Vitalik Buterin, one of the creators of Ethereum, recently explained how using artificial intelligence to formally verify code could significantly improve software security. This idea challenges the increasing concern among cybersecurity experts about whether secure, trustworthy systems can withstand increasingly sophisticated attacks powered by AI.
Vitalik Buterin believes that despite concerns AI bug-finding tools could make truly secure code unattainable, he’s hopeful. He sees AI-powered formal verification as a key reason for his optimism.
What Formal Verification Actually Is
Formal verification involves using math to prove that code works correctly, and computers can automatically check these proofs. Instead of just testing software for bugs, developers create mathematical guarantees that the code will always behave as expected, no matter the circumstances.
Some believe that AI-powered bug detection will make it impossible to write truly secure code, and therefore, to build systems we can fully trust. However, I’m more hopeful, and I think AI-assisted formal verification offers a key solution.
— vitalik.eth (@VitalikButerin) May 18, 2026
Although the underlying technology has been around for a long time, it hasn’t been widely used because creating these proofs manually is incredibly challenging and takes a lot of effort. Vitalik Buterin believes AI fundamentally changes this. AI can now both write the software code and create the necessary proofs, leaving humans to simply check that the code does what it’s supposed to.
He referred to this approach as the ultimate stage of software development, a term coined by researcher Yoichi Hirai.
Why It Matters for Ethereum
Vitalik Buterin highlighted how formal verification is being used to improve Ethereum’s development. This includes projects like quantum-resistant signatures, STARK proofs, consensus algorithms, and ZK-EVMs. While the code behind these projects is very complicated, their security goals are clearly defined, making formal verification a good fit.
New projects are focusing on making complex systems more trustworthy through rigorous mathematical proof. For example, Arklib is developing a STARK implementation with complete formal verification. Another project, evm-asm, is creating a fully verified Ethereum Virtual Machine (EVM) using RISC-V assembly, ensuring it behaves as expected. Even the core logic behind secure, distributed systems – known as Byzantine fault-tolerant consensus – is now being formally defined and mathematically checked using tools like Lean.
The key takeaway is that, unlike systems that rely on trial-and-error testing, these systems can be proven to work correctly using math, offering guaranteed results instead of just probabilities.
The Limits He Acknowledges
Vitalik Buterin was cautious not to exaggerate the benefits of formal verification. While powerful, it’s not foolproof. Proofs can only cover certain parts of a system, leaving potential bugs hidden elsewhere. Developers might overlook important details when creating the specifications, or the specifications themselves could be flawed. Furthermore, even perfectly correct software can be vulnerable to hardware issues like side-channel attacks.
Simply proving software is ‘correct’ through formal methods isn’t the same as ensuring it truly works as people expect, according to one expert. Instead, formal verification lets developers describe what they want the software to do in several different ways, then automatically checks if all those descriptions agree with each other.
The Broader Vision
Vitalik Buterin envisions a future where software is divided into two parts. A less secure outer layer would manage everyday tasks with limited access, keeping things safe by isolating them. A highly secure inner layer would protect the most important functions – like Ethereum, operating systems, and crucial connected devices – ensuring their stability and security.
The most sensitive part of the system is intentionally kept minimal and rigorously checked using formal verification methods. Artificial intelligence provides the necessary processing power to make this thorough verification feasible on a large scale. This doesn’t mean the software is bug-free, but it does mean its most important parts can be relied upon with mathematical certainty, not just optimism.
He finished by saying that those protecting systems now have a real opportunity to gain a clear advantage, pointing to Mozilla’s success in strengthening its software to defend against attacks using artificial intelligence.
Read More
- Re:Zero Season 4, Episode 6 Release Date & Time
- How to Get the Wunderbarrage in Totenreich (BO7 Zombies)
- NTE Drift Guide (& Best Car Mods for Drifting)
- How to Beat Turbines in ARC Raiders
- All Aswang Evidence & Weaknesses in Phasmophobia
- How to Get Necrolei Cyst & Strong Acid in Subnautica 2
- Diablo 4 Best Loot Filter Codes
- Conduit Crystal Location In Subnautica 2
- Best Where Winds Meet Character Customization Codes
- How to Craft Repair Tools in Subnautica 2
2026-05-19 04:24