The Ethereum Foundation's Protocol Security team deployed AI agents that found a remotely triggerable panic in libp2p's gossipsub component, disclosed as CVE-2026-34219.
"Agents finding bugs wasn't the surprise. The surprise was how little of the work went into finding them, and how much went into telling the real bugs from the ones that just looked real," the Ethereum Foundation's Protocol Security team wrote in a July 9 blog post.
The agents are organized into four roles — recon, hunting, gap filling and validation — and work in parallel against a single target, sharing state through version control rather than a central manager. For a candidate to count as a finding, the team requires a reachable target, a clear invariant, a specific failure mechanism, observable proof, a self-contained reproducer and a deduplication key. "Reproducible or it did not happen," the team wrote.
The finding shifts the bottleneck in security work from generating hypotheses to judging them through triage, artifact validation and disclosure. The team compared the approach to fuzzing, which became standard practice only after the industry agreed on reproducible failures and deterministic environments. "AI didn't replace the security researcher. It moved the work," the Foundation said.
The libp2p gossipsub vulnerability, fixed and disclosed as CVE-2026-34219, could be triggered remotely by any peer on the network, according to the Foundation. The component is a core part of the peer-to-peer layer used by Ethereum consensus clients.
The Foundation said most candidates generated by the agents are wrong, duplicated or out of scope. The key is rejecting weak reports quickly while backing real findings with reproducible proof. Each surviving candidate is checked for real-world reachability and attacker cost — a bug any peer can trigger is different from one requiring special access or unrealistic resources.
The agents can read code, form hypotheses, trace call paths and draft proof-of-concept artifacts. But they also produce reports that look convincing while relying on unreachable code paths, debug-only crashes or weak formal proofs that do not capture the intended property, the team said.
The approach mirrors a broader trend in security research. In April, a preview version of Anthropic's Claude Mythos discovered 271 vulnerabilities in Mozilla's Firefox browser. In May, security researcher Taylor Hornby used Claude Opus 4.8 during an AI-assisted audit that found a critical vulnerability in Zcash's Orchard privacy pool — a flaw that had existed for roughly four years and could have allowed an attacker to create counterfeit ZEC without an on-chain trace.
The Ethereum Foundation's experiment brings the technology in-house, using AI agents to test its own code rather than relying on external audits. "Agents let us cover far more ground than we could by hand. In exchange, they ask for more careful judgment, across a much bigger pile of confident-sounding claims," the team wrote. "That's a trade worth making, as long as you remember that the judgment is the real product."
This article is for informational purposes only and does not constitute investment advice.