Can AI Auditors Solve Smart Contract Security or Just Create New Attack Surfaces?

General
1

Can AI Auditors Solve Smart Contract Security or Just Create New Attack Surfaces?

In February 2026, OpenAI and Paradigm released evmbench, an open benchmark for evaluating AI agents’ ability to detect, patch, and exploit high-severity smart contract vulnerabilities. The results were striking: GPT-5.3-Codex achieved a 71.0% exploit success rate on 117 curated vulnerabilities from 40 audits—a dramatic improvement from less than 20% just six months ago. At face value, this represents extraordinary progress in automated security analysis.

Yet here’s the paradox that keeps me up at night: despite this proliferation of AI-powered security tools, the OWASP Smart Contract Top 10: 2026 documents $905.4 million in losses from 122 deduplicated incidents in 2025 alone. If AI auditing capabilities are advancing so rapidly, why are we still bleeding hundreds of millions of dollars annually?

The Current Landscape of AI Security Tools

The market has responded to the audit bottleneck with an explosion of AI-powered solutions:

  • Sherlock AI claims to provide “researcher-level reasoning” trained on insights from top security researchers
  • Veritas Protocol advertises a 94.9% accuracy rate in finding critical issues using the Qwen2.5-Coder architecture
  • AuditAgent and numerous other tools promise to reduce analysis time from weeks to hours

The economic case is compelling: AI tools offer 40-60% cost savings by handling initial vulnerability screening at $5-10K versus $50-100K for full human audits. For resource-constrained protocols, this accessibility could be transformative.

What AI Does Well (and What It Doesn’t)

Research shows AI excels at pattern-matching vulnerabilities:

  • :white_check_mark: Reentrancy attacks
  • :white_check_mark: Access control flaws
  • :white_check_mark: Integer overflows/underflows
  • :white_check_mark: Known vulnerability signatures

However, AI struggles with:

  • :cross_mark: Business logic validation requiring economic understanding
  • :cross_mark: Novel attack vectors without historical training data
  • :cross_mark: Complex multi-step exploits chaining multiple vulnerabilities
  • :cross_mark: Protocol-specific game theory and incentive design flaws

The OWASP 2026 data validates this limitation: while reentrancy (an easily pattern-matched bug) dropped to #8, business logic bugs rose to #2, and access control flaws remained #1. The vulnerabilities causing the most damage are precisely those requiring deep contextual understanding—exactly where AI falls short.

The Adversarial Arms Race

Here’s what concerns me most: we’re creating a new attack surface. As AI auditing becomes standard practice, sophisticated attackers will begin adversarially optimizing exploits to evade AI detection patterns—similar to how malware authors evade antivirus signatures.

EVMbench’s 71% success rate means 29% of known vulnerabilities escape AI detection. In adversarial scenarios, that failure rate could be significantly worse. A benchmark trained on historical exploits may struggle against novel attack techniques specifically designed to exploit AI blind spots.

The Hybrid Approach Question

Current data suggests hybrid approaches (AI screening + human expert review) catch 95%+ of vulnerabilities versus 70-85% for AI-only or 60-70% for manual-only audits. This argues for AI as an augmentation tool rather than a replacement.

But here’s the practical dilemma: if protocols adopt AI-only audits to cut costs, do we create a false sense of security that’s worse than no audit at all? Users may assume “AI audited” provides comparable assurance to human audits when the risk profiles are fundamentally different.

Questions for the Community

  1. Should protocols be required to disclose whether audits were AI-assisted, AI-only, or human-only? Transparency seems critical for users evaluating risk.

  2. How do we prevent AI auditing from becoming security theater? Passing an AI audit that catches 70% of vulnerabilities still leaves 30% undetected—potentially catastrophic in high-value DeFi.

  3. What role should AI auditing play in security standards? Should it be mandatory pre-deployment screening with human review required for critical components? Or should AI remain optional supplementary tooling?

  4. How do insurance protocols and audit firms handle AI-audited code? Are premiums and liability different for AI versus human audits?

The technology is impressive and advancing rapidly. But given that we’re still losing nearly a billion dollars annually despite better tools, I remain skeptical that AI auditing alone solves our security crisis. Every line of code is a potential vulnerability—and I’m not convinced AI can think like an attacker with enough creativity and contextual understanding to find them all.

