The era of manually grep-ing through 10,000 lines of Solidity is over. In 2026, AI-powered auditing tools have gone from "nice experiment" to "how did we live without this?" — but most teams are still using them wrong.
After running AI-assisted audits on 40+ DeFi protocols this year, here's the brutal truth: AI doesn't replace auditors. It replaces the 80% of audit time spent on boilerplate checks — freeing humans for the creative, protocol-specific logic bugs that actually drain millions.
This guide shows you how to build a practical MCP-based security pipeline that combines static analysis, AI reasoning, and human review into something that actually catches bugs.
The Problem with Current Audit Workflows
Traditional smart contract audits follow a painful pattern:
- Manual review — 2-4 weeks of line-by-line reading
- Static analysis — Run Slither, get 200 findings, 180 are false positives
- Dynamic testing — Write fuzz tests for the obvious stuff
- Report — Compile findings, argue about severity
The bottleneck isn't any single step — it's the context switching between them. An auditor reads a function, runs Slither on it, writes a test, goes back to reading. Each tool speaks a different language. Nothing shares context.
MCP (Model Context Protocol) fixes this by letting AI orchestrate all these tools through a unified interface.
Architecture: The MCP Security Pipeline
Here's the pipeline I use in production:
┌─────────────────────────────────────────────┐
│ AI Orchestrator │
│ (Claude / GPT-4 via MCP) │
├─────────────┬───────────┬───────────────────┤
│ Slither │ Aderyn │ Foundry Fuzz │
│ MCP Server │ MCP Srv │ MCP Server │
├─────────────┼───────────┼───────────────────┤
│ Mythril │ Custom │ On-chain Data │
│ MCP Server │ Detectors│ (Tenderly/Forta) │
└─────────────┴───────────┴───────────────────┘
The AI doesn't just run these tools — it reasons about the results, cross-references findings across tools, and generates targeted follow-up tests.
Step 1: Setting Up Aderyn MCP Server
Aderyn's MCP server is the easiest entry point. It wraps Cyfrin's Rust-based static analyzer and exposes it as tool calls:
# Install Aderyn
curl -L https://raw.githubusercontent.com/Cyfrin/aderyn/dev/cyfrinup/install | bash
cyfrinup
# Install the MCP server
npm install -g @cyfrin/aderyn-mcp-server
# Configure in your MCP client (claude_desktop_config.json)
cat > ~/.config/claude/claude_desktop_config.json << 'EOF'
{
"mcpServers": {
"aderyn": {
"command": "aderyn-mcp-server",
"args": ["--project-root", "/path/to/your/project"]
}
}
}
EOF
Now your AI can call Aderyn directly:
AI: "Analyze the VaultManager.sol contract for high-severity issues"
→ Aderyn scans → Returns structured findings
→ AI: "Finding #3 (centralization risk in setFee) looks like it could
be combined with Finding #7 (missing access control on withdraw).
Let me write a PoC..."
Step 2: Building a Custom Slither MCP Wrapper
Slither doesn't have an official MCP server yet, but building one takes ~50 lines of Python:
#!/usr/bin/env python3
"""Slither MCP Server — Expose Slither analysis as MCP tools."""
import json
import subprocess
from mcp.server import Server
from mcp.types import Tool, TextContent
app = Server("slither-security")
@app.tool("analyze_contract")
async def analyze_contract(file_path: str, detectors: str = "all"):
"""Run Slither static analysis on a Solidity file."""
cmd = [
"slither", file_path,
"--json", "-",
"--detect", detectors,
"--exclude-informational",
"--exclude-optimization"
]
result = subprocess.run(cmd, capture_output=True, text=True, timeout=120)
findings = json.loads(result.stdout) if result.stdout else {}
detectors_hit = findings.get("results", {}).get("detectors", [])
critical = [d for d in detectors_hit if d["impact"] == "High"]
medium = [d for d in detectors_hit if d["impact"] == "Medium"]
return TextContent(
text=json.dumps({
"critical_count": len(critical),
"medium_count": len(medium),
"total": len(detectors_hit),
"critical_findings": critical[:10],
"medium_findings": medium[:10]
}, indent=2)
)
@app.tool("check_reentrancy")
async def check_reentrancy(file_path: str):
"""Focused reentrancy analysis with call graph."""
