Breakpoint 2025: Security Block: Almanax (Francesco Piccoli)

As the blockchain industry prepares to handle trillions of dollars in assets—from life savings to institutional investments and real-world assets—a New York-based startup is racing to ensure bad actors can't exploit the code that powers this critical infrastructure. At Breakpoint 2025, AlmondX co-founder and CEO Francesco Piccoli announced a groundbreaking collaboration with the Solana Foundation: one full year of free AI-powered security audits for projects building on Solana.

Summary

The announcement comes at a critical time for the blockchain industry. With the rise of "vibe coding"—where AI generates massive amounts of code that developers accept without thorough review—security vulnerabilities are proliferating at an unprecedented rate. Piccoli revealed alarming statistics: companies like Coinbase and Google are now generating 40-50% of their code through AI, while Cursor users alone push a billion lines of AI-accepted code per day.

AlmondX is building what it calls an "AI security engineer"—a system that continuously reviews code, investigates alerts, and helps patch vulnerabilities at scale. Unlike traditional security tools that generate overwhelming noise and false positives (historically around 90% of alerts), AlmondX's system reasons through codebases like a human security engineer would, creating threat models, analyzing invariants, and building function call graphs to navigate complex code architectures.

The timing of this announcement is particularly significant given recent reports from Anthropic documenting how attackers are beginning to use AI in their exploits. Piccoli referenced the Balancer hack, where $120 million was lost, noting hints that attackers may have leveraged AI capabilities. The race between offensive and defensive AI capabilities in cybersecurity is accelerating, with models approaching the abilities of senior security engineers.

Francesco's background investigating some of the largest hacks and exploits in crypto history drove him to create AlmondX out of frustration with the industry's security practices. Many teams either weren't taking security seriously or were shipping code with well-known bugs that could have been caught with proper tooling. Traditional audits remain prohibitively expensive, creating a market gap for continuous, API-accessible security review.

Key Points:

The Vibe Coding Crisis

The blockchain industry faces an unprecedented security challenge as AI-generated code proliferates across development teams worldwide. Piccoli highlighted that major tech companies are now accepting 40-50% of their code from AI systems, with Cursor users alone pushing approximately one billion lines of AI-accepted code daily—and these numbers are only expected to grow.

This explosion of AI-generated code creates a fundamental question: who is checking for bugs or malicious code being injected into production systems? As entire applications and smart contracts are now being "vibe coded," the traditional human review process simply cannot keep pace. Security and engineering teams find themselves drowning in alerts from static analysis tools, often dismissing potential threats as noise due to the sheer volume of notifications they receive.

AI-Powered Attackers and Defensive Necessity

Recent reports from Anthropic have documented concerning developments in offensive AI capabilities. Chinese state-sponsored hackers were caught using AI in large-scale cyber attacks, and Anthropic subsequently demonstrated AI systems capable of exploiting smart contracts deployed on-chain. The $120 million Balancer hack showed potential signs of AI involvement in the exploit.

Piccoli assessed that current AI models are operating at approximately junior security engineer capability, but if trends continue, superhuman abilities in security exploitation are on the horizon. This creates an urgent need for equally powerful defensive tools. AlmondX positions itself as building the best AI tools from a defensive perspective to counter this growing threat landscape, essentially arming development teams with the same AI capabilities that attackers are beginning to weaponize.

How AlmondX's AI Security Engineer Works

AlmondX's system operates by reasoning through codebases the way a human security engineer would, but at machine scale and speed. When initiating a scan—whether on a full repository or within CI/CD pipelines—the system creates a comprehensive threat model of the repository, analyzes invariants, builds an abstract syntax tree, and constructs function call graphs.

These capabilities allow the AI agents to navigate to different parts of the codebase and understand the logic of specific functions, overcoming the challenge of large codebases exceeding typical AI context windows. The system runs continuously in the PR review process, providing 24/7 security coverage that was previously impossible with human-only teams. It also serves as a pre-audit tool, with auditors themselves adopting the platform during their review processes.

Alert Triage and Automated Patching

One of AlmondX's key innovations addresses the overwhelming noise problem in security tooling. With historical data showing that 90% of security alerts are false positives, teams often dismiss genuine threats buried in the noise. AlmondX's system performs automatic triage using full codebase context to prioritize which issues require immediate attention.

Beyond identification and prioritization, the platform can actually patch vulnerabilities at scale. For simpler issues, it patches directly in-line; for more complex problems, it creates draft pull requests. This end-to-end capability—from detection through resolution—represents a significant evolution beyond traditional security tools that simply generate alerts for human engineers to address.

The Solana Foundation Partnership

The collaboration with the Solana Foundation represents a major commitment to ecosystem security. AlmondX has developed specialized capabilities for understanding Solana programs, with context on Anchor and other Solana-specific frameworks. Through this partnership, projects building on Solana will receive one year of free AI-powered security audits.