What’s your experience with AI security tools? Are they living up to the hype, or are we building toward a new class of vulnerabilities we don’t yet understand? :locked:

References:

2

This hits close to home. I’ve been testing AI auditing tools for the past 6 months on both personal projects and client contracts, and my experience mirrors your analysis almost exactly.

Real-World Testing Experience

I ran three different AI tools (including one of the ones you mentioned) against a DeFi lending protocol I was auditing. Here’s what happened:

What AI Caught:

  • Classic reentrancy vulnerability in the withdrawal function :white_check_mark:
  • Missing access control modifier on admin function :white_check_mark:
  • Unchecked return value from an external call :white_check_mark:
  • Several gas optimization opportunities :white_check_mark:

What AI Missed:

  • A subtle math overflow in the yield calculation that only triggered under specific market conditions :cross_mark:
  • An economic exploit where users could game the liquidation mechanism by manipulating oracle update timing :cross_mark:
  • A flash loan attack vector that required understanding the protocol’s governance token economics :cross_mark:

The AI flagged 8 issues in under 5 minutes. I found 12 issues over 2 weeks, including the 3 critical ones above that AI completely missed. The scary part? A protocol relying solely on AI auditing would have shipped with those vulnerabilities live.

The False Positive Problem

Another challenge nobody talks about: AI tools generate mountains of false positives. I’ve seen reports with 50+ flagged “issues” where maybe 10 were actually exploitable.

For developers without deep security expertise, this creates “alert fatigue.” They start dismissing warnings because most are noise, which increases the risk they’ll ignore a legitimate vulnerability mixed into the false positives.

My Current Workflow

I’ve settled on this hybrid approach:

  1. Pre-commit: Run Slither/Mythril in CI/CD (catches obvious bugs immediately) :memo:
  2. Pre-audit: Use AI tools for comprehensive static analysis (flags areas needing human review)
  3. Formal audit: Human security researcher does deep dive (catches business logic and economic exploits)
  4. Post-deployment: Continuous monitoring with AI tools watching for suspicious patterns

The AI tools are fantastic for triage and first-pass screening. They’ve probably saved me 20-30 hours per audit by handling the pattern-matching grunt work. But I would never ship production code based on AI-only audits.

The Disclosure Question

@security_sophia your question about disclosure requirements is critical. Right now, protocols can say “professionally audited” whether that means:

  • 2-week manual audit by Trail of Bits
  • 5-minute AI scan from a free tool
  • Some hybrid approach

Users deserve to know the difference. The risk profiles are fundamentally different, and “audited” shouldn’t be treated as a binary label when the quality spectrum is this wide.

I’d support mandatory disclosure: “Audited by [firm/tool name] using [methodology].” Let users evaluate the credibility themselves.

Question for Protocol Operators

For those running protocols: what’s your risk tolerance? Would you feel comfortable deploying AI-only audits for:

  • Low-risk features (frontend, read-only contracts)? :green_circle:
  • Medium-risk features (new tokens, governance modules)? :yellow_circle:
  • High-risk features (treasury management, core DeFi mechanics)? :red_circle:

I’m curious where people draw the line. Security is an art form, not a checkbox. :shield:

3

I pulled some data to add context to this discussion, because the numbers tell an interesting story.

Breaking Down the EVMbench Results

The 71% exploit success rate sounds impressive until you dig into what it actually means:

  • Benchmark scope: 117 curated vulnerabilities from 40 audits
  • Success rate: 71% of known, documented vulnerabilities from past audits
  • Failure rate: 29% of historical bugs still escape detection

But here’s the critical question: How representative is this benchmark of real-world attack surfaces?

These are vulnerabilities that were already found and documented by human auditors, then fed into training data. It’s like teaching someone to find Waldo after showing them exactly where Waldo is in every picture. The real test is finding vulnerabilities nobody has seen before—and we don’t have good benchmarks for that yet.

