BlockApps Partners with Consensys Diligence to Bring AI-Powered Security to STRATO
BlockApps and Consensys Diligence have begun a security engagement that pairs Consensys Diligence's AI auditing agent, Chonky, with STRATO's codebase. The two teams connected at ETHDenver 2026, ran initial scans across STRATO's repositories, and are now working toward deploying continuous, AI-powered smart contract auditing on the platform.
DeFi Needs a Better Security Model
Yields across DeFi have compressed toward TradFi levels. But the risk of total loss from exploits seems not to have compressed at all. For many users, the math no longer adds up: the yield they earn does not justify the chance that a hack wipes out their principal.
Traditional auditing has become a choke point in the AI age. Point-in-time audits remain a critical step before any major release, but they are expensive and can't keep pace with teams that ship fast, especially as AI opens up more attack vectors on new code. Teams that take security most seriously still face a gap between what they can afford to audit and how fast their code evolves.
BlockApps and Consensys Diligence are building toward a model that closes that gap: AI-powered auditing that runs alongside development, guided by human security engineers, that gets sharper with every pass.
Chonky: Expert-Guided AI Auditing from Consensys
Chonky is Consensys Diligence's agentic security tool, built by auditors to extend human-led analysis. Consensys Diligence has been auditing Ethereum infrastructure since 2017, covering smart contracts and the protocols beneath them. Chonky draws on that expertise. It scans repositories of any kind, and auditors tailor it to each client's architecture, threat model, and development workflow.
A one-time reviewer brings fresh eyes. Chonky brings accumulated memory. Human security engineers at Consensys Diligence validate and guide the agent's findings, combining the speed of AI with judgment built over years of reviewing production smart contracts.
Why STRATO
STRATO gave Chonky a hard test.
The platform's blockchain core is written in Haskell, a language common in high-assurance environments because its type system eliminates entire classes of runtime errors at compile time. BlockApps shipped that Haskell core in 2014, before Ethereum mainnet launched, and the codebase has been under continuous development for over a decade. Thirty thousand commits across multiple languages and projects.
STRATO also runs SolidVM, a custom virtual machine that replaces the opcode-based EVM execution model with a higher-level scripting approach. Contracts stay human-readable at runtime, so developers can inspect what a contract does at any given moment. For an auditing tool, that architecture is a serious technical challenge. Chonky's ability to operate against SolidVM signals the depth of its analysis.
The Engagement So Far
Consensys Diligence connected Chonky to STRATO's GitHub repository and directed it at the most critical components: the VM and the Solidity contracts built on top of it. The STRATO team provided architectural context and assumptions. Consensys Diligence engineers guided the agent during scans, reducing false positives and steering deeper analysis into high-impact subsystems.
Multiple review cycles have been completed since ETHDenver. The workflow follows an iterative loop: unguided scans establish a baseline, both teams triage early findings together, the STRATO team provides architectural context, Consensys Diligence engineers refine the agent and develop new scanning strategies, and the agent rescans with improved accuracy.
Between early and later reports, the improvement is visible. Initial scans produced some findings based on incomplete VM assumptions when analyzing contracts in isolation. As the teams fed insights from each scan into the next, the agent built a more coherent model of the full system. Cross-repository context improved both accuracy and depth.
The Goal: Continuous Auditing
Both teams are working toward a model where Chonky scans STRATO's codebase on an ongoing basis. Each pass would build on the last, giving the agent a persistent, deepening understanding of the platform's architecture, patterns, and history. The STRATO team could evaluate the security impact of new code as it ships, catch regressions, and maintain a security posture that moves with the code.
"STRATO's ambition, building a custom smart contract VM alongside a full DeFi stack, made it the ideal launch partner," says George Kobakhidze, Senior Partner at Consensys Diligence. "The scale and complexity of their codebase created the perfect environment to test an AI agent designed to deliver both breadth and depth of coverage. This engagement shows where AI-powered security is going: amplifying expert-driven analysis at scale."
According to BlockApps Founder, Victor Wong: "We built STRATO’s blockchain core in Haskell because we wanted security guarantees baked into the language itself. But, given the rash or recent DeFi hacks, we also wanted to upgrade our audit cycle. Working with Consensys Diligence and Chonky gives us a way to keep our security posture matched to the pace of our development, and the early results are already promising."
About BlockApps & STRATO
BlockApps is the creator of STRATO, an enterprise-grade blockchain platform built on Ethereum technology and in continuous development since 2014. BlockApps collaborated with Microsoft to launch Blockchain-as-a-Service on Azure at DEVCON1 in 2015 and was a founding member of the Enterprise Ethereum Alliance. STRATO powers production deployments across supply chain, energy, and asset tokenization.
About Consensys Diligence
Consensys Diligence is a smart contract security firm that has audited Ethereum infrastructure since 2017. The team combines manual expert review, formal verification, and AI-powered continuous auditing, backed by open-source tooling adopted across the industry.
