Ethereum Foundation uses AI to mine vulnerabilities: successfully discovers a security flaw, saying human review is still irreplaceable

robot
Abstract generation in progress

BlockBeats, July 11: The Ethereum Foundation disclosed that its protocol security team used AI agents to conduct vulnerability mining on Ethereum client software in order to enhance network security. During testing, the AI successfully identified a vulnerability in the Gossipsub message propagation protocol. The flaw allows remote attacks to trigger a crash in the node program, causing validator nodes to go offline. The vulnerability has now been fixed, and has been registered as CVE-2026-34219.

However, the Ethereum Foundation noted that the biggest challenge for AI is not finding vulnerabilities, but distinguishing real issues from false positives. AI can generate vulnerability descriptions, impact analyses, and attack code, and may also present problems that appear plausible but do not actually exist. As a result, security researchers still need to conduct careful verification. The foundation summarized three common types of false positives, including crashes that only occur in test environments, attack paths that cannot be exploited in real environments, and invalid proofs in formal verification.

In addition, the Ethereum Foundation believes that AI is currently better at analyzing single-code issues, but its ability to identify complex attack chains composed of multiple legitimate operations remains limited—yet such attacks are the main reason several crypto protocols have been attacked this year. In the future, the Ethereum Foundation plans to have AI assist in generating potential attack paths, and then validate them with human and automated testing, to further improve the efficiency and accuracy of vulnerability discovery.

ETH1.35%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned