The Protocol Security team at the Ethereum Foundation (EF) has deployed coordinated AI agents to target critical components of the blockchain infrastructure. They examined system software, cryptographic code, and smart contracts.

The Protocol Security Team has been pointing AI agents at Ethereum’s protocol code. Our core takeaway wasn't about finding bugs, it was about triage.

Here are field notes from the work.https://t.co/HVtc8XcrJK

— Ethereum Foundation (@ethereumfndn) July 9, 2026

“The agents find bugs — that was no surprise. What surprised us was how little effort went into finding them and how much went into distinguishing real bugs from those that merely appeared to be real,” stated EF.

The team emphasized that AI has not replaced humans in the security review process. Instead, it has shifted the bottleneck: researchers previously spent a lot of time formulating hypotheses, but now they focus on validating a large number of generated candidates.

System Overview

Protocol Security moved away from a model where a single large AI agent manages the entire process. Instead, the team employed several specialized systems that work in parallel against a single repository. Some were responsible for initial code exploration, while others focused on identifying potential vulnerabilities, filling gaps, and validation. They coordinate through a shared repository and exchange status via a version control system.

“The time previously spent on formulating and testing hypotheses is now dedicated to evaluating them at scale: building an oracle, triage, maintaining a list of known issues, and disclosure,” EF wrote.

According to the researchers, the agents are well-suited for generating search directions. They can quickly scan large sections of code, trace execution paths, and prepare materials for proof-of-concept. However, each candidate must still be independently reproduced on actual code before it can be considered a vulnerability.

Findings from the Agents

A publicly disclosed example is the vulnerability CVE-2026-34219 in the Rust implementation of libp2p gossipsub. It relates to the handling of backoff expiry — the period during which a node temporarily limits interaction with a peer after certain network messages.

This vulnerability allowed for a remote crash of the process when handling a specially crafted PRUNE message with an almost maximum backoff value. The error stemmed from unchecked arithmetic when adding Instant + Duration, which could lead to overflow.

However, EF did not disclose how many real bugs the agents found in total. The blog mentions several findings, but only one example has been publicly named.

Journalists from The Block noted that most of the candidates identified by the AI agents turned out to be false positives, duplicates, or issues outside the scope of the review. EF described this as a normal part of the method, not a failure of the system.

“The goal is to quickly discard the incorrect ones and reinforce the real ones with evidence that is hard to dispute,” the organization stated.

The team noted that AI agents struggle with vulnerabilities that only manifest through a long chain of correct actions. Such logic requires not only identifying a suspicious code fragment but also proving that the entire sequence of states is indeed reachable.

EF's publication comes amid a broader reorganization within the foundation. In June, the organization cut its staff by 20% and introduced a revised governance structure. Concurrently, Ethereum co-founder Vitalik Buterin announced that the foundation is reducing its budget by approximately 40%, shifting to a long-term capital management model.

According to journalist Colin Wu, the Protocol Support team has been disbanded. This team was responsible for coordinating the Ethereum protocol development process, including tracking network updates, supporting EIPs, the Ethereum Protocol Fellowship program, and various educational, community, and infrastructure initiatives related to this.

In March, the Ethereum Foundation established a principle of minimal intervention in the network's development. Later, the organization prepared a plan for quantum protection of the network by 2029 and reassessed the role of L2 networks in the ecosystem.

It is worth noting that in June, former EF employee Trent Van Epps warned that the Ethereum ecosystem might face a "slowly escalating funding crisis" in the next three to nine months.