Breakpoint 2023: Leveraging AI To Bolster Smart Contract Security

Summary

Chris Wong of the security research firm SEC3 addressed the potential of generative AI in improving blockchain security at Breakpoint 2023. Despite being a relatively new concept, SEC3 is pioneering the integration of AI to address the vulnerabilities inherent in the blockchain smart contracts. Wong elaborates on the current limitations of traditional heuristic-based security methods and how AI, particularly large language models, could bring a transformative change in recognizing and reacting to complex and novel security threats. This discussion underscores the ongoing efforts and the challenges faced, providing a glimpse into the future of cybersecurity in blockchain as it stands in 2023.

Key Points

SEC3's Vision and Current Capabilities

SEC3 is a security research firm known for its comprehensive audit and monitoring services across various blockchain technologies, with Solana being the primary blockchain platform they support. Beyond traditional audits, they are focused on developing software products to enhance all stages of a decentralized finance (DeFi) lifecycle. Despite having retired their initial vulnerability scanner, Soteria, they have developed a more expansive platform, Axe Ray, that performs advanced vulnerability scans through GitHub actions or direct uploads. Additionally, SEC3 is building Watchtower, an on-chain transaction security monitor, indicating their strong focus on automated and real-time security solutions.

The Role of Generative AI In Blockchain Security

The generative AI models that SEC3 is exploring could potentially overcome limitations associated with human-based heuristic security methods. By using large language models pre-trained on blockchain data, generative AI has the potential to discover complex patterns and detect security threats that have not been previously encountered. Wong mentioned a specific initiative, SOL LLM, which is a large language model trained to handle blockchain-related tasks. AI in blockchain security could become a game changer due to its prowess in summarizing rules, analogical reasoning, and generalization of data.

The Challenges of Developing AI-Enhanced Security

Although generative AI offers significant promise for smart contract security, Wong outlined several challenges. Data preparation, an essential step to train the AI, is difficult and resource-intensive. The process includes parsing blockchain transactions into a format that is meaningful for training AI models. Tokenization is another hurdle that involves creating a dictionary for AI models to understand transaction data. Balancing the size of this vocabulary without losing essential information is critical. Moreover, ensuring that the training of models develops the desired analytical and reasoning intelligence requires thoughtful calibration.

Facts + Figures

• SEC3 has shifted from simple tools like Soteria to more advanced systems like Axe Ray and Watchtower.
• Generative AI can assist in summarizing complex rules and in analogical reasoning.
• The company has released an open-source model, SOL LLM, which is a small large language model with 100 million parameters.
• SOL LLM has demonstrated a 95% accuracy rate in identifying MEV transactions within a specific data set.
• Current metrics for a new data set show a 70% accuracy rate with an 8% false-positive rate for detecting malicious transactions.
• SEC3 received a Solana Foundation grant to parse all historical transactions on the blockchain.
• The firm is continuously iterating its models to improve performance and applicability.

Top quotes

• "I'm from SEC3, a security research firm."
• "Our goal is for every step of a DFS lifecycle, hopefully that we'll have a software product to feature needs."
• "It's certainly a hot and pretty big topic. I'm certainly humbled by that topic."
• "Generative AI can be helpful in blockchain security space, especially as software gets more complicated and more advanced."
• "We built a very simple command line based vulnerability scan called Soteria."
• "We're in the process of doing that. I wish I can tell everybody that we have a ready product. We don't have yet."

Questions Answered

What is SEC3 and its role in blockchain?

SEC3 is a security research firm that specializes in blockchain security. They provide a range of services from audits to developing software products to secure every step of the decentralized finance lifecycle, with notable projects including Axe Ray and Watchtower.

Why is generative AI relevant to blockchain security?

Generative AI is relevant because it can interpret and analyze blockchain data beyond what human-heuristic methods can achieve. With its potential for summarizing intricate rules and analogical reasoning, generative AI might identify security threats never seen before and thus significantly enhance blockchain security.

What are the current challenges in integrating AI into blockchain security?

Incorporating AI into blockchain security faces challenges like data preparation, creating appropriate tokenization strategies, and ensuring that the AI models are effectively trained to develop desired analytical capabilities and intelligence.

What is the SOL LLM and its function?

SOL LLM is an open-source large language model developed by SEC3 that is tailored specifically for blockchain-related tasks. Its purpose is to analyze and understand blockchain transactions to help identify potential security threats.

How proficient is the AI currently in detecting malicious transactions?

As of the most recent update provided by Chris Wong, the AI they developed shows promising but imperfect results, with a 70% success rate in identifying malicious transactions in a new data set and an 8% false-positive rate. The development is ongoing, and accuracy is expected to improve with further iterations.