Ethereum co-founder Vitalik Buterin has outlined an optimistic vision for the future of cybersecurity in blockchain and beyond. He argues that combining artificial intelligence with formal verification techniques could decisively tilt the balance toward defenders in an era of increasingly powerful AI-driven attacks.
In his May 18 blog post “A shallow dive into formal verification”, Buterin explains how developers can write code, even in low-level formats like EVM bytecode or assembly, and then mathematically prove its correctness using machine-checkable proofs in languages like Lean. AI tools can significantly speed this up by generating both highly optimized code and the corresponding proofs. According to him, humans will mainly need to focus on ensuring that the high-level specifications truly reflect their intended goals.
Many people have claimed that with AI-assisted bug finding, secure code (and hence trustless anything) will be impossible.
I have a much more optimistic take, and AI-assisted formal verification is a major part of the reason why:https://t.co/0ceMBZ6uqj
— vitalik.eth (@VitalikButerin) May 18, 2026
The Rising Importance of Formal Verification
Formal verification itself is not new and has roots dating back decades. It involves expressing properties of a program as mathematical theorems and using tools like Lean to automatically check proofs of those theorems. Buterin uses a simple Fibonacci parity example to illustrate the concept before diving into complex real-world applications.
The breakthrough, he argues, comes from AI’s ability to handle the tedious and unintuitive work of writing detailed proofs at scale. This approach is particularly powerful for cryptographic and consensus systems where the desired security properties are relatively straightforward compared to the intricate implementations.
Key Ethereum-relevant areas highlighted include:
- Quantum-resistant signatures
- STARK proof systems and ZK-EVMs
- Consensus algorithms
- EVM implementations (e.g., efforts like evm-asm in RISC-V)
Projects such as Arklib are advancing verified STARK implementations, while Lean-based efforts are formalizing broader Ethereum components. Buterin references Yoichi Hirai’s description of this paradigm as the “final form of software development,” capable of producing highly efficient yet provably correct code.
Countering the AI Bug-Finding Threat
Buterin’s post directly addresses growing pessimism in cybersecurity circles. As AI tools improve at discovering zero-days and exploits, some fear that trustless systems like smart contracts, where bugs can lead to irreversible financial losses, become untenable.
Many people have claimed that with AI-assisted bug finding, secure code (and hence trustless anything) will be impossible. I have a much more optimistic take, and AI-assisted formal verification is a major part of the reason why,” Buterin wrote in an accompanying post on X.
He counters this by noting that AI can serve defenders just as effectively. Combined with formal methods, it enables exhaustive verification of critical “secure core” components, while less sensitive “edge” functions run in sandboxes with limited privileges. This layered architecture, he suggests, could create a defense-favoring equilibrium. Similar ideas are already influencing the development of AI-powered crypto wallets designed to improve automation, security, and user protection across blockchain ecosystems.
He cites Mozilla’s work on hardening code against AI-assisted attacks, quoting their view that “defenders finally have a chance to win, decisively” and that “the defects are finite.”
Not a Silver Bullet: Acknowledging the Limits
True to his analytical style, Buterin is candid about the limitations. Formal verification does not guarantee perfect real-world security. Potential pitfalls include:
- Incomplete specifications (proving the wrong properties)
- Bugs in the verifier or underlying hardware (side-channel attacks)
- Gaps between the verified core and unverified surrounding systems
“Provable correctness does not prove that software is correct in the way most human beings understand correctness,” he notes. The goal is redundancy and minimizing the gap between intent and behavior, not absolute perfection.
Industry Context and Reactions
This vision aligns with ongoing Ethereum roadmap efforts toward greater security and efficiency. Buterin has also been increasingly vocal about the broader societal risks and governance challenges surrounding artificial intelligence, particularly after his high-profile support for organizations focused on long-term AI safety and policy research.
Competitor coverage has summarized the post effectively but often focused narrowly on Ethereum security implications or bullet-point takeaways. This piece aims to capture the deeper philosophical and technical nuance Buterin provides, from Lean proof examples to the broader cypherpunk implications for trustlessness in the AI age.
What’s next? Buterin and collaborators continue pushing these techniques in Ethereum’s frontier research. If successful, AI-assisted formal verification could not only secure smart contracts but reshape how critical software is built across the industry, making “trustless” more than a marketing term.
