Urbelis said he believes AI could eventually reshape the standard of care around smart contract development. Historically, teams could point to the cost and complexity of audits as the reason why certain reviews were not performed. That argument becomes more difficult when sophisticated security analytics are available on-demand.
“A clean AI report will not be seen as any defense,” he said. “A plaintiff could well argue the opposite: the tool existed, it was cheap, and you should have discovered it.”
The outlook raises broader questions for the industry: If AI-based security reviews become ubiquitous, will investors expect them before funding projects, and could failure to perform AI-assisted audits eventually be considered negligence?
Despite the promise of the technology, none of the researchers said they believe AI is ready to replace human auditors.
While the machines excel at identifying coding flaws, Urbelis said they remain weaker at detecting the economic and incentive-based vulnerabilities that have contributed to some of cryptocurrencies’ biggest losses. “Mistakes that deplete treasuries are often due to intention and conflicting incentives,” he said. “Those still need an experienced human in the room.”
Schwed offered a similar warning. “‘Claude, audit my smart contract, don’t make mistakes’ is not a security program,” he said. “If the person running the tool cannot evaluate what they are getting, they have not bought security, they have acquired a false sense of it.”
