Tool Claims

Verified findings, competition placements, and preventable vulnerabilities over time

Limitations of This Data

This data is useful for comparing tools, but should not be used to conclude any tool "prevents hacks" without independent evaluation.

What "Verified" Means

A finding is considered "verified" if it meets ANY of these criteria:

Note: "Verified" does NOT mean independently reproduced by us. We rely on public sources.

13
Tools with Real-World Findings
35
Real-World Findings
$2.5M
Claimed Value Protected
$7K
AI Prize Earnings (vs Humans)
7
V12 Pre-Audit Contests
$440K
Pre-Audit Contest Prize Pools
10
AI vs Human Contests
891
Bot Race Entries

AI vs Human Auditors

Raw Data

AI tools competing directly against human auditors in standard audit competitions. This is the most meaningful comparison for AI auditor capabilities. Lower placement is better (1 = winner).

AI vs Human Contest Results

Raw Data

Complete list of AI tool placements competing against human auditors.

Date Tool Platform Contest Place Notes Source
2025-10-06 almanax Code4rena Hybra Finance #69 / 82 Decentralized liquidity layer for Hyperliquid Link
2025-09-15 almanax Code4rena Succinct SP1 #6 / 12 RISC-V based ZK virtual machine Link
2025-08-15 almanax Cantina Citrea #4 / 479 First ZK rollup on Bitcoin Link
2025-08-15 maxzuvex Code4rena Meteora Dynamic Bonding Curve #2 Rust - AI method by ML engineer Link
2025-07-23 almanax Code4rena GTE Spot CLOB #62 / 72 World's fastest DEX Link
2025-06-15 maxzuvex Code4rena Chainlink Rewards #1 Solidity - 🥇 Gold - AI method by ML engineer Link
2025-06-01 savant Sherlock Symbiotic Relay #6 / 39 1 finding: Operator's stake ignored on re-registration due to stale state Link
2025-05-15 maxzuvex Code4rena Blackhole #3 Move - AI method by ML engineer Link
2025-04-15 maxzuvex Code4rena Forte Float128 Solidity Library #2 Solidity - AI method by ML engineer Link
2025-04-15 maxzuvex Code4rena Cabal Liquid Staking Token #2 Solidity + Assembly - AI method by ML engineer Link

AI Auditor Statistics (Self-Reported)

Note: These statistics are self-reported by vendors from their blogs, press releases, and GitHub repositories. They have not been independently verified. "Audits" may include different scopes and methodologies across tools.

Publicly available metrics from AI auditor tools as of December 2025. Only AI-specific results are shown.

Tool Company Audits/Scans Findings Detection Rate Source
V12 Zellic 7 pre-audits 39 - Blog
AuditAgent Nethermind 29 analyzed - 30-50% recall
42-43% H/C		 Blog
Octane Octane Security 15+ clients 217+ - Press
Sherlock AI Sherlock - - - Website
Certora Prover Certora - - - Website
The Hound Independent (B. Mueller) 1 research eval 10 33.3% Blog
AgentLISA NTU-backed 1 contest 3 90% OWASP Blog
Savant.chat Novel Codes DMCC 1 contest 1 - Sherlock
Almanax Almanax 4 contests - - Website
ZeroCool Independent 1 audit 15 - Report

H/C = High/Critical severity. OWASP = Smart Contract Top 10 detection rate. "-" = no public AI-specific data available.

Parent Company Audit Volumes (Human + AI Combined)

These are total company audit counts, not AI-specific metrics.

Company Total Audits Published Source
Zellic 345+ GitHub
Nethermind 155+ GitHub
Certora 130+ GitHub
Sherlock 250+ contests Website

Client Testimonials

Raw Data
Note: These testimonials are collected from public sources (Twitter/X, blog posts, audit reports). They represent individual opinions and experiences, not independent evaluations.

Public feedback from teams and auditors who have used AI auditing tools.

