Everyone's arguing about whether AI replaces security audits. We stopped arguing and ran it: one codebase, three layers, and we tracked what each one actually caught. AuditAgent (our AI scanner, runs while you build) and AgentArena (independent agents competing to break the same code) cleared the high-frequency stuff early. The bugs that show up in codebase after codebase, gone before anyone senior opened the repo. So by the time our auditors started, the easy surface was clean. They spent their time on the bugs you can't pattern-match. Things like an external call that ran before the check meant to authorize it. Design-specific, the kind you only find by reasoning through the whole system. Both camps in this fight are only half right: AI doesn't shrink the audit, it tells the audit where to look. And the audit finds what no scanner ever will. You don't pick one. You run them in order.

Most AI scanners start every run from zero. AuditAgent now keeps a per-project memory. Each scan builds on what it already learned about your codebase, so repeat runs get sharper instead of repeating themselves.

A ZK circuit can do exactly what it's supposed to and the system around it still gets drained. The risk lives in what the protocol assumes the proof means. Michael Belegris on the bugs our ZK audit team keeps finding: nethermind.io/blog/zk-circui…

Uniswap ran a free AuditAgent scan, an AgentArena competition on UniswapX, and adopted the AuditAgent Business Plan in three months. Cody Born, Principal Engineer at @Uniswap, on what AuditAgent changed in their development workflow:

Auditors aren't QA. When the first days of an engagement go to integration bugs the team would catch on testnet, that's time off the review. When pass one goes to dead code and common vulnerability patterns, that's time not spent on bugs only auditors can find.

Full guide on audit prep from @0xKalzak: nethermind.io/blog/you-think…

Auditing ERC-7540 vaults is different from auditing ERC-4626. Settlement happens in a different block than the request. Bugs in the gap can leave users mispriced, locked out of exits, or settled into the wrong cycle. Standard audit playbooks miss them.

The work covered pending-state accounting transitions, NAV update timing during synchronous deposits, and economic edge cases at feature interactions. The most consequential issues became reachable only when new features layered onto existing ones.

Every pending transaction in the mempool is a statement of intent. Bots read it before it settles and front-run what's worth front-running. The contract calls 𝘈𝘔𝘔.𝘴𝘸𝘢𝘱(𝘵𝘰𝘬𝘦𝘯𝘐𝘯, 𝘢𝘮𝘰𝘶𝘯𝘵𝘐𝘯, 𝟘). That zero is 100% slippage tolerance. A frontrunner inflates the price, lets the swap settle, sells back at profit. A 10,000 USDC trade returns 1 ETH instead of 5. 𝘳𝘦𝘲𝘶𝘪𝘳𝘦(𝘢𝘤𝘵𝘶𝘢𝘭𝘈𝘮𝘰𝘶𝘯𝘵𝘖𝘶𝘵 >= 𝘮𝘪𝘯𝘈𝘮𝘰𝘶𝘯𝘵𝘖𝘶𝘵) lets the user set their worst acceptable price. If a bot moves the price outside that range, the swap reverts. The attacker burns gas for nothing. The mempool stays public. Defense lives in the code, or it doesn't exist.