"Triage Is the Product": What Ethereum's AI Security Experiment Reveals About the Future of Trust

Two weeks ago, we covered the launch of Akrites, the Linux Foundation coalition built to patch open-source vulnerabilities before AI-powered attackers exploit them. The premise was that AI has collapsed the time between finding a flaw and weaponizing it. This week, the Ethereum Foundation published a field report from the other side of that same problem, and it contains one of the sharpest insights yet into what AI security work actually looks like in practice.

On July 9, the Ethereum Foundation's Protocol Security team disclosed that it has been running coordinated swarms of AI agents against the software Ethereum depends on, the systems software, cryptographic code, and smart contracts that secure hundreds of billions of dollars in value. The agents found real bugs. One is already public: a remotely triggerable panic in libp2p's gossipsub, a core component of the peer-to-peer layer that Ethereum consensus clients run on, now fixed and disclosed as CVE-2026-34219.

But the finding that matters most is not the bug. It is the title of the post: "The triage is the product." And it reframes the entire economics of AI-driven security.

The Counterintuitive Bottleneck

The instinctive worry about AI in cybersecurity is that models will find vulnerabilities faster than anyone can keep up. The Ethereum Foundation's experience complicates that picture in a revealing way.

As the team put it, agents finding bugs was not the surprise. The surprise was how little of the work went into finding them, and how much went into telling the real bugs from the ones that just looked real.

This is the crux. AI agents are extraordinarily good at generating candidate vulnerabilities. They scan entire codebases, propose attack paths, and produce detailed, confident-sounding reports at a volume no human team could match. But detailed does not mean correct. AI-generated findings can read as convincing even when they are wrong, leaving researchers to sift out duplicates, false positives, and vulnerabilities that cannot actually be exploited.

So the bottleneck did not disappear. It moved. As the Foundation put it, AI did not replace the security researcher. It moved the work. The time that once went into forming and chasing hypotheses now goes into judging them at scale, building the verification systems, running triage, maintaining the known-issues list, and handling disclosure.

That relocation of the bottleneck, from discovery to verification, is the single most important operational insight in the report.

How They Structure It

The Ethereum Foundation's setup is a useful template for how serious AI security work is being organized. Rather than pointing one model at a codebase and hoping, they run specialized agents in distinct roles: reconnaissance, hunting, gap-filling, and validation. Some agents search for possible attack paths. Others attempt to reproduce failures and verify whether they hold against production code.

The discipline that makes this trustworthy is a single, uncompromising rule. A candidate is not a finding until there is a self-contained artifact that reproduces the failure against the real code and runs for someone who did not write it. In the team's words, the reproducer does not read the write-up, and it does not care how confident the model sounded. It either runs or it does not.

This is the antidote to AI's most dangerous failure mode in security: plausible fabrication. By forcing every claim to a testable, reproducible proof, the schema strips out the confident-sounding noise and leaves only what actually exploits. An agent that has to produce an observable proof cannot fall back on "this looks risky."

This Is an Industry-Wide Convergence

What makes the Ethereum report credible rather than anecdotal is that other serious teams are independently arriving at the identical conclusion.

Anthropic's Frontier Red Team built an agent that writes property-based tests and found real bugs across the Python ecosystem. Notably, that agent generated roughly a thousand candidate reports, then used ranking and expert review to distill a top tier that held up about 86% of the time. The generation was the easy part. The filtering was the work. Cloudflare ran a frontier model through a security-research harness against its own systems, and its main takeaway was that a narrow scope beats broad scanning.

Everyone lands on the same loop: point a capable model at a codebase, let it search, and then spend the real effort on triage. This convergence across Ethereum, Anthropic, and Cloudflare tells you the pattern is structural, not specific to any one team or model.

There is also a useful caveat the Foundation raises, borrowing security researcher Stanislav Fort's phrase: AI capability in this domain is a "jagged frontier." A model that recovers a full exploit chain on one codebase can fail basic data-flow tracing on another. Capability is real but uneven, which is precisely why the human verification layer remains essential.

The Broader Pattern We Have Been Tracking

This experiment fits directly into the AI-cyber thread running through our coverage all year.

In March, the Claude Mythos leak warned that frontier models could find and exploit vulnerabilities faster than defenders could patch. In May, the UK AI Security Institute confirmed both Claude Mythos and GPT-5.5 had crossed the offensive-cyber threshold. Also in April, a Claude Mythos preview found 271 vulnerabilities in Mozilla's Firefox, and in May, researcher Taylor Hornby used Claude Opus 4.8 to uncover a critical four-year-old counterfeiting flaw in Zcash's Orchard privacy pool, a bug serious enough to crash ZEC 38% on disclosure. In late June, Akrites institutionalized the defensive response.

The Ethereum Foundation's report is the practitioner's-eye view of that same shift. It is what defending critical infrastructure actually looks like when both attackers and defenders have AI. And its central lesson refines the thesis: the advantage does not simply go to whoever has the most capable model. It goes to whoever has the best verification and triage infrastructure to turn a flood of AI-generated candidates into trustworthy, actionable findings.

