BlockThreat - Week 10, 2026
Battle tested code keeps on getting hacked, bug hunting is accelerating. The edge now belongs to teams that use AI defensively to prevent vulnerabilities, not just find them later.
Greetings!
More than $3.5M was stolen this week across 9 DeFi incidents. Even codebases once seen as battle tested, like Curve Lend and Uniswap, continue to suffer unexpected exploits. Another batch of ZK exploits and critical vulnerabilities was also disclosed across major projects in the Gnosis, Aave, Yearn, Solana, Cosmos, and other ecosystems. At the same time, I am now tracking more than 50 AI based bug hunting tools and skills, with new ones appearing every week.
It increasingly feels like we are moving toward an Euler scale incident, where advanced bug hunting techniques collide with a rushed update in a high TVL protocol. That is exactly why the conversation around AI in security needs to shift from offense to defense.
The ecosystem has spent the last year fixating on AI as an offensive advantage. The more important question now is how quickly we can strengthen the defensive side. Can AI help move defensive work upstream, from audits and incident response back into architecture, design, and day to day development?
Just as offense can no longer survive without AI, defense is rapidly reaching the same point. Teams that fail to integrate AI deeply into their development and deployment workflows will fall behind. That is where the real leverage is.
This week’s edition includes a broad collection of tools and research to help teams put AI to work on defense right now.