An artificial intelligence driven security audit has uncovered a high severity vulnerability in software used to run the Ethereum blockchain, highlighting both the growing role of AI in cybersecurity and the rising stakes of protecting critical crypto infrastructure.

Octane Security, an AI focused crypto security firm, said its proprietary system identified a serious flaw in Nethermind, one of the main Ethereum execution clients. Nethermind is used by close to 40 percent of Ethereum validators, making it a critical component of the network’s infrastructure. The issue was patched before it could be exploited, according to the firm.

Validators are responsible for proposing and confirming new blocks on Ethereum. If a large portion of them were disrupted, the network’s liveness and availability could be affected. Octane said the bug could have been triggered by a malformed transaction, potentially causing validators running Nethermind to miss block proposals for as long as the malicious transaction remained in the pool. Such disruption would have led to missed rewards, inactivity penalties and temporary degradation in network performance.

The vulnerability was discovered during a security contest organized ahead of a major Ethereum upgrade. Octane collaborated with an independent security researcher to review issues flagged by its AI system. The team submitted 17 potential vulnerabilities, 16 of which were ultimately fixed by client developers. Nine were categorized as severe, and several were considered unique findings.

The Ethereum Foundation’s bug bounty program awarded Octane a financial reward for reporting the Nethermind issue. The incident marks one of the clearest demonstrations so far of AI assisted vulnerability research operating at scale in a live blockchain environment.

The development comes amid broader debate about artificial intelligence in software engineering. In recent months, AI generated code has been both praised for accelerating development and criticized after high profile bugs led to financial losses in decentralized finance protocols. Some industry observers have warned that over reliance on automated coding tools could increase systemic risk if vulnerabilities slip through traditional review processes.

At the same time, security firms argue that AI can dramatically shorten the time required to identify and validate complex bugs. By generating and testing multiple exploit hypotheses simultaneously, AI systems can scan large codebases more efficiently than manual review alone.

For Ethereum and other public blockchains, the stakes are significant. Execution clients like Nethermind form part of the decentralized backbone that keeps networks operational. As adoption grows and more capital flows into decentralized applications, the ability to proactively identify critical vulnerabilities may become a defining factor in maintaining trust and resilience.

The episode underscores a shifting security landscape in which AI is increasingly deployed not only to build software but also to defend it.