Nov 23, 2025
Assisted Audit of Solana Programs
Yuru Shao, Emanuele Cesena
Multi-agent solution that assists in auditing Solana programs, allows to consolidate audit findings into a knowledge base, and can integrate into CI/CD pipelines to prevent security regressions.
Strengths: This is a rare example of AI and blockchain that truly makes sense together. Scaling security audits for high-value smart contracts is a present problem, and the multi-agent architecture is well-designed for it. The Librarian Agent for cross-program dependency tracking is the highlight. Solana programs constantly interact with external protocols, and vulnerabilities often live in those interaction layers. Building infrastructure that maintains versioned external references and flags upstream changes is genuinely useful. Finding 3 additional vulnerabilities beyond the original audit scope validates the approach.
Suggestions: Coverage is the obvious next step. Six agents based on six audit findings is a (definitely solid) proof of concept. From here, a production system needs broader vulnerability class coverage. The framework is strong; now it needs scale.
Bottom line from a Halcyon Ventures investor: Rather than crypto for crypto's sake, or AI for AI's sake, I really liked this team’s sound usage of intelligent systems for auditing high-financial value smart contracts. The real-world application of securing against financial losses in an increasingly decentralized world came across sharp, sound, and necessary. There was clear first-principles thinking in what the team needed to orchestrate / bring to life in its multi-agent system. The team’s attention to posture management software limitations was honest and accurate: that it historically only focuses on a moment in time/is not dynamic. We need more defensive AI security that understands the unique needs of financial markets (and their future) - well done for pioneering this!
Cite this work
@misc {
title={
(HckPrj) Assisted Audit of Solana Programs
},
author={
Yuru Shao, Emanuele Cesena
},
date={
11/23/25
},
organization={Apart Research},
note={Research submission to the research sprint hosted by Apart.},
howpublished={https://apartresearch.com}
}