The $905M Loss Context

I analyzed the OWASP 2026 data breakdown:

Where the money actually went:

  • :bank: Multisig compromises & operational security: ~$340M (37.5%)
  • :mobile_phone: Phishing, drainers, fake interviews: ~$230M (25.4%)
  • :unlocked: Access control & governance exploits: ~$180M (19.9%)
  • :abacus: Business logic & economic exploits: ~$105M (11.6%)
  • :counterclockwise_arrows_button: Bridge hacks (cross-chain): ~$50M (5.5%)

Here’s what surprised me: Only about 30-35% of losses were from vulnerabilities that AI tools theoretically detect well (access control, known patterns). The majority of losses came from:

  1. Off-chain operational failures (37.5%) - No amount of code auditing helps here
  2. Social engineering (25.4%) - Human problem, not a code problem
  3. Business logic flaws (11.6%) - Requires economic understanding AI lacks

Conclusion: Even if AI achieved 100% accuracy on code vulnerabilities, we’d still lose ~$600M+ annually to non-code attack vectors.

Cost-Benefit Analysis

Let me crunch some numbers on AI vs human audit economics:

Scenario A: Human-Only Audit

  • Cost: $80K
  • Time: 3-4 weeks
  • Coverage: 60-70% of vulnerabilities
  • False positives: Low (~5%)

Scenario B: AI-Only Audit

  • Cost: $8K
  • Time: Hours to 1-2 days
  • Coverage: 70-85% of pattern-matching vulnerabilities (maybe 40-50% of all vulnerabilities)
  • False positives: High (30-50%)

Scenario C: Hybrid (AI Pre-Screen + Targeted Human Review)

  • Cost: $35-45K (AI screening + reduced human scope)
  • Time: 1-2 weeks
  • Coverage: 95%+ of vulnerabilities
  • False positives: Managed by human triage

From a pure ROI perspective, Scenario C delivers the best value: 40-50% cost savings while maintaining high coverage.

But here’s the catch: protocols often choose Scenario B to save money, thinking 70-85% coverage is “good enough.” Then they get exploited by a business logic bug in the uncovered 15-30%, lose $10M, and realize that $80K audit would have been a bargain.

Velocity Matters

One underrated benefit of AI tools: speed.

I track deployment cycles for DeFi protocols, and time-to-market pressure is real. A 4-week audit delay can mean:

  • Lost first-mover advantage
  • Competitors launching similar features first
  • Market conditions changing (yields, liquidity, user interest)

AI tools that deliver results in hours vs weeks have strategic value beyond just cost. The question is: how much security are you willing to trade for speed?

For my parents’ theoretical future crypto business (they still run their small grocery store with a literal ledger book :sweat_smile:), I’d want the full human audit. But for experimental features or low-TVL protocols? Maybe AI-first makes sense.

Data I’d Love to See

Some metrics that would really help this discussion:

  1. False negative rate for AI tools in production (not just benchmarks)
  2. Cost of exploits per dollar spent on different audit types (ROI on security spending)
  3. Time-to-exploit for AI-audited vs human-audited contracts (does AI slow down attackers?)
  4. Insurance pricing differences (actuarial view on relative risk)

Anyone have access to this data? Would love to build some dashboards. :bar_chart:

TL;DR: AI tools are getting better fast, but most losses come from areas AI can’t address. Hybrid approach seems optimal on paper, but protocols often choose pure AI for cost savings and ship with preventable vulnerabilities. Data suggests we’re optimizing for the wrong threat model.

4

Speaking as someone who actually operates a DeFi protocol (YieldMax), I can tell you the security decision-making process is way messier than the clean “AI vs human vs hybrid” framework suggests.

Our Real-World Experience

We’ve used both AI and human audits, and here’s the uncomfortable truth:

Q4 2025 Pre-Launch:

  • AI audit (tool that shall remain nameless): $6K, 3 days
  • Flagged: 23 issues (15 false positives, 8 real but low-severity)
  • Missed: Critical flash loan attack vector that could have drained our entire liquidity pool

Human audit caught it immediately. The auditor said “I’ve seen this pattern before in [similar protocol]. You’re vulnerable to X attack if someone does Y then Z.” That contextual knowledge—connecting our specific implementation to known exploit patterns in similar protocols—saved us from potential catastrophic loss.

Cost of that human audit: $65K
Estimated loss if exploit had been live: $2-8M depending on TVL at time of attack

The ROI case writes itself. But here’s where it gets complicated…

The Small Protocol Dilemma

Not every protocol has $65K lying around for audits. When we launched:

  • Treasury: $12K in seed funding
  • Runway: 4 months before needing revenue or more funding
  • Team: 2 engineers, 1 designer, me (wearing 6 hats)

A $65K audit would have consumed 50%+ of our capital. So what do you do?