What This Means for Markets

Three observations for institutional allocators tracking the AI and cybersecurity convergence.

First, the value in AI security is migrating to the verification layer. If generation is becoming cheap and abundant while triage is the scarce, high-judgment work, then the durable value in AI-native security tooling sits in the systems that validate, rank, deduplicate, and reproduce findings, not in the raw scanning capability. This mirrors the governance-infrastructure thesis from our agentic finance brief: as the base capability commoditizes, the defensible margin moves to the layer that makes the capability trustworthy. In security, that layer is triage.

Second, this is a meaningful data point for the defensibility of blockchain infrastructure specifically. One of the persistent institutional concerns about public blockchains is smart contract and protocol risk. The Ethereum Foundation proactively running AI red teams against its own core code, finding and responsibly disclosing real vulnerabilities before attackers do, is exactly the security maturation that institutional capital needs to see. As we have tracked across the tokenization pieces, from Canton to Swift to Securitize, Ethereum's role as the settlement layer for tokenized assets makes the security of its base protocol a systemic concern. This kind of disciplined, AI-augmented security work strengthens that foundation.

Third, the human-in-the-loop requirement is not going away, and that has staffing and cost implications. The narrative that AI will fully automate security is contradicted by every serious practitioner report. AI dramatically expands coverage, but it increases the demand for expert human judgment to evaluate a much larger pile of confident-sounding claims. Organizations budgeting for AI security on the assumption of headcount reduction are misreading the shift. The work is not disappearing. It is moving up the value chain, toward judgment.

The Ethereum Foundation closed with a line that captures the whole moment. The practices that make this work, reproducible failures, real verification, careful triage, are not new. They are the same practices that turned fuzzing from a research curiosity into standard security practice over fifteen years. The tools are new. The practices are not.

For institutional investors, that is the reassuring and clarifying takeaway. AI has not rewritten the rules of security. It has raised the stakes and shifted the bottleneck. The winners, whether protocols, security vendors, or the institutions that depend on them, will be the ones who build the verification discipline to trust what the machines find. In the AI security era, finding the bug was never the hard part. Proving it, and proving it to someone who did not write the claim, is the product.

Related News

Connect With Us

Mission | Models | Marketplaces | Multiples

Connect

DISCLOSURE

NOTICE REGARDING SECURITIES OFFERINGS: Texture Capital deals primarily in unregistered securities. These securities are neither approved nor disapproved by the SEC or any other federal or state agency, nor has any regulatory agency endorsed the accuracy or adequacy of either this communication or any offer or solicitation made to buy or sell the securities. This communication does not represent an offer or solicitation to buy or sell securities. Texture Capital does not make recommendations regarding asset allocation, investment strategy or with respect to purchase or sale of any specific securities. Potential buyers or sellers of any securities made available through Texture Capital’s systems should seek professional advice prior to entering into any transaction or be professionals themselves. Please refer to https://www.texture.capital/risks for important additional risk disclosures. To help you better understand Texture Capital’s services please consult our Form CRS (Customer Relationship Summary), which may can be found at www.texture.capital/crs

Connect With Us

Mission | Models | Marketplaces | Multiples

Connect

DISCLOSURE

NOTICE REGARDING SECURITIES OFFERINGS: Texture Capital deals primarily in unregistered securities. These securities are neither approved nor disapproved by the SEC or any other federal or state agency, nor has any regulatory agency endorsed the accuracy or adequacy of either this communication or any offer or solicitation made to buy or sell the securities. This communication does not represent an offer or solicitation to buy or sell securities. Texture Capital does not make recommendations regarding asset allocation, investment strategy or with respect to purchase or sale of any specific securities. Potential buyers or sellers of any securities made available through Texture Capital’s systems should seek professional advice prior to entering into any transaction or be professionals themselves. Please refer to https://www.texture.capital/risks for important additional risk disclosures. To help you better understand Texture Capital’s services please consult our Form CRS (Customer Relationship Summary), which may can be found at www.texture.capital/crs

Connect With Us

Mission | Models | Marketplaces | Multiples

Connect

DISCLOSURE

NOTICE REGARDING SECURITIES OFFERINGS: Texture Capital deals primarily in unregistered securities. These securities are neither approved nor disapproved by the SEC or any other federal or state agency, nor has any regulatory agency endorsed the accuracy or adequacy of either this communication or any offer or solicitation made to buy or sell the securities. This communication does not represent an offer or solicitation to buy or sell securities. Texture Capital does not make recommendations regarding asset allocation, investment strategy or with respect to purchase or sale of any specific securities. Potential buyers or sellers of any securities made available through Texture Capital’s systems should seek professional advice prior to entering into any transaction or be professionals themselves. Please refer to https://www.texture.capital/risks for important additional risk disclosures. To help you better understand Texture Capital’s services please consult our Form CRS (Customer Relationship Summary), which may can be found at www.texture.capital/crs