Date Tool Quote Source Organization Link
2025-12-02 savant "Savant report is really, really good — and without false positives" e330acid @e330acid Lido Source
2025-11-18 zerocool "The audit report is indistinguishable from one produced by a human auditor - if anything, it surpasses the quality of many reports I've seen" Artem Chystiakov @Arvolear Solarity (Distributed Lab) Source
2025-07-01 savant "Our friends @savantchat built a multi-agent AI system to find vulnerabilities fast - with high reliability and much lower costs. This kind of new development is helping 1inch scale at speed." 1inch @1inch 1inch Source
2025-04-07 octane "Leveraging Octane helped us uncover several missed bugs and speed up our development cycles. Truly a must for crypto-first teams." Will Kantaros Decent Source
2025-01-01 octane "Integrating Octane into our workflow gave us real-time insight into how our code behaves as it evolves. It caught complex issues early and helped us maintain the security standards we expect without slowing development." Anonymous Client Octane Client Source
2025-01-01 octane "We're very impressed with the findings from Octane. Octane catches potential issues very early on in the development process, long before code touches an auditor. Hats off to the team." Anonymous Client Octane Client Source
2025-01-01 sherlock-ai "We've tried many different AI audit tools, and none come even close to Sherlock AI. It combines best-in-class AI models with easy to use UX and Github integration." Anonymous User Sherlock User Source
2024-01-01 v12 "The Zellic team was a joy to work with. Their auditors moved fast, were able to quickly dive into the details of a large and complex codebase, and it was clear they had a real focus on real security over security theater." Anonymous Client Zellic Client Source
2024-01-01 v12 "Zellic is an incredible and fast moving auditing team — on top of extremely timely, technical, and precise responses when asked, they also have found extremely unique and detailed obscure bugs down to the level of the Solidity quirks." Anonymous Client Zellic Client Source
2024-01-01 ityfuzz "FuzzLand's cutting-edge fuzzing solution represents an advancement in smart contract security. Its capacity to effectively identify vulnerabilities within intricate environments establishes a new benchmark for Web3 security." Investor Seed Round Investor Source
2022-01-01 certora "Certora's technology helped to cover security on decentralized Aave Protocol, essentially finding vulnerabilities that are usually difficult to find in manual code reviews and audits. When building mission-critical software such as financial technology, Certora is a must." Stani Kulechov @StaniKulechov Aave Source
2022-01-01 certora "The Certora prover plays an important role in our overall safety strategy by providing an accessible way to quickly iterate on formal specifications and determine the correctness of bytecode." Kurt Barry MakerDAO Source
2020-07-01 echidna "Echidna has been used in more than 10 large paid security audits, and feedback from those audits has driven the features and user experience of Echidna." Trail of Bits @trailofbits Trail of Bits Source

V12 Pre-Audit Filter (Code4rena)

Raw Data
How V12 Pre-Audit Works: Zellic (which owns Code4rena) runs V12 on all contest codebases before human wardens compete. All V12 findings are marked as "out-of-scope" - wardens cannot submit these issues for prizes. This filters out AI-detectable vulnerabilities, incentivizing wardens to find more sophisticated bugs.

Code4rena contests where V12 provided pre-audit filtering. Prize pool shows total contest value, not V12 earnings (V12 doesn't compete for prizes).

Date Contest Prize Pool Findings Source
2025-12-10 Ekubo $184K V12 pre-audit: 5 Low (out-of-scope for wardens) Report
2025-12-08 Garden $38K V12 pre-audit: 1 High (out-of-scope for wardens) Report
2025-12-05 SukukFi $40K V12 pre-audit: 1 High 1 Medium 18 Low 5 QA (out-of-scope for wardens) Report
2025-11-17 Sequence $73K V12 pre-audit: 5 Low (out-of-scope for wardens) Report
2025-11-13 Megapot $30K V12 pre-audit: 14 Low (out-of-scope for wardens) Report
2025-11-03 Covenant $43K V12 pre-audit: 4 Low 76 QA (out-of-scope for wardens) Report
2025-10-16 Hybra Finance $33K V12 pre-audit: 7 High 3 Medium 23 Low (out-of-scope for wardens) Report
Total $440K 7 contests filtered

Real-World Findings Over Time

Raw Data

Bugs found in production code before exploitation. Each tool has its own line. Hover over data points to see specific findings.

