Why AI Auditing Exists

The State of Smart Contract Security

In 2024 alone, over $1.7 billion was lost to smart contract exploits. Manual audits are the gold standard, but they are slow (weeks to months), expensive ($50K+), and limited by human capacity. The demand for audits far exceeds the supply of qualified auditors.

AI does not replace manual auditing. It augments it. An AI auditor can scan a codebase in minutes, flagging patterns that match known vulnerability classes. It is tireless, consistent, and can be run as many times as needed. But it has blind spots: novel attack vectors, complex business logic, and cross-contract interactions that require human reasoning.

What AI Adds

• Speed: Full codebase scan in minutes, not weeks
• Consistency: Same checks every time, no fatigue, no missed patterns
• Pattern matching: 10,000+ known exploit patterns from Solodit, DeFiHackLabs, Immunefi
• Coverage: Every function, every modifier, every state variable analyzed
• Iteration: Run, review results, update prompts, run again. Continuous improvement.

What AI Misses

• Novel attacks: If it has never seen the pattern, it cannot detect it
• Business logic: "Is this fee structure economically sound?" requires domain expertise
• Cross-contract reasoning: Multi-step attacks across protocol boundaries
• Intent: "Was this design choice intentional or a mistake?"
• Context: Understanding the broader protocol ecosystem and its dependencies

The Landscape: 27+ Tools and Growing

The AI auditing space has exploded. As of 2026, there are 27+ open source tools and 25+ commercial products. They fall into 7 architectural patterns:

1. Single-Pass Skills (Pashov, SCV-Scan): One prompt, one scan. Fast but noisy.
2. Multi-Phase Pipelines (Krait, SolidityGuard): Recon, detect, verify, report. Better precision.
3. Multi-Agent Systems (SC-Auditor, Plamen): Specialized agents working in parallel.
4. Iterative Convergence (Nemesis): Two approaches feed each other until convergence.
5. Tool-Augmented Hybrids (SC-Auditor, Weasel): AI + Slither + Aderyn + fuzzers.
6. Operator-Augmenting (Grimoire): AI amplifies human expertise.
7. Prevention-First (OZ Skills, Safe Solana): Security rules before code is written.

In this module, you will build your own tool by choosing which patterns to combine.

The #1 Problem: False Positives

Every AI auditing tool struggles with false positives. A tool that reports 50 "vulnerabilities" where 45 are wrong is worse than useless. It wastes time, erodes trust, and buries the 5 real findings in noise.

The best tools in the space have solved this differently:

• Krait uses 8 kill gates (100% precision across 50 blind contests)
• SC-Auditor uses a Devil's Advocate protocol (proof-or-demote)
• QuillShield uses Bayesian confidence scoring
• Plamen uses PoC verification (if you cannot prove it, it does not count)

You will choose your own verification approach in Step 7.

Throughout this module, your skill file will always be .claude/skills/security-scan.md, invoked with /security-scan. You will iteratively improve this single file.

What You Will Build

By the end of this module, you will have a working Claude Code security skill that:

1. Understands a codebase before hunting bugs (reconnaissance)
2. Detects vulnerabilities using your chosen strategy
3. Filters false positives using your chosen verification approach
4. Produces structured output (compatible with the AI Auditor Arena)
5. Can be benchmarked against real Code4rena contests

Every step provides ready-to-copy prompts. You run them in your IDE. You paste the output to verify it works. At the end, you test against a real codebase and submit to the AI Auditor Arena.

In the next step, you will create your first Claude Code skill and run it against a test contract.