol code. Our core takeaway wasn’t about finding bugs, it was about triage.
Here are field notes from the work.https://t.co/HVtc8XcrJK
— Ethereum Foundation (@ethereumfndn) July 9, 2026
“Agents finding bugs was no surprise. The surprise was how little effort was needed to find them and how much was required to separate real bugs from those that only appeared real,” EF stated.
The team emphasized that AI has not removed humans from the security verification process. Instead, it shifted the bottleneck: researchers previously spent much time forming hypotheses, now they focus on verifying a large number of generated candidates.
System Structure
Protocol Security abandoned the model where a single large AI agent manages the entire process. Instead, the team used several specialized systems working in parallel against a single repository. Some were responsible for initial code reconnaissance, others for identifying potential vulnerabilities, filling gaps, and validation. They coordinate through a shared repository and exchange states via a version control system.
“The time previously spent on forming and testing hypotheses is now spent on evaluating them at scale: building an oracle, triage, maintaining a list of known issues, and disclosure,” EF wrote.
According to researchers, agents are well-suited for generating search directions. They can quickly scan large code sections, trace execution paths, and prepare materials for proof-of-concept. However, each candidate must still be independently reproduced on real code before being considered a vulnerability.
Findings by Agents
A publicly disclosed example is the vulnerability CVE-2026-34219 in the Rust implementation of libp2p gossipsub. It relates to handling backoff expiry—a period during which a node temporarily limits interaction with a peer after certain network messages.
The vulnerability allowed remote triggering of a process crash when processing a specially crafted PRUNE message with nearly maximum backoff value. The error arose from unchecked arithmetic in Instant + Duration, potentially leading to overflow.
EF did not disclose how many real bugs the agents found. The blog mentions several discoveries, but only one example was publicly named.
Journalists from The Block noted that most candidates found by AI agents were false positives, duplicates, or issues outside the scope of the review. EF described this as a normal part of the method, not a system failure.
“The goal is to quickly discard incorrect ones and support real ones with hard-to-dispute evidence,” the organization stated.
According to the team, AI agents are less effective with vulnerabilities that manifest only through a long chain of correct actions. Such logic requires not only finding a suspicious code fragment but also proving that the entire sequence of states is indeed achievable.
EF’s publication comes amid a broad reorganization within the foundation. In June, the organization reduced its staff by 20% and introduced a new management structure. Simultaneously, Ethereum co-founder Vitalik Buterin announced that the foundation is cutting its budget by about 40%, transitioning to a long-term capital management model.
According to journalist Colin Wu, the Protocol Support team has been disbanded. It coordinated the Ethereum protocol development process, including network update tracking, EIP support, the Ethereum Protocol Fellowship program, and related educational, community, and infrastructure initiatives.
In March, the Ethereum Foundation established the principle of minimal intervention in network development. Later, the organization prepared a quantum protection plan for the network by 2029 and revised the role of L2 networks in the ecosystem.
Earlier, in June, former EF employee Trent Van Epps warned that the Ethereum ecosystem could face a “slowly growing funding crisis” in the next three to nine months.
