Best Miami News connects businesses and publishers

collapse
Home / Daily News Analysis / AI가 검증자를 오프라인으로 만들 수 있는 이더리움 버그를 발견했으나, 이를 입증한 것은 인간이었다

AI가 검증자를 오프라인으로 만들 수 있는 이더리움 버그를 발견했으나, 이를 입증한 것은 인간이었다

Jul 17, 2026  Twila Rosenbaum 2 views
AI가 검증자를 오프라인으로 만들 수 있는 이더리움 버그를 발견했으나, 이를 입증한 것은 인간이었다

The Ethereum Foundation recently conducted an experiment deploying AI agents to hunt for vulnerabilities in the network's software stack. The result was a mixed bag: the AI successfully identified a genuine crash vulnerability that could take validator nodes offline remotely, but it also produced a flood of false positives that required human expertise to sift through. The bug, designated CVE-2026-34219, has since been fixed, but the exercise underscores both the promise and the limitations of using artificial intelligence for security auditing.

The target was the gossipsub messaging protocol, a core component of Ethereum's peer-to-peer layer that manages how nodes share transactions and blocks. Gossipsub is an implementation of the gossip protocol used by libp2p, and its correct operation is crucial for network liveness. If a malicious actor could trigger a crash in a validator's gossipsub handler, that validator would be forced offline, potentially disrupting consensus or enabling attacks such as finality delays or reorgs.

The Experiment: AI Agents on the Hunt

The Ethereum Foundation's security team configured a set of AI agents to automatically probe the codebase of clients like Prysm, Teku, and Lighthouse. The agents were given broad instructions to look for conditions that could cause denial-of-service or crashes. They used both static analysis and dynamic fuzzing techniques, leveraging large language models to generate and mutate test cases.

One agent, after millions of iterations, stumbled on a sequence of messages that caused a memory corruption in the gossipsub handler. When relayed to a full node, the messages triggered an out-of-bounds write that eventually led to a segmentation fault. The AI logged the crash and generated a detailed report, including a proof-of-concept payload.

But the real work began when the team reviewed the outputs. According to internal documents, the AI had produced over 200 separate crash reports. Of those, only one was a true vulnerability that could be reliably reproduced in a live-like environment. The rest were what researchers called 'plausible but invalid' findings: test-only crashes that required debug symbols, attacks that assumed unrealistic network conditions, or trivial formal verification disproofs that had no practical impact.

Why Human Validation Is Indispensable

This disparity highlights a fundamental challenge in AI-assisted security research. While generative models can produce vast numbers of potential exploits, they often lack the contextual understanding to distinguish between a real-world threat and a laboratory artifact. The Ethereum Foundation's security lead noted that the AI had 'perfect confidence' in its false positives, generating lengthy justifications for why each crash was exploitable.

For example, one false positive involved a test harness that deliberately injected invalid messages. The AI concluded that an attacker could use similar messages in production, ignoring the fact that the test harness included special handling not present in the mainnet code. Another example: the AI claimed a divide-by-zero bug could be triggered, but the divisor was a configurable constant that only the node operator could change.

In contrast, the genuine CVE-2026-34219 vulnerability required a specific pattern of gossipsub control messages that no legitimate node would ever emit. The AI's description of the exploit path was accurate, yet it took a human auditor to confirm that the attack surface was accessible without prior authentication or special privileges.

Lessons from Recent Exploits

The usefulness of AI in finding bugs is further questioned by recent high-profile attacks. In the Edel Finance incident, hackers exploited a logic flaw in a smart contract's pricing algorithm. Traditional tools like static analyzers and fuzzers failed to catch it, but a human reviewer might have spotted the edge case. Similarly, the BONK token attack leveraged a reentrancy vulnerability in a seemingly benign function—again, something that pattern-matching AI has historically missed.

These examples suggest that while AI is good at generating brute-force attack vectors, it struggles with subtle business logic errors or multi-step exploits that cross trust boundaries. The Ethereum Foundation's experiment reinforces this: the AI found a low-level memory corruption, but it missed higher-level protocol abuse like griefing attacks or balance manipulation.

Going forward, the foundation plans to use AI agents not as autonomous bug hunters, but as assistants that propose suspicious sequences of operations. These sequences are then examined by human researchers using traditional unit tests, formal verification, and manual review. This hybrid approach aims to combine the scale of AI with the judgment of experienced developers.

Background: The Gossipsub Protocol

Gossipsub is part of the libp2p library, which has been audited multiple times by firms like Trail of Bits and Least Authority. However, the protocol is complex, with features like mesh pruning, heartbeat metrics, and subscription scoring. Any of these could hide subtle bugs that only emerge under adversarial conditions. The AI's discovery of a memory corruption in the message deserialization code was not previously caught by those audits, indicating that autonomous tooling can reach code paths that manual review may overlook.

Ethereum's validator client implementations are written in multiple languages: Go (Lighthouse), Rust (Prysm), Java (Teku), and Nim (Nimbus). Each has its own memory management quirks, and the AI focused on the Go-based clients because of their widespread adoption. The vulnerability was present in all three major Go implementations, underscoring the risk of shared dependencies.

AI in Cybersecurity: A Double-Edged Sword

The use of AI for vulnerability research is not limited to Ethereum. Major tech companies like Google, Microsoft, and Meta deploy AI agents to find bugs in their own infrastructure. However, the rate of false positives remains high. A 2025 study showed that AI-generated bug reports for open-source projects had a false discovery rate of 85% or more, compared to about 40% for human-generated reports. The Ethereum Foundation's experiment aligns with these figures.

One reason is that AI models are trained on known vulnerabilities and tend to extrapolate patterns that may not hold in new contexts. They can generate exploit code that works in a sandbox but fails in production due to missing dependencies, timing differences, or network topology. Additionally, AI lacks the ability to reason about security economics: a crash that requires 10,000 sequential steps is less likely to be exploited than one that requires a single packet.

Nevertheless, the speed of AI is undeniable. The agent that found CVE-2026-34219 ran for only 48 hours, while a human researcher might take weeks or months to manually fuzz the same code. With proper filtering, AI can accelerate the discovery phase, even if it cannot replace the validation phase.

The Future of AI in Blockchain Security

The Ethereum Foundation intends to release the AI agent's methodology and findings to the public, including a dataset of true and false positives. This could help other projects train better models or develop more effective filters. Some researchers are already working on 'explanation generators' that force the AI to produce formal proofs of exploitability, which can then be verified by theorem provers.

There is also interest in combining AI with runtime monitoring. Instead of just finding bugs in code, agents could watch live network traffic and flag anomalous messages that resemble known attack patterns. This would shift the focus from pre-deployment audits to post-deployment intrusion detection.

For now, however, the lesson from the Ethereum experiment is clear: AI can be a powerful tool for finding needles in haystacks, but it still needs human hands to confirm that the needle is indeed sharp. The CVE-2026-34219 fix was developed by a human engineer who understood the nuance of the gossipsub protocol, not by the AI that discovered it. As one foundation developer put it, 'The AI showed us where to dig. We still had to do the digging.'


Source:Coindesk News


Share:

Your experience on this site will be improved by allowing cookies Cookie Policy