Not a checklist. Not a scanner. Krait generates tailored AI prompts for every security check — backed by real Solodit exploits — then auto-parses your LLM's response to verify your code. 100% precision across 50 shadow audits. Works with Claude Code, Cursor, Windsurf, or Codex. Free.
Most "AI audit tools" run a single LLM pass and dump every possible issue — burying real bugs under mountains of false positives. Krait's 4-stage adversarial pipeline is purpose-built to eliminate noise: agents detect, reason, disprove, and rank — achieving 95%+ fewer false positives than single-pass approaches.
Casts a wide net. 5 parallel workers scan every file using 43+ detection heuristics, Feynman interrogation (9 question categories), and 140 vulnerability patterns.
Three-pass analysis · Per-file + cross-contract
Builds concrete exploitation proofs. Must construct a 3-step attack: attacker does X → causes Y → results in Z loss. No hand-waving allowed.
Only provably exploitable findings survive
Devil's advocate with 8 Kill Gates. Actively tries to DISPROVE each finding. Checks for existing mitigations, safe patterns, and 8 systematic false-positive rules.
Catches 95%+ of false positives
Composite scoring: detector (20%) + reasoner (30%) + critic (50%). Threshold filtering removes remaining noise. Only validated findings survive.
Score ≥ 40/100 to pass · Severity-ranked output
Krait's knowledge comes from 6 distinct data sources, each curated, validated, and continuously refined through a 50-contest shadow audit feedback loop.
Hand-crafted YAML
Each pattern contains detection strategy, real exploit examples with vulnerable + fixed code, false-positive notes, and confidence levels. Covers Solidity, Rust/Solana, AI/Red-Team, and Web2.
World's largest audit database
Real vulnerabilities from Aave, Uniswap, Compound, MakerDAO, and hundreds more. Fetched via API, categorized by protocol type, mapped to attack vectors. Rate-limited with intelligent caching.
C4 / Sherlock / CodeHawks
Every new methodology version is blind-tested against real contest results. Post-mortem analysis of every miss. Patterns and heuristics updated. 8 methodology versions from 12% to 100% precision.
7 domain-specific guides
DEX/AMM (20 attack patterns), Lending (15), Staking (15), NFT/GameFi (17), Bridge (12), Proxy/Upgrades (15), Wallet/AA (12). Each distilled from hundreds of verified audit findings.
Feynman Interrogation System
9 question categories (Purpose, Ordering, Consistency, Assumptions, Boundaries, Returns, External Calls, Protocol Integration, Overrides) with 40+ sub-questions for systematic code interrogation.
Systematic FP elimination
First-depositor, fee-on-transfer, fork-inherited, admin-gated, best-practice, known issues, privilege escalation, acknowledged issues. Each gate is a learned filter from shadow audit false positives.
Blind audit a real contest
Compare against actual results
Analyze every miss & false positive
Extract new patterns & heuristics
Update pipeline, test on next contest
This loop has run 35 times across 5 methodology versions. v1 started at 12% precision. v7 reached 100% precision with zero false positives across 5 contests.
We ran Krait blind against 40 past Code4rena, Sherlock, and CodeHawks contests — real protocols with known vulnerabilities.
Every AI audit tool can find bugs. The hard part is not crying wolf. A report full of false positives wastes your team's time, erodes trust, and buries the real vulnerabilities that actually matter. That's why we built the entire pipeline around FP elimination — from the Critic agent's 8 Kill Gates to post-mortem analysis of every false positive across 50 shadow audits.
5/14 findings on UniV3 derivatives — slot0 manipulation, flash loan initiator, V3Proxy routing
Found both HIGH findings, 0 false positives
Caught voting power desync on multiplier change — exact Pashov vector
Whether you use the web assessment or the CLI agent, you get a branded, professional report showing exactly where you stand.
Overall security posture score with pass/fail/skip breakdown
Unresolved critical & high severity findings requiring immediate attention
High-level patterns we observe in your security architecture — like a senior auditor's executive summary
What you're doing right — documented strengths that demonstrate security maturity to investors and partners
Every check organized by section with pass rates and expandable details
Tool outputs, code references, and manual review notes for every assessed check
Generic tools miss protocol-specific attacks. Krait loads domain-specific primers with 20-30 attack patterns per protocol type, each distilled from hundreds of verified Solodit findings.
20 attack patterns
Key risks: Oracle manipulation, sandwich attacks, LP drain, impermanent loss
15 attack patterns
Key risks: Liquidation logic, bad debt, flash loan attacks, interest rate manipulation
12 attack patterns
Key risks: Message forgery, relay exploitation, chain reorg, double-spend
15 attack patterns
Key risks: Peg mechanism, collateral drain, redemption attacks, governance
17 attack patterns
Key risks: Reentrancy in minting, royalty bypass, randomness manipulation
15 attack patterns
Key risks: Storage collision, initialization, function clashing, upgrade path
+ 33 more protocol types including vaults, staking, governance, oracles, insurance, wallet/AA, and more
Every check generates a tailored AI prompt. Run it in your IDE. Paste the response back. Krait auto-parses the verdict. No setup, no install, no API key.
Pick from 39 protocol types. Configure chain, admin model, oracle usage. Krait loads the right domain primer with protocol-specific attack patterns and relevant Solodit findings.
Each check has a "Verify with AI" button that generates a prompt with real Solodit exploits, code patterns to search for, and what secure code looks like. Copy it into Claude Code, Cursor, Windsurf, or Codex. Paste the response back — Krait auto-detects the verdict, extracts file:line references, and sets the status.
You are a security auditor specializing in Lending protocols. Analyze for: oracle price freshness... ### Real exploits from production audits - [HIGH] Oracle staleness in Aave v3...
Get a readiness score, ranked risks by severity, strengths identified, and every finding linked to its source audit. Export as Markdown, share a URL, or bring it to an auditor. Know exactly what to fix before your audit.
Three tools that work together. Run them independently or combine for maximum coverage.
AI audit in your IDE — finds bugs with exploit traces
845+ checks with AI prompts — process-level verification
Upload findings, track projects, combined readiness score
Zealynx is a boutique Web3 security audit firm. We built Krait to help protocols prepare before hiring us — or any auditor. Better-prepared protocols make the whole ecosystem safer. That's why the web assessment is free.
"Most protocols come to us after being hacked. Krait helps teams find the problems before that happens."
Carlos Vendrell — Founder, Zealynx Security