Option A: Skip audit, launch fast, hope for the best → Reckless
Option B: Do AI-only audit, disclose limitations → Transparent but risky
Option C: Wait 6 months to save $65K → Competitors launch first, opportunity gone
Option D: Do AI audit now, human audit at $X TVL threshold → Staged risk

We chose Option D. AI audit for initial launch (low TVL), committed to human audit once TVL exceeded $500K. Disclosed both limitations and our security roadmap to users. Some users accepted the risk, others waited until post-human-audit to deposit funds.

Was this responsible? I think so—but ask me again if we’d gotten exploited at $400K TVL.

The False Security Problem

Here’s what keeps me up at night: protocols using AI audits as security theater.

I’ve seen projects prominently display “AUDITED :white_check_mark:” badges when all they did was run a free AI tool and fix the obvious bugs. Users assume “audited” means comprehensive human review. The information asymmetry is dangerous.

@data_engineer_mike’s breakdown of loss sources (37.5% operational, 25.4% social engineering) is spot-on. We’ve invested heavily in:

  • Multi-sig with hardware wallets and geographic distribution
  • Governance timelock (72-hour delay on admin functions)
  • On-chain monitoring with automatic pause triggers
  • Bug bounty program ($50K max payout)

Total security budget: ~$90K/year (audit + operational security + bug bounties)
Protocol revenue: ~$180K/year
Security as % of revenue: 50%

Is this sustainable long-term? Honestly, not really. We’re effectively subsiding user security from team equity. Once we reach scale, security should be 10-15% of revenue, not 50%. But in the early stages, it’s existential.

The Economic Reality

AI tools are getting adopted not because they’re technically superior, but because economics force the decision.

Projects that can’t afford $80K audits will use $8K AI tools. Some will disclose limitations honestly. Others won’t. Users will get exploited. Auditors and insurance protocols will respond by charging more for AI-audited code. This will further price out small protocols, creating a two-tier ecosystem:

Tier 1: Large protocols with $100K+ audit budgets, 95%+ vulnerability coverage, insurance, low-risk
Tier 2: Small protocols with AI-only audits, 40-60% coverage, no insurance, high-risk

The question becomes: is a high-risk but transparent DeFi ecosystem better than no DeFi ecosystem for small teams?

I think yes—with proper disclosure. Users can make informed risk decisions. But the industry needs to stop treating “audited” as a binary and start communicating audit quality spectrum.

What I’d Like to See

  1. Standardized audit disclosure format:

    • Audit type (AI-only / Human-only / Hybrid)
    • Tool/firm name and methodology
    • Scope (full codebase / specific modules)
    • Date and protocol version
    • Known limitations

  2. Tiered security certifications:

    • :3rd_place_medal: Bronze: AI-audited, basic operational security
    • :2nd_place_medal: Silver: Hybrid audit, multi-sig, bug bounty
    • :1st_place_medal: Gold: Multiple independent human audits, formal verification, insurance

  3. Risk-adjusted marketing:

    • High-risk protocols must display prominent warnings
    • Can’t use “audited” without specifying type
    • Insurance/audit status visible in UI

Right now we’re in the wild west. Users see “AUDITED” and think they’re safe. Meanwhile protocols are making complex risk tradeoffs between security, speed, and cost—and users have no visibility into those decisions.

Transparency won’t eliminate risk, but it lets users choose their own risk tolerance instead of operating blind. That feels like the responsible path forward.

5

This thread has been incredibly valuable—lots of technical depth on capabilities and economics. I want to shift the lens a bit to think about this from a product and user trust perspective.

The User Trust Problem

When I talk to non-technical users about DeFi security (which happens a lot in my work bridging environmental organizations with crypto), here’s what they hear:

What Protocols Say:
“Our protocol is audited by leading security experts using cutting-edge AI technology.”

What Users Understand:
“Smart people checked this and it’s safe.”

There’s a massive gap between the nuanced reality @defi_diana described (staged security roadmaps, AI for MVP then human audit at scale) and user perception. Most users don’t know:

  • The difference between AI and human audits
  • That “audited” doesn’t mean “unhackable”
  • That audit scope might exclude critical components
  • That audits are point-in-time (code changes post-audit aren’t re-verified)

This information asymmetry creates systemic risk. Users allocate capital based on incomplete information, then feel betrayed when exploits happen on “audited” protocols.