Cumulative Value Protected Over Time

Raw Data

Dollar value of real-world vulnerabilities discovered over time (excludes backtesting).

Real-World Findings Timeline

Raw Data

Bugs found in production code before exploitation, in chronological order.

2020-03-30
echidna
0x Protocol order cancellation bugs
Source
2021-11-21
certora
SushiSwap Trident pool drain vulnerability
Source
2022-06-15
certora
MakerDAO Fundamental Equation bug (4 years undetected)
Source
2022-11-08
certora
Aave 28 bugs prevented (1 critical, 2 high)
Source
2023-03-30
foundry-fuzz
Beanstalk Wells invariant violation (HIGH)
Source
2023-07-13
ityfuzz
$500K+ in exploitable assets across 21 vulnerable projects
$500K
Source
2024-09-25
v12
6 Cantina competitions: 2 High, 2 Medium, 4 Low, 9 Info
Source
2024-10-13
the-hound
Smart contract vulnerability detection via LLM agents
Source
2025-01-15
agentlisa
Code4rena Virtuals Protocol: 1 High-risk, 2 Medium-risk vulnerabilities
Source
2025-04-07
octane
Refund calculation bug in Decent (post-2 audits)
Source
2025-04-07
octane
Inflatable token vault price oracle exploit in Decent
Source
2025-06-01
savant
#6 out of 39 in Sherlock Symbiotic Relay (1 finding: Operator's stake ignored on re-registration due to stale state)
Source
2025-06-02
octane
Sophon/Covenant partnership - AI code security
Source
2025-07-23
almanax
#62 in Code4rena GTE Spot CLOB (out of 72)
Source
2025-07-24
octane
ScorePlay - sports prediction platform security
Source
2025-07-29
octane
Avalanche integration: 217 findings flagged
Source
2025-08-15
almanax
#4 in Cantina Citrea (out of 479 auditors)
Source
2025-09-10
octane
Plume RWA finance partnership
Source
2025-09-15
almanax
#6 in Code4rena Succinct SP1 (out of 12, $4128 prize)
$4K
Source
2025-09-26
octane
Circle USDC security partnership
Source
2025-10-01
sherlock-ai
$2M withdrawal bug in lending protocol (pre-launch)
$2.0M
Source
2025-10-01
nethermind-auditagent
30% recall rate across 29 internal audits
Source
2025-10-02
octane
Ostium CI/CD integration
Source
2025-10-06
almanax
#69 in Code4rena Hybra Finance (out of 82)
Source
2025-10-16
v12
Code4rena Hybra Finance pre-audit: 7 High, 3 Medium, 23 Low
Source
2025-11-03
v12
Code4rena Covenant pre-audit: 4 Low, 76 QA
Source
2025-11-11
octane
Superform continuous protection
Source
2025-11-13
v12
Code4rena Megapot pre-audit: 14 Low
Source
2025-11-14
nethermind-auditagent
Immunefi Audit Competition findings (1 High, 2 Medium confirmed)
Source
2025-11-17
v12
Code4rena Sequence pre-audit: 5 Low
Source
2025-11-18
zerocool
Solarity solidity-lib audit: 2 Critical, 4 High, 1 Medium, 6 Low, 2 Info (15 total)
Source
2025-12-05
v12
Code4rena SukukFi pre-audit: 1 High, 1 Medium, 18 Low, 5 QA
Source
2025-12-08
octane
Immunefi Audit Competition findings (2 High, 1 Low confirmed)
Source
2025-12-08
v12
Code4rena Garden pre-audit: 1 High
Source
2025-12-10
v12
Code4rena Ekubo pre-audit: 5 Low
Source

Backtesting Results

Raw Data
Important context: Backtesting runs tools against code that was already exploited or has known vulnerabilities. While useful for benchmarking, these results do NOT demonstrate ability to find unknown bugs in production code. Finding a bug after knowing it exists is fundamentally different from finding it before an exploit occurs.

Results from running tools against historically exploited contracts or known vulnerable code.

