Over the past year, zkSecurity explored whether AI could effectively identify bugs in zero-knowledge circuits and applications, leading to the development of SnarkSentinel, an AI-powered auditing tool. The founders’ curiosity grew from initial reliance on basic prompts to more sophisticated approaches like Retrieval Augmented Generation (RAG) and agent-based querying to streamline bug detection. While SnarkSentinel successfully identified minor bugs and critical issues, it often faced challenges with false positives and misassessments of bug severity. The tool relies heavily on human expertise for effective triaging and understanding findings. A notable success was the discovery of a significant bug in a library that could compromise security. Ultimately, AI is anticipated to enhance the auditing process, especially in low-stakes environments, though serious audits will likely still require human oversight. The evolution of AI raises questions about security dynamics, as both attackers and developers gain access to advanced tools.
Source link
Share
Read more