Beyond audit firms

Hypernative

→

AI-driven real-time threat detection with alerts and automated mitigation just before fund outflow.

Hexagate

→

Owned by Chainalysis. Machine-learning-based transaction threat detection.

Forta

OSS→

Decentralized monitoring network. Custom rules can be defined by writing and deploying bots.

Cube3

→

Real-time per-transaction risk scoring API.

Ironblocks

→

Real-time transaction firewall for smart contracts.

Tenderly

→

Industry-standard transaction simulator with alerting and automation built in.

OpenZeppelin Defender

→

Integrated platform for admin action automation, monitoring, and incident response.

Phalcon

→

BlockSec product. Strong on transaction debugging and exploit analysis.

Zellic V12

→

Autonomous Solidity audit agent built by Zellic. Has surfaced real Highs and Criticals in Cantina and Sherlock contests.

Nethermind AuditAgent

→

AI pair-auditor operated by Nethermind Security. Roughly 30% issue recall on average; recommended as an assistant.

Almanax

→

Founded by ex-Coinbase, Ripple, and AnChain veterans. Also operates the open Web3 Security Atlas dataset.

QuillShield

→

QuillAI's reinforcement-learning agent. Also released as open-source Claude Skills.

Sherlock AI

→

Sherlock's AI pre-analysis. Used as a first automated pass before contests start.

Frosty

→

Coinbase internal AI auditing tool. Internal evaluations show 1.5x the F1 score of competitors. Not externally available.

Octane Security

→

AI-driven automated security scanning. Integrates into CI to analyze every pull request.

Olympix

→

AI-assisted static analysis and test generation.

Slither

OSS→

Standard Solidity static analyzer. Common in CI pipelines.

Mythril

OSS→

Symbolic execution analyzer for EVM bytecode.

Echidna

OSS→

Property-based fuzzer for Solidity contracts.

Halmos

OSS→

Symbolic testing that turns Foundry tests into verification runs.

Aderyn

OSS→

Rust-based Solidity static analyzer maintained by Cyfrin.

Wake

OSS→

Ackee's integrated Solidity analysis and debugging framework.

Foundry

OSS→

Forge / Cast / Anvil bundle. The de facto standard for invariant and fuzz testing.

Manticore

OSS→

Symbolic analysis engine that handles both EVM and general binaries.

AuditWizard

→

Collaborative IDE for audit work. Workspace integrating Slither, Aderyn, and other tools.

Immunefi

→

Largest Web3 bug bounty platform. Hosts most major protocols.

HackenProof

→

Hacken's bug bounty platform. Broad coverage of exchanges, wallets, and DeFi.

Code4rena Bounty

→

Code4rena's standing bounty track, run separately from the contests.

Nexus Mutual

→

Standard for smart contract cover. Pool-based mutual insurance model.

Sherlock Coverage

→

Integrated audit-contest plus automatic coverage model.

Neptune Mutual

→

Parametric cover product based on governance consensus.

OpenCover

→

Distributor of decentralized insurance that lets protocols offer cover directly to users. Backed by Coinbase and Jump.

Fairside

→

Cost-sharing cover for user-level losses such as wallet theft, phishing, and malicious signatures.

Blockaid

→

Transaction security API adopted by major wallets including MetaMask and Rainbow.

Pocket Universe

→

Browser extension providing wallet simulation and phishing protection.

Wallet Guard

→

Wallet protection extension that warns about phishing sites and risky transactions.

Web3 Antivirus

→

Extension that evaluates wallet and domain risk.

Security Alliance (SEAL)

→

Whitehat coalition led by samczsun. Provides 24/7 incident response via SEAL 911.

ChainPatrol

→

Continuously monitors phishing and scam sites and assists with takedowns.

Chainalysis

→

On-chain forensics and compliance standard, used by many governments and exchanges.

Elliptic

→

Transaction monitoring and AML risk scoring.

TRM Labs

→

Strong on fund tracing and investigation support; many government partnerships.

Merkle Science

→

Behavior-based predictive analytics; transaction monitoring SaaS.