Ethereum co-founder Vitalik Buterin has addressed growing worries that AI-driven bug detection could overwhelm developers and lead to perpetual vulnerabilities on blockchain platforms. He believes that in the near future, AI might actually bolster the security of cryptocurrency systems. Buterin posits that AI-assisted formal verification could serve as a formidable defense against security breaches within crypto and internet infrastructures. This verification method involves creating mathematical proofs for software that can be automatically verified by computers, rather than relying solely on human reviewers. While this concept has existed for decades, it has failed to gain traction due to the labor-intensive nature of generating proofs manually. Buterin contends that AI has transformed this landscape, enabling developers to rely on AI to generate both code and the necessary proofs, thus simplifying the verification process. He cites potential scenarios where advanced AI models could autonomously detect bugs in existing code and reflects on the implications for systems where a single defect could lead to significant losses for users. He explains that comprehensive formal verification allows developers to mathematically verify that a piece of code functions as intended, thereby ensuring that a powerful AI scanning for flaws examines code already validated for errors. Buterin also highlights particular Ethereum projects, such as Arklib, which is developing a fully formally verified STARK implementation, and evm-asm, which focuses on an EVM constructed in low-level RISC-V assembly, validated against a human-readable reference. Discussing suitable AI models for this task, he identifies Claude and Deepseek 4 Pro as effective for crafting Lean proofs, while also mentioning Leanstral, a smaller open-weight model specifically fine-tuned for Lean, which demonstrates superior performance in formal verification tasks. Nevertheless, Buterin acknowledges the limitations of formal verification, pointing out historical failures such as bugs within verified compilers and incomplete code assurances. He emphasizes that formal verification should not replace all security practices but should be considered a powerful tool in the ongoing effort to reduce coding errors. This context is especially relevant as Buterin’s commentary emerges amidst a turbulent period for the crypto industry, which recently experienced a major exploit resulting in the loss of over $76 million from the Echo Protocol’s cross-chain bridge, alongside attacks on THORChain and the Verus-Ethereum Bridge.