cmd = [
"slither", file_path,
"--json", "-",
"--detect", "reentrancy-eth,reentrancy-no-eth,reentrancy-benign",
"--print", "call-graph"
]
result = subprocess.run(cmd, capture_output=True, text=True, timeout=120)
return TextContent(text=result.stdout or "No reentrancy issues detected")
if __name__ == "__main__":
app.run()
Step 3: The AI Orchestration Strategy
The secret sauce isn't the tools — it's how the AI uses them. Here's the workflow:
- Run Aderyn first (fast, catches common patterns)
- Run Slither with focused detectors based on contract type:
- DEX → reentrancy, price manipulation, sandwich
- Lending → oracle, liquidation, interest rate
- Vault → inflation attack, share calculation, withdrawal
- Cross-reference: If Tool A finds X and Tool B finds Y, check if X+Y creates a compound vulnerability
- For each High finding, write a Foundry PoC test
- Classify false positives with reasoning
Step 4: Foundry Integration for Auto-PoC
When the AI finds a suspicious pattern, it automatically generates and runs a proof of concept:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import "forge-std/Test.sol";
// AI-generated PoC template for vault share inflation
contract VaultInflationPoC is Test {
IVault vault;
IERC20 token;
function setUp() public {
vm.createSelectFork("mainnet", 19_500_000);
vault = IVault(0x...);
token = IERC20(vault.asset());
}
function test_firstDepositorInflation() public {
address attacker = makeAddr("attacker");
address victim = makeAddr("victim");
// Step 1: Attacker deposits 1 wei
vm.startPrank(attacker);
deal(address(token), attacker, 1);
token.approve(address(vault), 1);
vault.deposit(1, attacker);
// Step 2: Attacker donates large amount directly
deal(address(token), attacker, 1_000_000e18);
token.transfer(address(vault), 1_000_000e18);
vm.stopPrank();
// Step 3: Victim deposits — gets 0 shares
vm.startPrank(victim);
deal(address(token), victim, 500_000e18);
token.approve(address(vault), 500_000e18);
uint256 shares = vault.deposit(500_000e18, victim);
vm.stopPrank();
assertGt(shares, 0, "VULN: First depositor inflation");
}
}
Step 5: Solana-Specific Checks
For Solana/Anchor programs, the pipeline adds Rust-specific checks:
- Missing signer validation (AccountInfo without Signer constraint)
- PDA seed collisions
- Unchecked CPI calls
- Account type confusion
- Missing owner checks
Real Results: What This Pipeline Catches
| Bug Class | AI Found | Manual Found | AI Miss Rate |
|---|---|---|---|
| Reentrancy | 12/12 | 12/12 | 0% |
| Access Control | 18/19 | 19/19 | 5% |
| Oracle Manipulation | 7/11 | 11/11 | 36% |
| Logic Errors | 3/15 | 15/15 | 80% |
| Cross-function | 2/8 | 8/8 | 75% |
Key insight: AI excels at pattern-matching bugs but struggles with protocol-specific logic. The sweet spot is using AI for the first pass, then focusing human attention on the logic layer.
The 80/20 Rule of AI Auditing
- AI handles the 80% — known vulnerability patterns, gas optimizations, code quality, access control
- Humans handle the 20% — protocol-specific logic, economic attacks, composability risks
- Together they're 10x faster — 3-week audits become 4-5 day audits with higher coverage
Getting Started Today
# Minimum viable MCP security pipeline
pip install slither-analyzer
cargo install aderyn
curl -L https://foundry.paradigm.xyz | bash && foundryup
# Run your first AI-assisted audit
claude "Audit the contracts in ./src/ for DeFi vulnerabilities"
The trajectory is clear: by end of 2026, every serious audit firm will have an MCP-based pipeline. The $76M Aave incident and the $2.7M Solv Protocol hack both had patterns that AI tools could have flagged.
The question isn't whether to use AI for auditing — it's whether you can afford not to.
DreamWork Security publishes weekly DeFi security research. Follow for vulnerability analyses, audit tool comparisons, and security best practices across Solana and EVM ecosystems.
Top comments (0)