Web3 Leader Spotlight: David Fernandez
This week, we caught up with David Fernandez, Head of Developer Relations at TestMachine.ai, a real-time testing and auditing platform that delivers smart contract audits at lightning speed with unparalleled security in a zero configuration environment. David provides valuable insights on AI based smart contract security solutions, how they work and their potential future and threats.
How does an AI-based smart contract security solution differ from traditional manual auditing methods, and what advantages does it offer?
An AI-based smart contract security solution distinguishes itself from traditional manual auditing methods primarily in terms of speed and long-term effectiveness. While manual auditors face limitations in terms of time and resources when scrutinising smart contracts, AI-based solutions can conduct thorough evaluations by swiftly traversing through thousands of potential vulnerabilities based off Large Language Models (LLMs).
Most bugs tend to be found on cross chain dApps. AI-based solutions excel in identifying bugs that commonly emerge within cross-chain decentralised applications (dApps). They often present unique challenges for manual auditors due to the complexity and interdependencies involved. However, LLMs can navigate through the intricate web of cross-chain interactions and thoroughly scrutinise the smart contracts involved, making them particularly adept at pinpointing vulnerabilities in such scenarios.
Additionally, the continuous learning and adaptability of AI-based solutions ensure their effectiveness in mitigating emerging security threats.
Can you explain how AI algorithms are trained to analyse and detect potential vulnerabilities or malicious behaviour in smart contracts?
AI algorithms are trained through a systematic process that involves creating a specialised space or environment for these algorithms to operate within. In this environment, various parameters are incorporated to provide guidance to the AI agents, indicating the rewards they should strive to obtain. These rewards can take different forms, such as ERC20 tokens or NFTs however the possibilities extend beyond these examples.
By immersing the algorithms in a rich and diverse range of smart contracts, they become familiar with the intricacies of smart contract code and gain a deeper understanding of the underlying patterns and structures.
Through this iterative training process, the algorithm is able to identify patterns in vulnerabilities and is therefore able to highlight weaknesses and early warnings to developers and auditors.
Looking ahead, what developments or advancements do you foresee in the field of AI for smart contract security, and what should be the plan to stay at the forefront of these innovations?
One of the key areas where significant advancements are expected is in the speed and accuracy of AI-based smart contract security solutions.
The pace of progress is anticipated to far surpass expectations, and embracing these innovations will be crucial for developers and companies aiming to maintain a competitive edge in the market. Remaining resistant to change in this rapidly evolving landscape can prove detrimental to their success.
Are there any ethical considerations or potential biases associated with AI-based smart contract security systems?
Bad actors using AI would be very dangerous for the crypto space. Advanced AI could potentially amplify the impact of malicious activities and introduce new sophisticated attack vectors.
Bad actors can use these algorithms to exploit vulnerabilities in smart contracts with greater sophistication. AI algorithms can analyse large volumes of data and rapidly identify weaknesses, enabling attackers to target and exploit smart contracts more effectively. This could result in financial losses, theft of digital assets, or disruption of dApps running on blockchain networks.
As far as other dangers are concerned, it’s too early to speculate. But I’m not a doomsday person.
