Kraitkrait
AI-Assisted Security Verification · 100% precision (v8) · 0 false positives

Audit your contracts with
your IDE’s AI.

Krait runs 845 security checks against your contracts using Claude Code, Cursor, Windsurf, or Codex. Each check generates a prompt grounded in real Solodit exploits — Krait parses the verdict for you. Free.

Free — sign up after your first run to save it
github.com/ZealynxSecurity/krait
Contest-validated

From 12% to 100% — eight versions, every miss tracked.

We ran Krait blind against 40 past Code4rena, Sherlock, and CodeHawks contests — real protocols with known vulnerabilities.

Methodology Evolution

v13 contests12%Basin, Wildcat, Amphora — initial methodology, broken learning loop
v26 contests66%Venus, NextGen, Kelp — best recall phase, Kelp DAO hit 50% recall + 56% precision
v310 contests34%FP explosion discovered — Ondo had 100% error rate. Exposed need for Kill Gates
v410 contests37%Marginal improvement. reNFT hit 87.5% precision but systemic FPs remained
v55 contests70%Kill Gates system: 95%+ FP elimination. Munchables & Abracadabra at 100% precision
v6.45 contests90%0.2 FPs/contest. LoopFi, Phi, Vultisig, Predy all at 100% precision. 4 consecutive clean contests
v75 contests100%Zero FPs across all 5 contests. New heuristics (CONST-01, GAUGE-01, REPLAY-01) caught bugs v6.4 missed. Module system + recon flags
v85 contests100%Open-source integration (pashov, plamen, forefy). 5 new modules. Recall 11% → 15.2%. GoodEntry: 36% recall — all-time high on 14-finding contest
40
Shadow audits
100%
Precision (v8)
0.2
FPs per contest
8
Methodology versions

Our #1 goal: eliminate false positives

Every AI audit tool can find bugs. The hard part is not crying wolf. A report full of false positives wastes your team's time, erodes trust, and buries the real vulnerabilities that actually matter. That's why we built the entire pipeline around FP elimination — from the Critic agent's 8 Kill Gates to post-mortem analysis of every false positive across 40 shadow audits.

95%+ fewer false positives·v3 had an FP explosion — we didn't hide it, we fixed it·Every miss is tracked and learned from
Shadow audit

GoodEntry

36% recall

5/14 findings on UniV3 derivatives — slot0 manipulation, flash loan initiator, V3Proxy routing

Shadow audit

Munchables

100% precision

Found both HIGH findings, 0 false positives

Shadow audit

Arcade

25% recall

Caught voting power desync on multiplier change — exact Pashov vector

What You Get

A report your auditor will read.

Whether you use the web assessment or the CLI agent, you get a branded, professional report showing exactly where you stand.

Kraitkrait
Security Assessment Report
Client@YourProtocol
Protocol TypeDEX / AMM
Duration
12 min
Audit Scope
Security checks evaluated103
Categories covered12
Solodit references cited247
Findings
CRITICALSeverity vulnerability
×1
HIGHSeverity vulnerability
×2
MEDIUMSeverity issues
×4
LOWSeverity issues
×3
Readiness Score
72
out of 100 · Needs improvement
68 pass 10 fail 25 skipped
Multi-Agent AI Pipeline
Powered by Zealynx Security

What's in your report

Readiness Score

Overall security posture score with pass/fail/skip breakdown

Top Risks

Unresolved critical & high severity findings requiring immediate attention

Architectural Security ObservationsNew

High-level patterns we observe in your security architecture — like a senior auditor's executive summary

Security Strengths ObservedNew

What you're doing right — documented strengths that demonstrate security maturity to investors and partners

Category Breakdown

Every check organized by section with pass rates and expandable details

Evidence Appendix

Tool outputs, code references, and manual review notes for every assessed check

AI-Assisted Verification

How it works — and why it takes 10 minutes, not 10 hours.

Every check generates a tailored AI prompt. Run it in your IDE. Paste the response back. Krait auto-parses the verdict. No setup, no install, no API key.

1Configure your agent

Tell Krait what you're building

Pick from 39 protocol types. Configure chain, admin model, oracle usage. Krait loads the right domain primer with protocol-specific attack patterns and relevant Solodit findings.

DEX / AMM103 checks · 20 attack patterns
Lending Protocol
Cross-chain Bridge
Stablecoin
Liquid Staking
2Verify with AI

Every check generates a tailored AI prompt

Each check has a "Verify with AI" button that generates a prompt with real Solodit exploits, code patterns to search for, and what secure code looks like. Copy it into Claude Code, Cursor, Windsurf, or Codex. Paste the response back — Krait auto-detects the verdict, extracts file:line references, and sets the status.

Works with any IDE AI Real exploit context Auto-parse verdict
Tailored Prompt8 real exploits
You are a security auditor specializing in Lending protocols. Analyze for: oracle price freshness...

