Can Artificial Intelligence Be Integrated Into Our Workflow?
At Least Authority, we are always exploring innovative ways to enhance our security auditing processes and improve our ability to identify vulnerabilities. One area of particular interest is the usefulness of various Artificial Intelligence (AI) models and how they can be integrated into our workflow. Over the past several months, we have been testing different AI models to assess their effectiveness in supporting different types of security audits.
AI models are rapidly evolving, and their capabilities vary depending on their underlying architecture, training data, and intended use cases. Broadly speaking, the types and approaches to using AI models fall into three different categories:
- General-purpose AI models which are trained on vast datasets and are effective at pattern recognition, summarization, and code analysis, along with some models that focus on reasoning. While these models can perform code analysis and include data about security vulnerabilities, their strength is in their ability to apply their vast interdisciplinary knowledge to audits in ways that most human experts struggle with .
- Domain-specific AI models, which are trained explicitly on cybersecurity datasets to detect vulnerabilities and analyze security configurations. Although these AI models are targeted for security purposes, they are in development and not well-tested.
- Automation-driven AI tools (Agents), which combine AI model capabilities with structured workflows to streamline repetitive tasks. However, AI agents are only as good as the models they use. Their effectiveness depends both on the quality of the model and how they are leveraged within a process.
Through our experiments across these categories, we have found that effectively using AI models in audits requires manual preparation, strategic prompt engineering and manual verification. Additionally, the AI-powered security tools available are still in active development, meaning they require refinement to be truly reliable in augmenting established workflows.
Even the best AI models currently available do not perform equally well across all of these audit types. At Least Authority, we conduct a range of security audits, including:
- Cryptographic security reviews – Evaluating cryptographic protocols and implementations for potential weaknesses, including ZKP, MPC, and FHE.
- Smart contract and blockchain audits – Assessing decentralized applications (dApps), blockchain protocols, and smart contract security.
- Infrastructure and system security reviews – Identifying vulnerabilities in system architecture, cloud configurations, and deployment pipelines, particularly distributed and peer-to-peer systems.
- Privacy assessments – Analyzing compliance with privacy best practices and regulations, often in partnership with a legal team and including foundational security to enable privacy.
Despite the limitations of AI models being used in security audits, we have found that they can still add value in many cases. As a result, we are actively working on:
- Establishing testing standards for evaluating AI models’ effectiveness in security audits.
- Defining baseline expectations for AI-assisted analysis across different audit types.
- Continuously refining our approach based on real-world results and feedback.
However, it’s important to acknowledge that some of the more complex security audits we conduct still rely primarily on human expertise. While AI can assist, critical security decision-making requires deep contextual knowledge and experience that AI has yet to fully replicate.
Contact Us to Learn More
We remain committed to pushing the boundaries of security auditing while maintaining the highest standards of analysis. If you’re interested in a security audit and would like to learn more about how we can integrate AI into our process with an audit for you, feel free to reach out to us.
We look forward to collaborating with teams that share our passion for security innovation!