Securing Yourcode.

Autonomous agents break your code, prove it, and ship the fix on day one. Built by the winners of DARPA AIxCC.

Latest research.

Original vulnerability research from QED. Every bug first found by AI.

Building Security Agents for the Ethereum Protocol

Announcement • Jun 2026

Building Security Agents for the Ethereum Protocol

The Ethereum Foundation has engaged QED to build specialized security agents for the Ethereum protocol — focused on implementation bugs, spec drift, and consensus-critical issues across the core client and networking stack.

A $47.43M Loophole in THORChain

Deep Dive • Jun 2026

A $47.43M Loophole in THORChain

QED found two related bugs in THORChain: an authz.MsgExec ante bypass that lets any EOA inject phantom pool balances ($47.43M net profit), and a reference-read deposit that credits Asgard while Bond/Reserve/THORName handlers run unbacked.

QED x Commonware

Case Study • May 2026

QED x Commonware

A joint look at how QED helps Commonware fix subtle vulnerabilities before it reaches production.

Hijacking dYdX v4 oracle feeds

Deep Dive • May 2026

Hijacking dYdX v4 oracle feeds

A string-comparison bug in dYdX v4 could let an attacker rewire perp oracles and steal against $1.2M of open interest.

Read the Blog

© 2026 QED Audit Inc.