{"id":75234,"date":"2026-07-10T21:01:38","date_gmt":"2026-07-10T21:01:38","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/heres-what-they-actually-found\/"},"modified":"2026-07-10T21:01:38","modified_gmt":"2026-07-10T21:01:38","slug":"heres-what-they-actually-found","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/heres-what-they-actually-found\/","title":{"rendered":"Here&#8217;s What They Actually Found"},"content":{"rendered":"<p><b>(Originally posted on : Bitcoin News )<\/b><br \/>\n<\/p>\n<div>\n<div class=\"@container mb-[25px] rounded-sm overflow-clip py-0.5 pr-0.5 pl-2.5 bg-success-100\">\n<div class=\"flex flex-col gap-m overflow-clip rounded-[6px] !bg-success-10 p-3 @[420px]:p-m\">\n<h2 class=\"m-0 flex items-center gap-s text-[19px] !text-[#1c1c1c] md:text-[20px]\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"16\" height=\"10\" viewbox=\"0 0 16 10\" fill=\"none\" class=\"shrink-0 text-success-100\" aria-hidden=\"true\"><path d=\"M1 1.5h14\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><path d=\"M1 8.5h10\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><\/svg><span>Key Takeaways<\/span><\/h2>\n<ul class=\"m-0 flex list-none flex-col gap-m pl-0\">\n<li class=\"m-0 flex items-start gap-s !text-[#434248]\"><span class=\"mt-2 size-2 shrink-0 rounded-full bg-success-100\" aria-hidden=\"true\"\/><span class=\"text-body\">Ethereum Foundation AI agents uncovered CVE-2026-34219, a remotely-triggerable bug in libp2p\u2019s gossipsub.<\/span><\/li>\n<li class=\"m-0 flex items-start gap-s !text-[#434248]\"><span class=\"mt-2 size-2 shrink-0 rounded-full bg-success-100\" aria-hidden=\"true\"\/><span class=\"text-body\">One agent produced about 1,000 candidate findings, with 86% of top-tier picks surviving expert review.<\/span><\/li>\n<li class=\"m-0 flex items-start gap-s !text-[#434248]\"><span class=\"mt-2 size-2 shrink-0 rounded-full bg-success-100\" aria-hidden=\"true\"\/><span class=\"text-body\">The foundation said July 9 that triage, not bug-finding, is the bottleneck; human validation stays essential.<\/span><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<h2>A Lot of Misdiagnosis<\/h2>\n<p>The experiment was detailed in a <a href=\"https:\/\/blog.ethereum.org\/2026\/07\/09\/triage-is-the-product\" target=\"_blank\" rel=\"noopener noreferrer\">blog post published<\/a> July 9 by Nikos Baxevanis of the foundation\u2019s protocol security team, under a title that doubled as the firm\u2019s thesis, i.e. \u201cThe triage is the product.\u201d The findings drew wide attention as the most flagged issues turned out to be false positives (even though there were real bugs in the mix).<\/p>\n<figure id=\"attachment_830004\" aria-describedby=\"caption-attachment-830004\" style=\"width:1280px\" class=\"wp-caption aligncenter\"><figcaption id=\"caption-attachment-830004\" class=\"wp-caption-text\">Ethereum Foundation blog detailing the false positives encountered from its recent tests.<\/figcaption><\/figure>\n<p>The headline discovery is real enough, as the agents helped surface a remotely-triggerable panic in gossipsub, part of the libp2p peer-to-peer networking layer that Ethereum consensus clients run on. The flaw was fixed and disclosed as CVE-2026-34219 (the kind of bug that, if found first by an attacker, could have been used to disrupt <a href=\"http:\/\/www.bitcoin.com\/get-started\/what-is-a-bitcoin-node\/\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">nodes<\/a> across the network).<\/p>\n<h2>Finding Bugs Was the Easy Part<\/h2>\n<p>The surprise, the foundation wrote, was not that AI agents could find bugs but \u201chow little of the work went into finding them, and how much went into telling the real bugs from the ones that just looked real.\u201d<\/p>\n<p>The team catalogued the recurring shapes of those imposters, \u00e0 la crashes that only occur in debug builds and never in production, reproducers that rely on unreachable internal values no attacker could actually supply, and formal-verification proofs that are technically true but so unconstrained they demonstrate nothing.<\/p>\n<p>The foundation\u2019s answer was a hard evidentiary standard it summarized as \u201creproducible or it didn\u2019t happen.\u201d To elaborate, every candidate finding is henceforth required to ship with a self-contained artifact that reproduces the failure against the actual code, independent of how confident the reporting agent claims to be.<\/p>\n<p>Agents, in this context, can be viewed as hypothesis generators (search tools, not decision-makers) organized into recon, hunting, gap-filling, and validation stages, with humans making the final call.<\/p>\n<h2>The Numbers Behind the Hype<\/h2>\n<p>The post also offered a rare benchmark for how well the current generation of tools performs. A property-based testing agent generated roughly 1,000 candidate findings, and after expert review, about 86% of its top-tier recommendations survived scrutiny (strong for a machine, but a rate that still demands a human filter before anything touches production code).<\/p>\n<p>The tools are clearly finding real vulnerabilities in critical infrastructure, thereby undermining the dismissal that AI-generated bug reports are pure noise. Yet the workload has not disappeared but simply moved downstream to triage, where experienced engineers separate signal from simulation. For a network securing hundreds of billions of dollars in value, that filter is important.<\/p>\n<p>The foundation is now pushing the work forward rather than treating it as a one-off. Its Ecosystem Support Program, for instance, is funding a dedicated grant round for AI-powered protocol security, covering research, auditing, and vulnerability detection.<\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/news.bitcoin.com\/ethereum-foundation-ai-agents-bugs-triage\/\">Source link <\/a><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Originally posted on : Bitcoin News ) Key Takeaways Ethereum Foundation AI agents uncovered CVE-2026-34219, a remotely-triggerable bug in libp2p\u2019s gossipsub. One agent produced about 1,000 candidate findings, with 86% of top-tier picks surviving expert review. The foundation said July 9 that triage, not bug-finding, is the bottleneck; human validation stays essential. A Lot of [&hellip;]<\/p>\n","protected":false},"author":3947362404,"featured_media":75235,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[32],"tags":[],"_links":{"self":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/75234"}],"collection":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/users\/3947362404"}],"replies":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/comments?post=75234"}],"version-history":[{"count":0,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/75234\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media\/75235"}],"wp:attachment":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media?parent=75234"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/categories?post=75234"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/tags?post=75234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}