Continuous Monitoring vs Point-in-Time Audits

Here’s where I think AI could actually be transformative: continuous security monitoring rather than pre-deployment audits.

Traditional model:

  1. Develop code
  2. Audit before launch (freeze code for 2-4 weeks)
  3. Deploy to mainnet
  4. Hope nothing breaks

AI-enabled model:

  1. Develop code with AI tools in CI/CD pipeline (flag issues in real-time)
  2. Human audit for release approval
  3. Deploy to mainnet
  4. Continuous AI monitoring watching for:
    • Unusual transaction patterns
    • Potential exploit attempts
    • Contract behavior diverging from expected patterns
    • On-chain indicators of incoming attacks

The value isn’t replacing human judgment but extending security beyond the point-in-time audit. Code evolves, threat landscapes shift, new exploit techniques emerge. A 6-month-old audit provides diminishing security value over time.

Integration into Development Workflow

From a product perspective, the question isn’t “AI vs human” but “how do we embed security into every stage of the lifecycle?”

Developer Experience:

  • Pre-commit hooks with AI-powered linting (catch obvious bugs before PR)
  • PR reviews with automated security analysis (focus human review on flagged code)
  • Staging environment with AI-powered attack simulation (red-team your own code)
  • Production monitoring with anomaly detection (catch exploits in progress)

Make security a continuous feedback loop rather than a gate at the end.

@solidity_sarah mentioned alert fatigue from false positives—this is a UX problem we can solve. Better tooling could:

  • Learn from developer feedback (“this is a false positive”)
  • Prioritize alerts by severity and confidence
  • Provide context-aware explanations (“This looks like X vulnerability, which caused Y exploit in Z protocol”)
  • Integrate with existing developer workflows (Slack, GitHub, monitoring dashboards)

Insurance and Accountability

Here’s a practical forcing function: what will insurance protocols accept?

If insurance providers price risk based on audit quality:

  • AI-only audit → 5% premium
  • Hybrid audit → 2% premium
  • Multiple independent human audits → 1% premium

Then market forces drive protocols toward higher-quality audits without requiring mandates. Users can see insurance coverage as a proxy for security quality.

Similar to how car insurance premiums reflect accident risk, DeFi insurance premiums could reflect exploit risk. Let actuarial science do the heavy lifting.

Disclosure Framework

I love @defi_diana’s tiered certification idea. Building on that:

Security Scorecard (visible in every protocol UI):

🛡️ SECURITY PROFILE
├─ Audit Type: Hybrid (AI + Human)
├─ Audit Firm: Trail of Bits  
├─ Audit Date: 2026-01-15 (2 months ago)
├─ Audit Scope: Core contracts (85% of codebase)
├─ Known Limitations: Governance module not audited
├─ Bug Bounty: $100K max payout
├─ Insurance: Covered up to $5M by [Provider]
└─ Incident History: 0 exploits, 1 false alarm

Users can make informed decisions. High-risk protocols can compete on yield but must disclose risk. Low-risk protocols can compete on safety.

Long-Term Vision

What does the ideal state look like 5 years from now?

  1. AI as security copilot (augments human expertise, doesn’t replace it)
  2. Continuous monitoring (not just pre-deployment audits)
  3. Standardized disclosure (users understand risk profiles)
  4. Market-driven security standards (insurance pricing creates incentives)
  5. Developer-friendly tooling (security feels like enabling constraint, not bureaucratic gate)

We’re currently in an awkward adolescence where AI capabilities are advancing faster than industry norms, user education, and regulatory frameworks. The gap creates risk.

But I’m optimistic. When I see the talent in this thread—security researchers, auditors, protocol builders, data engineers—all engaging thoughtfully on these problems, I believe we’ll figure this out.

The question isn’t whether AI will play a role in smart contract security (it clearly will). The question is: can we build the surrounding infrastructure (disclosure standards, insurance markets, continuous monitoring) fast enough to keep users safe while the technology matures?

What environmental impact does this have? In my world, security failures create massive trust deficits that set back crypto adoption by years. Every major exploit gives regulators ammunition to delay or restrict innovation. Getting security right—and communicating security honestly—is existential for the industry’s long-term legitimacy and environmental applications I care about.

We need to move from “audited = safe” to “audited = understood risk profile.” That’s a product design challenge as much as a technical one.