Particle.news
Download on the App Store

Ethereum Foundation Uses AI Red Teams to Find Libp2p Bug

This shifts the security bottleneck from finding bugs to human-led reproducible triage and validation.

Overview

  • The Protocol Security team disclosed on July 9 that it ran coordinated AI agents against Ethereum’s core code and libraries to hunt for vulnerabilities.
  • The agents produced one confirmed, fixed issue: a remotely triggerable crash in libp2p’s gossipsub that was patched and disclosed as CVE-2026-34219 because it could briefly take validator nodes offline.
  • Researchers run specialized agents for recon, hunting, gap-filling, and validation that share state via the code repository rather than a central controller to scale parallel search.
  • Most agent reports proved to be duplicates, debug-only crashes, or infeasible attack paths so the team requires a self-contained reproducer that runs for an independent reviewer before accepting a finding.
  • The experiment shows AI can raise hypothesis throughput and surface real bugs but leaves the hard work to humans who must reproduce, deduplicate, judge severity, and run stateful tests before disclosure.