Ethereum co-founder warns AI can automate vulnerability discovery; advocates formal verification to secure smart contracts and protocols. The shift toward verified cores may reshape risk.
Vitalik Buterin warned that advances in artificial intelligence could radically change how crypto systems are attacked and defended. In a new essay published on 18 May, the Ethereum co-founder argued that increasingly powerful AI models could make it far easier to discover and exploit vulnerabilities in complex software systems. That risk applies especially to smart contracts, zero-knowledge infrastructure, and cryptographic protocols.
Buterin described bugs in crypto infrastructure as becoming "even more scary" when combined with AI systems capable of automating vulnerability discovery. Rather than relying only on traditional audits and software testing, he argued that the crypto industry should increasingly adopt formal verification – mathematically proving that software behaves correctly under specific conditions, not merely testing whether it appears to work. Computers can automatically check the proofs themselves.
Current crypto security depends heavily on manual code reviews and automated scanning tools that flag known patterns. AI models, particularly large language models trained on code bases, can generate and test thousands of potential exploit pathways in minutes. Buterin noted that the combination of AI with already complex smart contract logic and cryptographic primitives raises the probability of novel bug classes being found before human auditors can respond.
The following areas face the highest exposure if AI-driven exploit discovery becomes widespread:
The essay specifically highlighted that even cryptographic protocols – the mathematical underpinning of encryption and consensus – could be vulnerable if AI finds implementation flaws in libraries or proofs.
Formal verification uses mathematical models to prove that software satisfies specific properties (for example, no reentrancy, no overflow, invariant preservation). Unlike fuzz testing or manual review, a successful proof eliminates an entire class of bugs. Buterin sees this as the most robust countermeasure against AI‑aided exploits. The verification itself can be checked by automated proof assistants, creating a trust layer that does not depend on human attention.
Buterin acknowledged that formal verification is not perfect. Even mathematically verified systems can fail if assumptions are incorrect or if vulnerabilities exist outside the verified code. For example, a verified smart contract might still be exploited via a governance attack or an oracle manipulation that was not modeled in the proof. The essay stressed that formal verification reduces but does not eliminate risk. Assumption correctness becomes the new critical failure point.
Buterin described a future where highly sensitive digital infrastructure becomes increasingly concentrated into smaller "secure core" systems. Those systems – likely handling settlement, key management, and protocol‑level logic – would need to be heavily verified and carefully isolated as AI‑generated software becomes more widespread.
Less critical applications and interfaces would remain more flexible but ideally operate with limited permissions to reduce the impact of potential bugs or exploits. This layered architecture mirrors blockchain scaling approaches: layer‑1s handle security while layer‑2s prioritize throughput and flexibility. Buterin compared the relationship to blockchain scaling systems, in which one technology introduces trade‑offs while another helps restore security or efficiency.
Buterin argued that AI is not only a cybersecurity threat but could also become part of the solution. He suggested that AI‑assisted coding, combined with formal verification tools, could eventually produce software more secure than what humans alone can currently build. This two‑sided role means the crypto industry must invest in both defensive AI (proving code) and detection AI (finding bugs before attackers do).
No specific exploit has been tied to AI‑driven vulnerability discovery yet. The essay flags the risk as rising with model capabilities. Traders should watch for:
The shift toward verified cores and limited‑permission interfaces could reduce surface area. It also concentrates risk in those cores. For traders, the key question is which protocols will adopt formal verification and which will remain exposed to AI‑driven exploit discovery. The crypto market analysis on AlphaScala tracks which major platforms have announced or are implementing such measures.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.