New York, April 7, 2026 – CertiK, Web3’s biggest security services provider, has officially launched its AI Auditor. The tool, previously only available to CertiK’s auditors, is designed to scan and monitor smart contract code for vulnerabilities.
Before going public alongside CertiK’s open-source integrations for AI coding agents, AI Auditor underwent 6 months of rigorous testing on its real-world applications. The tool was tested on 35 real security incidents outside of its training data, all of which occurred during 2026. On these tests, CertiK’s AI auditor demonstrated an 88.6% exact hit rate while maintaining a low percentage of false positives.
CertiK Co-founder, Ronghui Gu, highlighted the importance of this low-noise, high-signal approach, stating: “The question is no longer simply whether AI can find vulnerabilities, but whether it can genuinely help development teams surface the security issues worth addressing, earlier. By filtering out endless false positives, our AI Auditor delivers high-signal, actionable clarity—turning security from a traditional bottleneck into a seamless accelerator for Web3 teams.”
How the CertiK AI Auditor Minimizes False Positives
Currently, in live production environments, the AI Auditor delivers, on average, an approximately 30% false positive rate, significantly lower than most competitors. Notably, the number was even lower for simpler codebases. This is significantly lower than most competitors, owed largely to the tool’s unique way of handling tasks.
The CertiK AI Auditor handles each task by running multiple specialized scanners in parallel, passing each result through its validation layer, the Multi-Stage Validator. The Multi-Stage Validator processes all of these scans, where it filters out duplicate findings and disregards alerts on non-exploitable issues. This, in turn, minimizes the number of unnecessary alerts displayed to developers and increases efficiency.
Layered on top of this is a massive, continually updated Knowledge Base. The Knowledge Base feeds the AI Auditor structured data on audit findings, real exploits, and attack patterns. With this, the AI Auditor can take into account emerging threat intelligence during inference, instead of simply relying on its training data.
The End Goal: Always-on Security Across Development & Institutional Workflows
The CertiK AI Auditor is designed to complement human auditors. By integrating directly with developer work environments, it streamlines the threat detection process and enables teams to catch issues earlier in the development cycle.
In-house at CertiK, its AI tooling has already led to significant productivity increases. The AI Auditor has reduced the need for extended addendum audit timelines and improved overall efficiency. Furthermore, it increases audit quality by letting human developers focus on more complex issues and protocol-level vulnerabilities.
Yuannan Yang, audit partner at CertiK, stated: “Human auditors have limited time and therefore need to concentrate primarily on in-scope code. AI auditors, however, can scale more easily and help review external dependencies or out-of-scope code, resulting in broader and more comprehensive audit coverage.”
The release of CertiK’s AI Auditor is a linchpin in its broader push toward AI integration. Going forward, CertiK aims to use AI to embed security into dev tooling, compliance systems, and more.
Passionate about how technology can empower people to create a more just and sustainable world.
