Moment of truth: every finding I submitted in @code4rena contests came from a method I built using AI. Over 7 contests my method earned 🥇🥈🥈🥈🥉 with a valid/invalid ratio >1 and multiple solo ands duo High/Medium findings.

For me, it was an experiment in precision. For the industry, it might be a glimpse of what’s next. I’m stepping away for now to focus on my next challenge.

I don’t believe AI will replace top auditors anytime soon. Experts are still ahead. But my experiment convinced me that AI is already competitive with mid‑level auditors, similar to what we’ve seen in many other fields.

Many doubt AI in auditing: “too many FPs”, “only low‑hanging fruit”. Hallucination is inherent LLM noise. It’s real, but manageable. With the right setup, I kept validity above 50% and found multiple H/Ms, including solo and duo findings.

For many security researchers, that will raise the bar. Contests won’t disappear, but the easy wins will. The competition will shift toward deeper, harder‑to‑detect vulnerabilities that demand either expert knowledge or very strong methods.

Contests themselves are also likely to change. As companies roll out AI auditors, many bugs will be caught earlier (during CI/CD or several private AI reviews). By the time code reaches public contests, what’s left will be fewer, harder, and more subtle issues.

That puts a heavy load on judges. I understand how frustrating it must be to carefully review large volumes of noisy reports, often more than 1,000 per contest. In the long run, contest platforms will need to automate more of that triage.

This was a solo effort, focused on precision over volume. Many people are now using AI for auditing. It’s hard to measure . I’d guess that in recent contests, >80% of false positives came from AI. That number is only going to rise.

In total, 34 submissions → 19 valid, 15 invalid. That gave me a valid/invalid ratio above 1, which became the main benchmark I cared about.

I kept going. Across seven contests in C4: 🥇 Gold (Solidity) 🥈 Silver (Solidity) 🥈 Silver (Solidity + Assembly) 🥈 Silver (Rust) 🥉 Bronze (Move) 23rd / 1376 (Solidity) ➖ One Solidity contest with no valid H/M findings

So I set up my method and entered my first security contest. I submitted 4 H/M findings → 3 valid Highs + 1 OOS. That was enough for 🥈 Silver and top gatherer. For a first attempt, the outcome surprised me.

I'm not a security researcher, but my background gave me one advantage: I know how to design ML systems that reduce noise and extract signal. I decided to prove AI could actually compete, without spamming.

A bit of background: I’m a machine learning engineer with a PhD. I work full-time outside security/Web3. I know some Solidity and Rust, but not enough to audit contracts professionally. The trigger was a tweet complaining about “AI spam” in contests.

Six months ago, I gave myself a challenge: build a method around AI and enter @code4rena contests under an anonymous account. No manual auditing. I won’t share the pipeline or tools, but I do want to share what happened.

Happy to land in the top 3 again with a 🥈 at the @MeteoraAG contest on @code4rena! Grateful for the opportunity and huge respect for the fastest judging I’ve ever experienced 🙌 Congrats to all the winners!

Proud to be at the top of the leaderboard for Chainlink Rewards contest🥇 Appreciate @code4rena and @chainlink for the opportunity 💜💙

My Critical finding in @Circuit_DAO competition was so elite it hid itself from the @cantinaxyz UI👻. Still got 4th! 🕵️‍♂️

The results of the $28,000 @BlackholeDEX competitive audit ARE IN! Congratulations to everyone who submitted valid findings, especially to @Hakuna29997288 for their first place finish and three solo findings! It was a pleasure working with the Blackhole team and we commend

Second contest, another silver 🥈. I found a solo Med and got deep into Move. Thanks @CabalVIP and @code4rena for the opportunity. Still working toward a gold 🥇

Just landed 2nd in @code4rena’s Forte: Float128 audit 🥈. Appreciated the brain workout on complex math 🧠💻