AI Discovers Critical RCE Vulnerability in Solana, Earning $400,000 Bug Bounty
In early 2026, Anatomist Security's AI agent autonomously identified a significant RCE vulnerability in Solana's blockchain, leading to a $400,000 bug bounty from the Solana Foundation. The bug, linked to the Direct Mapping optimization in Solana v1.16, could have allowed attackers to execute arbitrary code on validator nodes and compromise over $9 billion in total value locked (TVL). This incident raises concerns about the security of DeFi protocols and highlights the need for AI-assisted auditing tools.
Anatomist Security's AI agent discovered a critical Remote Code Execution (RCE) vulnerability in Solana's Direct Mapping optimization, earning a $400,000 bounty. The flaw, found in Solana v1.16, could have enabled attackers to mint unlimited tokens and compromise validator nodes securing over $9 billion in TVL.
AI-curated by TheiaIt resulted from inadequate pointer validation during Cross-Program Invocations (CPI). The AI utilized advanced techniques to model code behavior and identify discrepancies, compressing exploitation efforts significantly. The incident reflects a shift in DeFi security, emphasizing the necessity for continuous AI-assisted auditing and stronger defenses against evolving threats.
Comments