This initiative recognizes that as Solana becomes critical infrastructure handling potentially trillions of dollars, the protocols built on top of it need access to enterprise-grade security tooling. The partnership aims to democratize access to security capabilities that were previously available only to well-funded teams that could afford expensive traditional audits.

Facts + Figures

• Companies like Coinbase and Google are generating 40-50% of their code through AI systems
• Cursor users push approximately 1 billion lines of AI-accepted code per day
• Historically, 90% of security alerts from traditional tools are false positives
• The Balancer hack resulted in $120 million in losses, with potential AI involvement in the exploit
• AlmondX is providing one year of free audits for Solana projects through the Foundation collaboration
• AlmondX is based in New York with a team of AI and security researchers
• Co-founder Michael previously worked at Coinbase
• The platform works with wallet infrastructure teams including Privy
• Current AI models are estimated to operate at junior security engineer level
• The tool is available at app.almondx.ai for immediate use without sales contact

Top Quotes

• "We're soon going to have trillions of dollars moving on chain from life savings, real-world assets, and institutions building products on Solana. Blockchains are becoming critical infrastructure."

• "We entered this age of vibe coding where literally teams are shipping millions of lines of code a day."

• "Who is checking that there's no bugs? There's no malicious code that is being injected or simply buggy code that is making into production?"

• "What actually gets patched is not the entirety of what gets caught, right? Because there's a lot of noise."

• "Models are getting to abilities of very thoughtful and very senior security engineers. We're not there yet—we're probably at the level of junior security engineer. But if the trend continues, we're soon going to be at superhuman ability."

• "I grew frustrated because a lot of teams were not taking security seriously or they were shipping bugs that were well known and could have been caught."

• "Having an auditor available 24/7 available via API—that was what was needed."

• "90% of the alerts that teams get are false positives. These teams are drowning in noise."

Questions Answered

What is vibe coding and why is it a security concern?

Vibe coding refers to the practice of developers accepting AI-generated code without thorough manual review, essentially coding "by feel" with AI assistance. This has become a significant security concern because companies are now accepting 40-50% of their code from AI systems, with some platforms seeing users push a billion lines of AI-accepted code daily. The problem is that nobody is systematically checking this code for bugs or malicious injections. As entire applications and smart contracts are being vibe coded, the potential for security vulnerabilities to slip into production has increased dramatically.

How does AlmondX's AI security engineer actually work?

AlmondX's system reasons through codebases like a human security engineer would, but at machine scale. When starting a scan, it creates a threat model of the repository, analyzes code invariants, builds an abstract syntax tree, and constructs function call graphs. These capabilities allow AI agents to navigate large codebases and understand function logic despite the limitation of AI context windows. The system runs continuously in CI/CD pipelines and PR review processes, providing automated triage of alerts and even automatic patching of vulnerabilities either in-line or through draft pull requests.

Why are traditional security alerts problematic for development teams?

Traditional security tools generate an overwhelming volume of alerts, with approximately 90% being false positives according to historical data. This creates a situation where security and engineering teams are drowning in noise, making it nearly impossible to effectively triage every alert and pass genuine issues to engineers for patching. Often, teams end up dismissing alerts that might actually be real threats because they can't distinguish signal from noise. This leads to a situation where not all genuine vulnerabilities get patched, creating security gaps.

Are attackers already using AI to exploit blockchain protocols?

Evidence suggests that attackers are beginning to leverage AI in their exploits. Anthropic recently released reports documenting Chinese state-sponsored hackers using AI in large-scale cyber attacks, and separately demonstrated AI systems capable of exploiting smart contracts on-chain. The $120 million Balancer hack showed potential signs of AI involvement. While current AI models operate at approximately junior security engineer level, the trajectory suggests superhuman offensive capabilities may be approaching, making equally powerful defensive tools essential.

How can Solana developers access AlmondX's free security audits?

Through AlmondX's collaboration with the Solana Foundation, projects building on Solana can receive one year of free AI-powered security audits. Developers can access the tool directly at app.almondx.ai without needing to speak with a sales representative. The platform has been specifically trained to understand Solana programs, with context on Anchor and other Solana-specific frameworks. After running an AI audit, teams can also be connected with traditional auditing firms for additional review if needed.

What makes Solana security particularly important right now?

Solana is becoming critical infrastructure that will soon handle trillions of dollars in assets, including life savings, real-world assets, and institutional investments. The protocols built on Solana are therefore also critical infrastructure that needs the best possible defensive security tools. As bad actors develop more sophisticated methods—potentially including AI-assisted exploits—the need for equally capable defensive capabilities becomes urgent. The combination of massive value at stake and increasing attack sophistication makes proactive security investment essential for the ecosystem.