Technical deep dives, product updates, and real-world case studies from the KAI team.
An open-source, model-agnostic security harness that hunts vulnerabilities the way a security team would, and runs entirely on models you control, so your source never leaves your infrastructure. How a run works, the Curves audit end to end, and the numbers on two public benchmarks.
Fine-tuning a code model on one developer's 20 GitHub repos did not teach it new things. It changed which of its existing circuits got used, how strongly, and on which tokens. The fingerprint is in the routing.
Lightcone paired their third-party security audit with continuous AI maintenance from Kai. The combination shipped a verified fix inside the audit window, on the class of work that's hardest to catch in isolation.
We shipped 59 custom MCP tools for our agent. On day one of testing, it used them zero times. This post is what mcp-sim taught us in five days, and the benchmark we're building because of it.
A short-horizon agent's quality is bounded by the model. A long-horizon agent's quality is bounded by what it remembers. Inside Kai's memory architecture: four stores, MCP-gated read/write, a frozen-prompt session model, and write-time content scanning.
We built Kai because the worst part of every morning had become reviewing code we did not write. The team lead for the AI-augmented engineering org: verifier first, generator second, memory that compounds.
How Kai optimized the only path to 4-bit GPU acceleration, achieving 153.8x speedup over the naive reference on NVIDIA B200 Blackwell.
How an evolutionary engine discovered that a 16× learning rate, curriculum ordering, and progressive token weighting can drive eval loss from 8.79 to 0.003 in thirty steps.
Three-day diary of a long-horizon coding agent deployed against Apple and Coinbase repositories.
Automated security analysis of Apple's PasswordRulesParser.js uncovered 4 confirmed vulnerabilities including incomplete HTML escaping (XSS), unbounded integer parsing, and silent rule dropping.
Kai discovered a high-severity access control bypass in StakedUSDeV2 allowing blacklisted users to withdraw funds
Kai discovered two medium-severity vulnerabilities in Morpho Vault V2: an access control bypass in forceDeallocate and a revoke liveness issue when curator is set to zero.
Kai discovered two vulnerabilities in the Tempo protocol: a high-severity missing expiry check in AccountKeychain and a low-severity front-running issue in ValidatorConfig.
Discover how AI-powered security agents are changing the game for smart contract auditing, finding vulnerabilities faster and more accurately than traditional methods.
A deep dive into how security invariants work and why they're the key to finding the most dangerous smart contract vulnerabilities.
Learn how AI security agents go beyond detection to generate working proof-of-concept exploits, eliminating false positives.
Understanding the financial incentives behind blockchain attacks and how proper security investment protects your protocol.
Best practices for integrating security into every stage of your smart contract development lifecycle.
The performance ceiling of your software is way higher than you think.
Kai scored 64.2% Detect Recall on OpenAI's EVMBench, 19 points ahead of the next best system, with no Solidity-specific tuning.
Connect Claude Desktop, Cursor, VS Code, or any MCP client to scan code, review vulnerabilities, run evolutions, and manage your workspace.
A critical ERC-6492 verification flaw that lets attackers forge payment authorizations, confirmed as a valid finding by Coinbase's bug bounty.
Kanban cards and exploit details now surface what matters most.
A step-by-step wizard to set up your workspace, connect integrations, and start scanning.
Import GitHub repos, choose your scan depth, and manage everything from the dashboard.
See exactly what KAI's agents are doing while they scan your code.
See which LLM configurations find the most vulnerabilities in real smart contract bounties.
An XSS vulnerability found by KAI has been patched in Apple's open-source tooling, reviewed and merged by Apple staff.
Generate shareable audit reports from any completed scan.
Export findings directly to Linear alongside GitHub and Jira.
Get notified when your security scans finish.
KAI now connects directly to your issue tracker.
We shipped intelligent deduplication for KAI's security findings.
Triage vulnerabilities the way you manage tasks.