2025-12-08
savant
Yearn Finance yETH exploit root cause reproduced ($9M hack)
Reproduced vulnerability that allowed minting 235 septillion yETH from 16 wei deposit due to cached virtual balance bug
Source
2025-11-21
savant
Bunni V2 exploit root cause reproduced ($8.4M hack)
Rounding-direction bug in withdrawal logic allowed attacker to withdraw more tokens than intended
Source
2025-11-07
savant
Balancer V2 exploit root cause reproduced ($128M hack)
Rounding-direction bug in _upscale function affecting EXACT_OUT swaps in Composable Stable Pools
Source
2025-10-01
nethermind-auditagent
ResupplyFi exchange rate miscalculation
$9.8M hack (Jun 27, 2025) - would have been caught if run beforehand
Source
2025-09-25
v12
$5M integer overflow bug (USDT stolen)
Missed by multiple past audits - retroactive analysis
Source
2025-09-25
v12
$335K transient memory misuse
Missed in protocol audit - retroactive analysis
Source
2025-02-27
agentlisa
5 high-severity audit contest projects (XLaunch, QAMarketplace, PauserRegistry, etc.)
All targeted high-severity vulnerabilities detected
Source
2025-02-27
agentlisa
OWASP Top 10 vulnerability detection
Superior or equivalent coverage across all ten vulnerability types
Source
2025-01-15
the-hound
Code4rena SecondSwap: 10 true positives (1 High, 7 Medium)
33.3% detection rate under strict matching, estimated top 15-25 out of 294
Source
2023-07-13
ityfuzz
126 vulnerabilities in large real-world projects
Echidna found 0, Mythril found 9 on same projects
Source
2023-07-13
ityfuzz
109 exploits generated from 200 historical hacks
No manual effort or prior knowledge required
Source
2021-12-16
slither
SushiSwap MISO msg.value reuse ($350M saved)
Source
2019-07-03
slither
Edgeware Lockdrop DoS bug ($900M at risk)
Source
2017-11-08
mythril
Parity Wallet SELFDESTRUCT ($280M frozen)
Source
Bot Race Results (Bot vs Bot) - Discontinued Source [Click to expand]
Important context: Bot races primarily test pattern-matching on known vulnerability types (gas optimizations, common Solidity pitfalls). Winning bot races does NOT indicate ability to find the complex logic bugs that cause major exploits like Euler ($197M), Mango ($114M), or Ronin ($624M). These results should not be used to evaluate real-world audit effectiveness.

Code4rena bot races (Apr 2023 – Mar 2024, now discontinued) where automated tools competed against each other. Showing top 10 bots by wins.

