By Isaac • July 11, 2026 7:08 pm •
Ethereum’s security team pointed a fleet of AI agents at protocol code and got something more useful than a polished vulnerability report.
It got a real bug, a pile of convincing false alarms, and a hard lesson about where human judgment still earns its keep.
The verified finding was a remotely triggerable crash in Rust libp2p Gossipsub, networking software used in the peer-to-peer layer that Ethereum consensus clients rely on. The affected code had already been patched by the time the Ethereum Foundation published its field notes this week.
No coins were exposed and no attacker gained control of a validator. The risk was availability: under the right conditions, a malicious peer could make an affected
Continue reading
Join the conversation!
Please share your thoughts about this article below. We value your opinions, and would love to see you add to the discussion!