Dan Ogurtsov

I think this is the best post I've ever made.

🚨Solidity Devs: this FREE AI security tool's been used by 1000+ people and has found tens of Critical/High vulns in real codebases. solidity-auditor v2 is OUT - now with 7 specialized sub-agents on top of v1. Free. Open Source. 1min install. Pls share if you find it valuable🫡

Fallacy - AI tools are finding Critical Severity Vulnerabilities in audits, contests & bug bounties. Humans that built & run these tools are the ones who find the vulnerabilities. Come do this, plus so much more with Pashov Audit Group - we're all about security. Retweet pls🫡

The paper's conclusion: you can align one agent. When multiple agents share a competitive environment with real tools, failures come from architecture and incentives, not jailbreaks. Honestly, we're putting agents into everything right now and it feels like nobody's checking what happens when they all run at once. We should be careful.

When one agent in the study got compromised, it spread bad behavior to other agents. No isolation mechanism stopped it. Now picture a multi-agent DeFi trading stack. That's not one bad trade. It's a cascading failure through every connected position

While preparing for PhD, been going through AI agent security research. Want to share one. "Agents of Chaos." 38 researchers from Northeastern, Stanford, Harvard, MIT gave 6 AI agents real tools: email, Discord, shell access. Then 20 researchers spent two weeks trying to break them.

@thisvishalsingh Seeing this from inside our firm. I guess eveyone will integrate AI into their audit pipelines. Making each auditor more productive, not redundant. The firms that adapt will be fine.

Quiet tension is growing btw audit firms & auditors. Why? • No audit contests → SRs have their own audit shops • AI-SRs & AI tools → audit capacity rising fast* • More protocols building in-house security teams Is the traditional audit-firm model about to get disrupted? 🤔

@PrajwalTomar_ Honestly I can't say people immediately write secure code. But now they're just writing a lot more code a lot faster. Security per line probably got worse. But the speed gain is so massive that the tradeoff still makes sense

Security was always the biggest argument against vibe coding. This year that’s the one thing everyone started improving. Feels like by the end of 2026 vibe coding could become the normal way we build software.

@ant_sabado Faster yes, but flags a ton of noise. You still need a human to tell real bugs from false positives (for now). As a scanner + human review combo though, it's a huge boost

This is the real takeaway from this: AI will discover vulnerabilities faster than humans can audit them. The only sustainable response is provable software. Formal verification and cryptographic proofs will become core security infrastructure.

@TheBlockChainer SafeMath waited patiently

Truebit just lost $26M. The cause? Integer overflow. Not a novel flash loan attack. Not some sophisticated economic exploit. An integer overflow — the same vulnerability class we've known about since Ethereum's early days. The contract was a legacy deployment. Never re-audited after the ecosystem moved to Solidity 0.8, which has built-in overflow protection. It was just sitting there, working fine, until someone decided to look. This is the thing nobody wants to budget for. Re-auditing code that's "already working." It feels like paying twice. But the attacker doesn't care when your contract was deployed. They care whether it's vulnerable. Funds moved through Tornado Cash within hours. Gone.

@RealJohnnyTime Thanks for adding Pashov Skills 🙏

🚨 We just built something the smart contract security space has been missing. AI Skills Explorer — a free tool to browse, compare & copy AI audit skill files. 28 skills. 9 repos. Every single one safety-scanned. Here's why this matters 🧵

Lived in Portugal, and spent a month in Viana do Castelo up north. Incredibly green, ocean right there, almost no crowds - proper Atlantic vibes. It does get a bit gloomy closer to winter, rainier, quieter, life slows down. But that's also kind of the charm. Not for everyone but the north is genuinely one of the most peaceful places I've been in Europe.

@raagulanpathy Come to north of Portugal 😁

@DeanEigenmann @raagulanpathy This. Optimizing for taxes first is how you end up in a place you hate, saving money you can't enjoy.

@raagulanpathy changing your lifestyle for taxes is a beta move

Honestly glad it's not on most people's radar. Keeps it good maybe. Traveled around Malaysia a lot. The food is genuinely world class, not just "good for the price" but actually world class. Safety is very high everywhere. Mix of Malay, Chinese, Indian cultures. And the cost for all of this is almost absurd compared to Singapore next door.

@raagulanpathy No Kuala Lumpur? Plenty of food

@haralabob @raagulanpathy Yeah, the real play is the whole region, not just Monaco. Cote d'Azur to the west, Italian Riviera to the east, Alps behind you. Two countries' food, coastline, and skiing all within an hour drive. Monaco just happens to sit in the middle

@thespacecatjr @raagulanpathy Yeah, it's not boring - I lived there, not boring at all. But I'll say the residency situation has become a mess lately. Rules keep changing, timelines are unpredictable. The country itself is great for living though. Ocean, safety, food, genuinely good quality of life.

@raagulanpathy why is Portugal boring?

@raagulanpathy Solid list. Missing Malaysia though. KL is basically Singapore lite at 1/3 the cost. Food, safety, service, cultural mix. And Portugal isn't boring, it's calm. For anyone with a family that's a feature not a bug.

So my point: Solana/Rust has always been a niche with a premium -fewer experts, higher rates, longer onboarding. Turns out it's the same story for LLMs: fewer training examples, worse benchmarks, more effort to get right. The teams that build good AI tooling specifically for Solana Rust will have a real edge.

But wait, Solidity is also a niche language. Why do LLMs handle it so much better? Because Solidity looks like JavaScript. Curly braces, function keyword, camelCase. LLMs have massive amounts of JavaScript in their training data, so the syntax transfers for free. Rust's ownership model has very little overlap with any high-resource language. Almost nothing transfers directly, that's how I see it.

People say AI coding tools are worse at Rust, and maybe for Solana audits therefore. Decided to check if the data actually backs this up. And yeah, every coding benchmark tells the same story. On hard LeetCode problems, Copilot solves 49% in Python but only 31% in Rust. On real-world GitHub issues, the best agents resolve 52% in Python vs 16% in Rust, and most frameworks show an even wider gap. It gets worse as complexity grows.