### Real exploits from production audits
- [HIGH] Oracle staleness in Aave v3...
Auto-detected
FAIL→ status auto-set
PriceOracle.sol:42LendingPool.sol:189
3Get your branded report

Professional report you can share with anyone

Get a readiness score, ranked risks by severity, strengths identified, and every finding linked to its source audit. Export as Markdown, share a URL, or bring it to an auditor. Know exactly what to fix before your audit.

HighH-CEI-04

Reentrancy on Vault.withdraw() via fee callback

External call to feeRecipient precedes shares[msg.sender] -= amount. Same pattern as the SushiMiso incident on Solodit.

Vault.sol:L142·solodit/i-0192·solodit/i-0744
The AI Engine

A 4-stage adversarial pipeline
that disproves its own findings.

Most "AI audit tools" run a single LLM pass and dump every possible issue — burying real bugs under mountains of false positives. Krait's 4-stage adversarial pipeline is purpose-built to eliminate noise: agents detect, reason, disprove, and rank — achieving 95%+ fewer false positives than single-pass approaches.

1

Detector

Casts a wide net. 5 parallel workers scan every file using 101 detection heuristics, Feynman interrogation (9 question categories), and 140 vulnerability patterns.

Three-pass analysis · Per-file + cross-contract

2

Reasoner

Builds concrete exploitation proofs. Must construct a 3-step attack: attacker does X → causes Y → results in Z loss. No hand-waving allowed.

Only provably exploitable findings survive

3

Critic

Devil's advocate with 8 Kill Gates. Actively tries to DISPROVE each finding. Checks for existing mitigations, safe patterns, and 8 systematic false-positive rules.

Catches 95%+ of false positives

4

Ranker

Composite scoring: detector (20%) + reasoner (30%) + critic (50%). Threshold filtering removes remaining noise. Only validated findings survive.

Score ≥ 40/100 to pass · Severity-ranked output

Live pipeline outputPowered by Claude Sonnet + Opus
$ krait audit ./contracts --multi-agent
[Detector] Scanning 47 files · 140 patterns · 101 heuristics
[Detector] Found 23 candidate vulnerabilities
[Reasoner] Building 3-step exploitation proofs...
[Reasoner] 18/23 have viable attack paths
[Critic] Running 8 Kill Gates + falsification...
[Critic] Falsified 11 — existing mitigations found
[Ranker] Composite scoring (20/30/50 weights)...
2 critical3 high2 medium·7 validated findings·95%+ FP elimination
39
Protocol types
DEX, lending, bridges, vaults, oracles, AA, restaking…
845
Total checks
A run picks the ~100 that fit your contract surface.
140
Vulnerability patterns
26 newly learned in the last 90 days.
Knowledge Engine

Six sources behind every check.

Krait's knowledge comes from 6 distinct data sources, each curated, validated, and continuously refined through a 40-contest shadow audit feedback loop.

140 Vulnerability Patterns

Hand-crafted YAML

Each pattern contains detection strategy, real exploit examples with vulnerable + fixed code, false-positive notes, and confidence levels. Covers Solidity, Rust/Solana, AI/Red-Team, and Web2.

140 active + 26 learned

49K+ Solodit Findings

World's largest audit database

Real vulnerabilities from Aave, Uniswap, Compound, MakerDAO, and hundreds more. Fetched via API, categorized by protocol type, mapped to attack vectors. Rate-limited with intelligent caching.

49,000+ findings ingested

40 Shadow Audits

C4 / Sherlock / CodeHawks

Every new methodology version is blind-tested against real contest results. Post-mortem analysis of every miss. Patterns and heuristics updated. 8 methodology versions from 12% to 100% precision.

v1→v8 evolution

333+ Protocol Primers

7 domain-specific guides

DEX/AMM (20 attack patterns), Lending (15), Staking (15), NFT/GameFi (17), Bridge (12), Proxy/Upgrades (15), Wallet/AA (12). Each distilled from hundreds of verified audit findings.

7 domains, 333+ checks

101 Detection Heuristics

Feynman Interrogation System

9 question categories (Purpose, Ordering, Consistency, Assumptions, Boundaries, Returns, External Calls, Protocol Integration, Overrides) with 40+ sub-questions for systematic code interrogation.

9 categories, 101 heuristics

8 Kill Gates

Systematic FP elimination

First-depositor, fee-on-transfer, fork-inherited, admin-gated, best-practice, known issues, privilege escalation, acknowledged issues. Each gate is a learned filter from shadow audit false positives.

95%+ FP elimination

Continuous Learning Loop

1

Blind audit a real contest

2

Compare against actual results

3

Analyze every miss & false positive

4

Extract new patterns & heuristics

5

Update pipeline, test on next contest

This loop has run 40 times across 8 methodology versions. v1 started at 12% precision. v8 reached 100% precision with zero false positives across 5 contests.

“We built Krait because half our audit hours go to bugs the team could have found in a checklist. Now they can.”
Carlos Vendrell · Founder, Zealynx Security
Krait is pre-audit verification, not audit replacement. You still need humans.

Ship with confidence.
Or ship knowing what you’re shipping.

101 heuristics. 845 checks across 39 protocol types. 40 shadow audits at 100% precision. Works with any IDE AI. Free.