Vitalik's Counter-Argument to the AI Security Doom Take: Verify the Code, Not the Coder

The fashionable take in the cybersecurity community over the past three weeks has been bleak: AI models that can hunt vulnerabilities at machine speed mean that trustless code, as a goal, is finished. Anthropic's Mythos finding decades-old zero-days in OpenBSD and FreeBSD has been Exhibit A. On May 18, Vitalik Buterin posted "A shallow dive into formal verification" as Exhibit B for the opposite position — that the era of AI-readable code is also the era in which mathematical proofs of correctness become economic at scale, and that Ethereum, ZK systems and post-quantum cryptography are the natural first beneficiaries. The essay is the most substantive counter-argument the optimistic camp has put on paper this year.

The argument in one sentence

Vitalik's framing is unusually compact for him: AI gives you the ability to write large volumes of code at the cost of accuracy, and formal verification gives you back the accuracy. The 8,000-word essay unpacks the trade. AI-assisted code generation is, in his telling, the technology that finally makes formal verification — historically a graduate-program luxury — economic at production scale. The same models that write a smart contract in seconds can, with the right tooling, generate the corresponding Lean or Coq proof that the contract behaves the way the developer claims. Humans no longer have to write either the code or the proof. They write the specification: a short, human-readable statement of what the software is supposed to do. The proof system checks the spec against the implementation. Anything outside that check is fair game for review, but the security-critical inner loop is mathematically nailed down.

The reason this is being published now is operational, not philosophical. Two structural facts in the security industry have flipped in the past 12 months. First, AI auditors are now faster than human auditors at the routine pattern-matching part of bug finding, which means the marginal defender hour shifts to verification of the highest-value invariants rather than line-by-line review. Second, Lean's mainstream Web3 audit adoption — together with a wave of automated proof tactics built on top of LLMs — has cut the cost of producing a usable proof for a non-trivial contract from "PhD thesis" to "senior engineer week." Together those two facts make Vitalik's claim defensible rather than aspirational.

The four domains that go first

The essay is most useful when it names the targets. Four domains, listed in roughly descending order of how soon end-to-end verification is realistic.

1. Ethereum's core stack. The EVM, the consensus client, the validator software. Bugs in unverified parts of the stack remain Ethereum's largest technical risk — a fact Vitalik has repeated in tweets stretching back to 2024 and which the recent client-prototype work has only sharpened. Formal verification of the EVM bytecode interpreter, plus the consensus state-transition function, would eliminate the single largest class of catastrophic L1 failure modes. AI-assisted proof generation makes the milestone tractable in 2026 in a way it was not in 2020.

2. Zero-knowledge proof systems. ZK is, perversely, both the most security-critical and the most under-verified part of the modern crypto stack. A circuit bug in a production rollup is undetectable to its users by design — the prover can keep accepting invalid transactions and the verifier will keep approving them until someone notices the state diverges. Formal verification of the constraint system against an intended functional spec is the only credible defense. Several teams (Risc Zero, Succinct, AZTec) are already shipping partial verification stacks for their proving systems. Vitalik's essay is the most public endorsement yet of that work as the new floor for an L2 to claim "stage 2."

3. Post-quantum cryptography. The signature schemes being standardized today will protect digital assets, healthcare records and government infrastructure for the next 20 years. A subtle bug in the implementation of a lattice-based signature would not be discovered by traditional cryptanalysis because the math is sound — the failure is in the code's faithful execution of the math. Formal verification of those implementations is, Vitalik argues, the only acceptable bar before they become consensus-critical.

4. The Signal/TLS layer. The protocols most users have never heard of but everyone uses. Vitalik explicitly cites the X3DH key exchange (Signal's foundation) as an example where end-to-end verification — not just the protocol on paper, but the specific binary running on a user's device — would close the last gap between "secure in theory" and "secure on a phone." This is the closest the essay gets to a normative call to action: post-quantum cryptography and end-to-end-verified consumer crypto should be funded as if they are public goods, because they are.

