Vitalik Buterin Says AI Can Finally Solve Ethereum's Oldest Security Problem

Vitalik Buterin published a detailed technical argument on May 18 making a case that AI-assisted formal verification is the most credible answer to the growing threat of AI-powered software exploits targeting blockchain infrastructure.

The post, titled “A shallow dive into formal verification,” appeared on vitalik.eth.limo and runs several thousand words. It is not a casual take.

Buterin described formal verification as the practice of writing mathematical proofs about software that a computer can automatically check. The idea is not new. Machine-verifiable proofs have existed for nearly six decades. What is new is that AI can now generate both the code and the proofs, removing the single biggest barrier that kept formal verification out of mainstream software development: the sheer difficulty of writing the proofs by hand.

The Part Every ETH Holder Should Read

For a retail ETH holder, the practical argument is this. Smart contracts sitting on Ethereum are immutable once deployed. When a bug exists in one, the money inside does not freeze. It drains. Often to addresses controlled by organized groups with no interest in returning it.

Buterin named the threat directly, writing that bugs in smart contract code become more dangerous when zero-knowledge proofs are layered on top, because if the ZK system is compromised, funds can be extracted with no visible trace of what broke.

“Many people have claimed that with AI-assisted bug finding, secure code will be impossible. I have a much more optimistic take, and AI-assisted formal verification is a major part of the reason why.”

As Vitalik Buterin posted on X on May 18, 2026, linking to the full essay.

The optimism is conditional, though. Buterin was careful to separate what formal verification actually proves from what people assume it proves. Provable correctness, he wrote, does not prove software is correct in the way most humans understand the word. It proves that multiple different expressions of a developer’s intent are compatible with each other. That distinction matters.

Cryptographer Nadim Kobeissi documented multiple failures in formally-verified software as recently as November 2025, including a bug in libcrux-ml-dsa that produced different outputs on different hardware platforms despite identical inputs. The flaw sat in code that had not been fully proved. That is the recurring pattern Buterin acknowledged: partial verification, where the unverified sections turn out to be the dangerous ones.

Ethereum’s Own Codebase Is Already Being Put Through This

The essay pointed to active projects applying formal verification inside Ethereum’s development stack. Arklib is building a formally verified implementation of STARK proof systems. The evm-asm project is writing EVM bytecode directly in RISC-V assembly, then formally proving its correctness against a readable Lean implementation. Buterin described these as the frontier of what he called Ethereum’s most technically demanding work: quantum-resistant signatures, STARK provers, consensus algorithms, and ZK-EVMs.

Researcher Yoichi Hirai, whose work Buterin cited in the essay, has described this approach as “the final form of software development.” The reasoning is that AI generates efficient low-level code while formal proofs verify it, removing the tradeoff that previously forced developers to choose between speed and readability.

On-chain data tracked at the time of publication shows Ethereum holding over $45 billion in total value locked across DeFi protocols, per DefiLlama figures for May 2026. Every dollar of that sits inside code that could, in theory, carry an undetected flaw.

Mozilla Made the Same Argument From a Different Industry

Buterin did not limit his case to blockchain. He cited Mozilla’s own security work as parallel evidence that defenders can close ground on attackers. Mozilla’s team concluded that software defects are finite and that the industry is entering a period where they can all be found. Buterin quoted their statement directly: the organization said it had turned a corner and could see a future that was better than simply keeping up with threats.

The analogy holds particularly for Ethereum because both systems involve code that millions of people rely on with no simple rollback option if something breaks.

Buterin’s broader argument frames formal verification not as a replacement for other security practices but as an accelerant of a trend already underway. Type systems, memory-safe languages, sandboxing, and better testing have been quietly reducing critical vulnerability rates for decades. Formal verification, now assisted by AI, pushes that same curve further and faster.

The remaining weakness, as Buterin described it, is side-channel attacks. Mathematical proofs verify what code does logically. They do not prevent an attacker from reading electrical fluctuations off hardware to extract a private key after observing enough encryption operations. Differential power analysis, a well-documented class of such attacks, sits outside the boundary of what any formal proof can currently cover.

That is the condition under which Buterin’s optimistic thesis would fail to hold fully. The secure core he describes can be mathematically sound and still leak information through the physical layer beneath it.