Recent Bot Race Results

Showing latest 50 of 891 total entries. Raw Data

Date Tool Platform Contest Place Notes Source
2024-03-14 pechenkata Code4rena Coinbase #1 / 18 Bot race winner (tier: Winner) Link
2024-03-14 selucreh Code4rena Coinbase #2 / 18 Bot race (tier: A) Link
2024-03-14 znbotty Code4rena Coinbase #3 / 18 Bot race (tier: A) Link
2024-03-14 outis Code4rena Coinbase #4 / 18 Bot race (tier: A) Link
2024-03-14 vuln-detector Code4rena Coinbase #5 / 18 Bot race (tier: A) Link
2024-03-14 hound Code4rena Coinbase #6 / 18 Bot race (tier: A) Link
2024-03-14 solidinspect Code4rena Coinbase #7 / 18 Bot race (tier: A) Link
2024-03-14 mrshudson Code4rena Coinbase #8 / 18 Bot race (tier: A) Link
2024-03-14 henry Code4rena Coinbase #9 / 18 Bot race (tier: A) Link
2024-03-14 tragedyotcommons Code4rena Coinbase #10 / 18 Bot race (tier: A) Link
2024-03-14 tera Code4rena Coinbase #11 / 18 Bot race (tier: A) Link
2024-03-14 cygnet Code4rena Coinbase #12 / 18 Bot race (tier: A) Link
2024-03-14 ubl4nk-bot Code4rena Coinbase #13 / 18 Bot race (tier: A) Link
2024-03-14 lightchaser Code4rena Coinbase #14 / 18 Bot race (tier: A) Link
2024-03-14 baudit Code4rena Coinbase #15 / 18 Bot race (tier: B) Link
2024-03-14 dervish Code4rena Coinbase #16 / 18 Bot race (tier: B) Link
2024-03-14 auditbase Code4rena Coinbase #17 / 18 Bot race (tier: B) Link
2024-03-14 dragonfly Code4rena Coinbase #18 / 18 Bot race (tier: B) Link
2024-03-04 cygnet Code4rena PoolTogether #1 / 17 Bot race winner (tier: Winner) Link
2024-03-04 mrshudson Code4rena PoolTogether #2 / 17 Bot race (tier: A) Link
2024-03-04 lightchaser Code4rena PoolTogether #3 / 17 Bot race (tier: A) Link
2024-03-04 vuln-detector Code4rena PoolTogether #4 / 17 Bot race (tier: A) Link
2024-03-04 tragedyotcommons Code4rena PoolTogether #5 / 17 Bot race (tier: A) Link
2024-03-04 hound Code4rena PoolTogether #6 / 17 Bot race (tier: A) Link
2024-03-04 ubl4nk-bot Code4rena PoolTogether #7 / 17 Bot race (tier: A) Link
2024-03-04 znbotty Code4rena PoolTogether #8 / 17 Bot race (tier: A) Link
2024-03-04 selucreh Code4rena PoolTogether #9 / 17 Bot race (tier: A) Link
2024-03-04 tera Code4rena PoolTogether #10 / 17 Bot race (tier: A) Link
2024-03-04 henry Code4rena PoolTogether #11 / 17 Bot race (tier: A) Link
2024-03-04 auditbase Code4rena PoolTogether #12 / 17 Bot race (tier: A) Link
2024-03-04 the-madaladinator Code4rena PoolTogether #13 / 17 Bot race (tier: A) Link
2024-03-04 dragonfly Code4rena PoolTogether #14 / 17 Bot race (tier: B) Link
2024-03-04 solidinspect Code4rena PoolTogether #15 / 17 Bot race (tier: B) Link
2024-03-04 baudit Code4rena PoolTogether #16 / 17 Bot race (tier: B) Link
2024-03-04 dervish Code4rena PoolTogether #17 / 17 Bot race (tier: C) Link
2024-03-04 hound Code4rena Revert Lend #1 / 19 Bot race winner (tier: Winner) Link
2024-03-04 the-madaladinator Code4rena Revert Lend #2 / 19 Bot race (tier: A) Link
2024-03-04 henry Code4rena Revert Lend #3 / 19 Bot race (tier: A) Link
2024-03-04 cygnet Code4rena Revert Lend #4 / 19 Bot race (tier: B) Link
2024-03-04 pechenkata Code4rena Revert Lend #5 / 19 Bot race (tier: B) Link
2024-03-04 tragedyotcommons Code4rena Revert Lend #6 / 19 Bot race (tier: B) Link
2024-03-04 ubl4nk-bot Code4rena Revert Lend #7 / 19 Bot race (tier: C) Link
2024-03-04 dervish Code4rena Revert Lend #8 / 19 Bot race (tier: C) Link
2024-03-04 mrshudson Code4rena Revert Lend #9 / 19 Bot race (tier: C) Link
2024-03-04 outis Code4rena Revert Lend #10 / 19 Bot race (tier: C) Link
2024-03-04 baudit Code4rena Revert Lend #11 / 19 Bot race (tier: C) Link
2024-03-04 solidinspect Code4rena Revert Lend #12 / 19 Bot race (tier: C) Link
2024-03-04 tera Code4rena Revert Lend #13 / 19 Bot race (tier: C) Link
2024-03-04 selucreh Code4rena Revert Lend #14 / 19 Bot race (tier: C) Link
2024-03-04 lightchaser Code4rena Revert Lend #15 / 19 Bot race (tier: C) Link
... and 841 more entries