A security-focused AI simply earned a quarter-million {dollars} for locating a bug that human auditors missed. No human designed the exploit. No human guided the evaluation. The machine did it alone.
Grego AI, a startup based in 2024, introduced that its multi-agent system autonomously recognized a vital vulnerability in a significant blockchain protocol. The flaw might have enabled a $27.7M theft. The affected challenge responded by awarding a $250,000 bug bounty, which Grego AI says is the most important ever paid for a vulnerability found solely by synthetic intelligence with out human intervention in exploit design.
How the system truly works
Grego AI calls its strategy “Deep Invariant Evaluation.” The system ingests a protocol’s full codebase, builds dependency maps throughout the whole structure, then deploys sandboxed brokers that synthesize and take a look at potential exploits. The brokers analyze greater than seven layers of dependencies, attempting to find assault paths that conventional auditing strategies may overlook.
The sandbox factor is vital. Relatively than probing stay protocols and risking precise injury, the system creates remoted environments the place it will probably try exploits safely. When an agent finds one thing promising, it generates a proof-of-concept exploit to confirm the vulnerability is actual and quantifiable.
A monitor file of discovering what people missed
Grego AI has reported vital vulnerabilities throughout a number of high-profile ecosystems, together with Ethereum and Chainlink. These are protocols which have undergone a number of rounds {of professional} auditing by high safety companies.
Grego AI presently holds the primary rating amongst AI safety instruments on each Immunefi and Hackenproof, the 2 most distinguished bug bounty platforms in crypto. That rating is predicated on profitable submissions and measured affect, not self-reported metrics.
The startup was based by a famend bug bounty hunter and a arithmetic prodigy, in response to the corporate’s public profile. It counts Guillermo Rauch, the CEO of Vercel, amongst its backers.
Why this issues past the bounty
A $250,000 bounty sounds beneficiant till you evaluate it to the $27.7M that was in danger. That’s roughly a 110x return on the bounty funding for the protocol.
