<sgp_> Just in case anyone suggests an AI-driven security audit of Monero in the future: magicgrants.org/2026/03/09/AI-Not-Ready-for-Ethereum-Audits

<sgp_> We tried a specialized smart contract auditing AI tool. It made up a bug and suggested introducing the same critical vulnerability to fix it.

<rbrunner7> @sgp_:monero.social: Thanks for the interesting info. But IMHO you won't be able to stop that, using rational arguments and examples where it already went wrong. Somebody will try with Monero. When the bursting of the AI bubble will be nearing, it might be that desperate companies with AI products will even sponsor such work with bounties ...

<sgp_> I know someone will try it (and I can't stop them!) but I'm personally very skeptical of those attempts

<sgp_> I made the post to help explain not only can they be wrong and a waste of time, but they can also actively suggest adding new vulnerabilities lol

<sgp_> I'm not 100% against AI use but it should always be assumed to be wrong

<kiersten5821:matrix.org> why is the version you sent to v12 not the same as the version on github? there is no transferOut function in Router.sol github.com/serai-dex/serai/blob/dev…works/ethereum/contracts/Router.sol > <@sgp_> Just in case anyone suggests an AI-driven security audit of Monero in the future: magicgrants.org/2026/03/09/AI-Not-Ready-for-Ethereum-Audits

<hooftly:matrix.org> Lol

<kiersten5821:matrix.org> you didn't post the version of the code that you sent to v12 anywhere in your blog

<321bob321> Job creation > <@sgp_> Just in case anyone suggests an AI-driven security audit of Monero in the future: magicgrants.org/2026/03/09/AI-Not-Ready-for-Ethereum-Audits

<kiersten5821:matrix.org> actually the contract hasn't been updated in 2 years? Did you send a version of the contract more than two years old to the review?

<sgp_> @kiersten5821:matrix.org: github.com/serai-dex/serai/tree/next-polkadot-sdk

<sgp_> different branch

<sgp_> this is what I specifically connected to V12: github.com/justin-v12-zellic/serai/tree/next-polkadot-sdk

<kiersten5821:matrix.org> @sgp_: thanks, yeah i found it in the commit that was in the trail of bits review as well. though i guess yours is newer as well github.com/serai-dex/serai/blob/194…thereum/router/contracts/Router.sol You should update the blog, it will confuse anyone who tries to verify it

<kiersten5821:matrix.org> it is very confusing to have the default branch without this code, and then just talk about how you sent it, and nowhere did you link to the code you actually sent in the blog

<sgp_> ok: MAGICGrants/MagicGrants.org 5fa64b8

<sgp_> I made a separate GitHub account because to use V12, you need to give it control over the GitHub account that you link

<sgp_> maybe we should have asked qubic for an audit

<kiersten5821:matrix.org> good blog btw, seems factually correct to me. good to keep in mind that very skilled devs heavily filtering ai outputs have gotten large bounties though, best not to dismiss usage outright

<sgp_> for bounty programs submissions are just the AI output without verifying it actually is what AI claims, which makes administering those programs hard. It's essentially free to spam and sometimes difficult to verify, or at least a disproportionate amount of effort to review

<sgp_> and then they argue about not receiving their $100k for a fake issue

<kiersten5821:matrix.org> yes ai spam is a problem, there are multiple teams which have received more than $100k multiple times for ai-discovered bugs they reviewed and filtered though (and they brag that it was ai). it's like complaining that 99.9% of people on twitter are stupid. well you're there to learn from the 0.1%. just need to find better ways to skip the 99.9