Sherlock, a leading smart contract security firm, has launched the open beta of a new tool called Sherlock AI, an auditing assistant that applies artificial intelligence to identify vulnerabilities in smart contracts and help teams prepare for audits. The company says the system is designed to give developers improved visibility into smart contract vulnerabilities before and after traditional point-in-time audits.
Security Gaps Between Audits
Sherlock’s launch comes against the backdrop of a long-standing weakness in the audit model: vulnerabilities often surface in the months between formal reviews. Point-in-time audits remain a cornerstone of smart contract security, but they provide only a snapshot of a codebase at a single moment. Analysts note that this leaves extended periods of development without structured oversight, when critical issues can go unnoticed until much later.
Sherlock AI and a Shift in the Auditing Model
According to people familiar with the company, Sherlock’s new AI-powered tool is meant to address a recurring issue in the audit process: teams often reach audits with code that still requires significant changes. Instead of relying only on scheduled reviews, Sherlock AI is able to run throughout the development process, scanning commits and pull requests and producing analytics developers can review to remediate code problems faster.
Sources said several top-TVL protocols are actively participating in the beta program. Analysts say that this new security model could shift audits from being the first line of defense to the final step in a longer security process.
“Point-in-time audits are indispensable,” said Jack Sanford, co-founder and CEO of Sherlock “but they were never meant to carry the entire burden of security. Too often teams enter audits with code that isn’t ready, leading to wasted time and higher costs. Sherlock AI moves security into the development process itself, giving teams the ability to catch and fix critical issues early so audits deliver maximum value and code goes to mainnet with confidence.”
Industry Context
According to Chainalysis, more than $2.2 billion was stolen in 2024 through hacks and platform vulnerabilities. The scale of losses underscores a persistent challenge: point-in-time audits alone have not been enough to keep up with the speed of smart contract development. Sherlock’s release of an AI-based system reflects a broader industry push toward tools that provide more ongoing oversight while giving developers the means to fix their code during the greater development cycle.
Beta and Early Adoption
The beta launch is the result of close collaboration between Sherlock’s core team and leading researchers, including input from some of the most recognized independent auditors in the space. Early users said the tool has helped cut down rework and made audit preparation more efficient.
Through surfacing vulnerabilities earlier in the development cycle, teams can reduce rework, accelerate the formal audit process, and avoid costly delays. For the wider ecosystem, self-service auditing tools like Sherlock AI may help protocols scale and protect user funds more securely, reassuring both users and investors.
Sherlock emphasized that the tool is still in beta, with ongoing improvements being made as more teams adopt it. The company plans to release further updates based on developer feedback and expand integrations beyond GitHub in the coming months.
A Lifecycle Approach to Security
Sherlock has long promoted a “best of both worlds” model that combines traditional audits with large-scale contests, post-launch bug bounties, and financial coverage. The launch of Sherlock AI extends that model into a full lifecycle approach, embedding security directly into the development process.
“Our vision has always been a lifecycle model for security – audits, contests, bounties, and coverage working together,” Sanford said. “Sherlock AI completes that picture by giving teams early, reliable feedback, so they can launch on time, on budget, and with the confidence that their code is ready for mainnet.”
About Sherlock
Sherlock is a smart contract security company that combines collaborative audits, large-scale audit contests, post-launch bug bounties, and financial coverage to protect protocols throughout their lifecycle. Since its inception, Sherlock has worked with leading projects and continues to pioneer new approaches to keeping smart contracts secure.