What he is careful to admit

The most credible part of the post is the section on limits. Four are flagged.

First, "bugs hiding in unverified parts." A theorem only covers what was specified. Anything outside that — a side helper module, an oracle adapter, a wallet UI that signs the wrong domain — remains a regular adversarial target. The implication is that formal verification raises the bar but does not remove the perimeter. The recent THORChain $10.7M cryptographic exploit is a textbook example: the smart contracts were fine; the GG20 TSS signing protocol off-chain was the time bomb. A purely on-chain verification would not have caught it.

Second, "specifications that are wrong." A model can produce a proof that a contract refunds the highest bidder when the auction closes — and the developer can forget to specify what happens when the auction closes on a chain reorg. Specification quality is now the bottleneck. The honest read is that formal verification swaps an implementation-bug surface for a specification-bug surface, and the latter is smaller but not zero.

Third, "side-channel attacks." Timing leaks, power analysis, EM emanations — none of those are visible to a mathematical model of the algorithm. They live in the silicon. Hardware verification is a different and much harder discipline, and Vitalik is honest that no amount of Lean tactics on Solidity will help if the underlying signer is leaking a private key through cache timing.

Fourth, and most fundamentally, the "verified protocol vs running code" gap. A verified protocol on paper does not mean the binary on a user's machine is verified. Closing that gap — from protocol theorem to deployed bytecode to compiled binary to running process — is the open research frontier. It is exactly the territory where Anthropic's Mythos has been finding decades-old vulnerabilities, as we covered in this week's piece on the OpenAI/Anthropic security split.

What this means for builders this quarter

If Vitalik is right, three things change for serious teams over the next six to twelve months.

Audit budgets shift from line-by-line code review to specification engineering. The valuable people on a security team become the ones who can take a 200-page protocol spec and reduce it to a 30-line invariant set that a proof system can chew through. Auditors who can only read Solidity will be commoditized by AI. Auditors who can write Lean and reason about cryptographic invariants will be paid like quants.

Insurance and bridge-risk pricing starts referencing verification status. The cleanest way for an L2 to lower its restaking cost or a bridge to lower its insurance premium is to point to a verified core. The market has lacked that signal until now because verified components were rare. As more ship, the basis between verified and unverified contracts will widen visibly.

And the regulatory conversation around AI-written critical software finally has a defensible answer. "AI wrote it, prove it works" can be more than a slogan if the proof is mechanically checkable. That is the position the EU's AI Act drafters and the UK's AI Safety Institute have been waiting for. Vitalik's essay is, in part, the technical brief the policy community can now point to when the next "ban AI-written critical code" hearing comes around.

What to watch. The first L2 to ship an end-to-end verified prover. The first ZK rollup that names a proof system in its bridge documentation rather than a multisig. The first major Solidity contract to be released with an accompanying Lean proof at deployment, not as a post-hoc audit artifact. Each of those will be a real signal that the optimistic camp won the argument that started this week.

Reviewed by Jason Lee, Founder & Editor-in-Chief, BlockAI News.

Sources

Primary sources

• Vitalik Buterin — "A shallow dive into formal verification" (May 18, 2026)
• crypto.news — Vitalik says AI-assisted formal verification could be 'final form' of software development
• Coinpedia — Vitalik explains how AI could make smart contracts truly secure
• Crypto Times — Buterin says AI-assisted verification may be Ethereum's best defense
• @WuBlockchain — coverage of Vitalik's AI-accelerated Ethereum work (X)
• @VitalikButerin — original 2024 statement on AI-assisted bug finding (X)

How we report: This article cites primary sources, regulatory filings, and on-chain data where available. BlockAI News uses AI tools to assist with research and first-draft generation; every article is reviewed and edited by a human editor before publication. Read our full How We Report page, Editorial Policy, AI Use Policy, and Corrections Policy.