AuditHub: Veridise Unveils Continuous Security for Web3
In an period the place $350 million in good contract exploits occurred in a single 12 months — together with assaults on initiatives that had already been audited — Veridise CEO Jon Stephens took the stage with a easy however pressing message: auditing alone isn’t sufficient.
Stephens’ keynote, “AuditHub — Continuous Security for Web3,” launched a brand new platform that redefines how blockchain groups strategy good contract and zero-knowledge safety — turning what was as soon as a one-time audit right into a steady, automated, and adaptive course of.
The Problem: Security Happens Too Late
Stephens started by outlining a well-known flaw in how Web3 initiatives are constructed.
“Security is commonly handled because the final step within the software program lifecycle,” he stated. “Teams plan, construct, take a look at, and solely then — proper earlier than launch — take into consideration safety.”
That reactive strategy, he defined, leaves initiatives uncovered. Even after audits, practically one-third of exploited contracts in 2024 had been audited, and lots of extra suffered losses from “out-of-scope” code.
In one case, a single ignored math library led to a $223 million exploit. “It’s not that the audits had been unhealthy,” Stephens stated. “It’s that the method is damaged. We solely take a look at safety on the finish, when it’s already too late.”
The downside extends to zero-knowledge initiatives, which have gotten important for privateness and scalability. Veridise’s inside examine discovered that 55% of audited ZK initiatives had at the very least one important vulnerability — twice as many as typical DeFi protocols.
Why Auditing Isn’t Enough
Stephens was candid in regards to the limits of present options.
“Audits are nice for discovering bugs, however not for guaranteeing their absence.”
Traditional audits, he defined, are costly, rare, and infrequently constrained by scope. Meanwhile, AI-based auditing instruments, whereas inexpensive and quick, lack reliability. “AI is nice at recognizing frequent patterns,” he stated, “however it struggles with deep logic bugs — those that truly trigger catastrophic failures.”
Static evaluation, fuzzing, and formal verification instruments exist, however they’re typically tough for builders to make use of and require specialised experience. “Formal verification has a fame downside,” he famous. “It’s seen as sluggish, advanced, and inaccessible.”
The Solution: Continuous Security
To bridge these gaps, Stephens unveiled AuditHub, Veridise’s new all-in-one safety platform designed particularly for Web3 initiatives.
“Our purpose was to make high-assurance safety instruments as easy and seamless as a GitHub integration,” he stated.
AuditHub integrates a number of Veridise instruments — together with Vanguard, OrCa, and Picus — masking each good contracts and ZK circuits. The system makes use of static evaluation, fuzzing, and formal verification in live performance to offer steady suggestions all through the whole improvement lifecycle.
The platform detects frequent vulnerabilities like reentrancy or non-deterministic ZK circuits — which accounted for most main exploits in 2024 — with out requiring further developer enter.
Beyond that, it helps customized safety configurations, permitting builders to tailor scans to their particular enterprise logic. “We needed to maneuver away from generic evaluation and let groups outline what ‘secure’ means for their venture,” Stephens defined.
Automation Meets Expert Oversight
One of AuditHub’s standout options is its guided problem triage system. Rather than forcing builders to sift by way of a whole bunch of false positives, it learns from their suggestions — marking comparable non-issues routinely.
“It’s safety that learns as you go,” stated Stephens. “You inform AuditHub as soon as why one thing isn’t a bug, and it gained’t trouble you once more about the identical sample.”
All instruments function inside a unified framework, which means builders don’t must configure each individually. The platform additionally integrates immediately into CI/CD pipelines, enabling “security-as-you-deploy.”
“As you push code or open a pull request, AuditHub runs scans and returns outcomes routinely,” Stephens stated. “It’s proactive safety, constructed into your workflow.”
Speed and Scale
AuditHub’s formal verification engine, Picus, has already demonstrated industry-leading efficiency. Stephens shared that it verified RISC Zero ZK circuit in beneath eight minutes, a process that may usually take hours and even days.
“Speed issues,” he emphasised. “If safety isn’t sooner than your dev cycle, it gained’t be used.”
By making superior verification instruments accessible and environment friendly, Veridise hopes to shut the hole between speedy improvement and strong safety — a rigidity that has plagued Web3 since its inception.
A New Paradigm: Security from Day One
Stephens concluded by reframing safety not as a last checkbox, however as a steady loop.
“Security shouldn’t be a gate on the finish — it must be a continuing companion from the primary line of code.”
With AuditHub, groups can now combine safety scans into early improvement, detect points earlier than they compound, and eradicate “out-of-scope” vulnerabilities altogether.
The consequence, he stated, is a future the place safety evolves alongside innovation, not behind it.
“Auditing will all the time matter,” Stephens stated. “But steady assurance — automated, adaptive, and embedded — is how we safe Web3 at scale.”
The put up AuditHub: Veridise Unveils Continuous Security for Web3 appeared first on Metaverse Post.
