header-langage
简体中文
繁體中文
English
Tiếng Việt
한국어
日本語
ภาษาไทย
Türkçe
Scan to Download the APP

Ethereum Foundation Utilizes AI to Mine for Bugs: Successfully Identifies Security Vulnerabilities, States Human Review Still Irreplaceable

BlockBeats News, July 11th. The Ethereum Foundation revealed that its protocol security team used an AI agent to conduct vulnerability research on Ethereum client software to enhance network security. During the testing phase, the AI successfully discovered a vulnerability in the Gossipsub message propagation protocol that allowed remote attacks to trigger node program crashes, causing validator nodes to go offline. Currently, the vulnerability has been patched and assigned CVE-2026-34219.


However, the Ethereum Foundation pointed out that the biggest challenge for AI is not finding vulnerabilities but distinguishing between real vulnerabilities and false positives. AI not only generates vulnerability descriptions, impact analyses, and attack code but may also raise seemingly reasonable yet non-existent issues, requiring further validation by security researchers. The Foundation summarized three common types of false positives, including crashes only seen in a testing environment, attack paths that cannot be exploited in a real-world scenario, and invalid proofs in formal verification.


Furthermore, the Ethereum Foundation believes that AI is currently better at analyzing single-code issues but still has limited ability to identify complex attack chains formed by multiple legitimate operations, which are the main reasons behind attacks on multiple cryptographic protocols this year. In the future, the Ethereum Foundation plans to use AI to assist in generating potential attack paths, combine them with manual and automated testing for validation, to further enhance vulnerability discovery efficiency and accuracy.

举报 Correction/Report
Correction/Report
Submit
Add Library
Visible to myself only
Public
Save
Choose Library
Add Library
Cancel
Finish