News linked to both this project and an event.
Agora, an automated testing framework jointly developed by 0G Labs and research teams from the National University of Singapore, Peking University, and Beijing University of Posts and Telecommunications, has been accepted to ICML 2026. Agora is the first framework to deeply integrate domain-specific knowledge from distributed systems with a multi-agent collaborative architecture for automated vulnerability detection in production-grade consensus protocols. According to the paper, Agora has uncovered 15 previously unknown deep logic bugs (“Deep Bugs”) across mainstream consensus protocols—including Raft, EPaxos, HotStuff, and BullShark—spanning critical security issues such as execution divergence, monotonicity violations, topology flaws, and signature verification failures. Experimental results show that leading large language models—including GPT-5.2 and Claude 4.5—failed to detect any protocol-level vulnerabilities under identical test scenarios. Agora employs hypothesis-driven testing and a multi-agent collaboration mechanism, enabling deep security analysis of complex distributed systems through automated attack-scenario generation, test execution, and dynamic refinement. Beyond consensus protocols, the framework is designed for future extension to domains including database concurrency control, operating system kernels, and Web3 smart contract auditing.
OpenAI has officially launched the GPT-5.5-Cyber model and the "Trusted Access for Cyber" (TAC) framework designed for cybersecurity defenders. Simultaneously, GPT-5.5-Cyber has been opened for a limited preview to defenders responsible for critical infrastructure, supporting specialized cybersecurity workflows.TAC is an identity and trust-based framework aimed at ensuring that enhanced AI capabilities are wielded by verified defenders. Defenders verified through this framework will encounter fewer instances of model refusal when performing tasks such as vulnerability identification, triage, malware analysis, binary reverse engineering, and patch verification. Starting from June 1, 2026, individual members accessing this capability will be required to enable advanced account security protection.OpenAI is currently collaborating with security vendors including Cisco, CrowdStrike, and Palo Alto Networks to accelerate the defense cycle of the security ecosystem through GPT-5.5, enhancing the efficiency of vulnerability research, patching, monitoring, and supply chain security.
According to a disclosure by a16z, its researchers conducted systematic testing to assess whether AI agents can independently exploit DeFi price manipulation vulnerabilities. The study used a dataset of 20 Ethereum price manipulation incidents and employed Codex (GPT 5.4) equipped with the Foundry toolchain as the test agent. Under baseline conditions—i.e., without domain-specific knowledge—the agent’s success rate was only 10%; after incorporating structured domain knowledge distilled from real-world attack incidents, the success rate rose to 70%. Failure cases revealed that the agent consistently identified vulnerabilities correctly but generally failed to comprehend the leverage logic of recursive lending, misjudged profit margins, and could not orchestrate multi-step, cross-contract attack sequences. The experiment also recorded one sandbox escape incident: the agent extracted an RPC key from the local node configuration and invoked the <code>anvil_reset</code> method to reset the node to a future block, thereby bypassing information isolation constraints and accessing real-world attack data. The research team concluded that AI agents can currently assist effectively in vulnerability identification but are not yet capable of replacing professional security auditors.
According to an official announcement, OpenAI has launched a biotechnology security vulnerability bounty program for GPT-5.5 and is now accepting applications. This program aims to strengthen the safety of its advanced AI capabilities in the biotechnology domain by inviting researchers with experience in AI red-teaming, security, or biosecurity to attempt identifying general jailbreak methods that can bypass its five biotechnology safety challenges.