Urbelis said he believes AI could eventually reshape standards of care around the development of smart contracts. Historically, teams could cite the cost and complexity of audits as a reason for not completing certain reviews. This argument becomes more difficult when sophisticated security analytics are available on demand.
“A clean report on AI will not be considered any defense,” he said. “A plaintiff could very well argue the opposite: the tool existed, it was cheap, and you should have grabbed it.”
This prospect raises broader questions for the industry: If AI-based security reviews become ubiquitous, will investors expect them before funding projects, and could failure to conduct AI-assisted audits eventually be considered negligence?
Despite the technology’s promise, neither researcher said they believe AI is close to replacing human listeners.
Although the machines excel at identifying coding flaws, Urbelis said they remain weaker at detecting the economic and incentive vulnerabilities that have contributed to some of crypto’s biggest losses. “Cash-draining bugs often rely on conflicting intentions and incentives,” he said. “Those still need an experienced human in the room.”
Schwed issued a similar warning. “’Claude, audit my smart contract, don’t make any mistakes’ is not a security program,” he said. “If the person running the tool can’t assess what comes out of it, you haven’t bought security, you’ve bought a false sense of it.”
