AI security detection has a credibility issue. Most AI security tools pattern-match and output a judgement. AI tools, researchers, and scanners can produce convincing findings. However, auditors, security firms, and bounty judges still have to spend hours determining whether those findings are actually exploitable.

That is now the bottleneck.

Most tools stop at the same place: they read the code, reason about it, and output a verdict. That verdict might be right. But it's still a claim about what might happen — not evidence of what does. The burden of proving the claim falls on whoever receives the finding.

Azimuth Validation was built to remove that burden entirely.

Try Validation

Azimuth Validation diagram showing smart contract exploit execution — forked mainnet state before and after attack, with 20 of 22 EVMBench exploits reproduced at 91% execution success rate

Meet Our Adversarial Execution Platform.

Azimuth Validation takes each finding from the detection phase and treats it as a hypothesis to be tested, not a verdict to be reported.

It doesn’t ask whether a vulnerability might be exploitable. It tries to exploit it.

Submit any finding. Azimuth reconstructs the attack, forks the relevant mainnet state, and attempts to execute the exploit inside a high-fidelity simulation environment. The vulnerability is either reproduced or refuted.

For every finding, the Validation Engine:

  • Builds the complete exploit path: not a summary of the vulnerability, a reconstruction of the exact steps required to exploit it.
  • Executes the required transaction sequence: the attack is run in a forked mainnet environment, under the same conditions an attacker would be operating in.
  • Tracks contract storage and state changes: what actually changed as a result of execution, not what the model predicted would change.
  • Measures token and balance movements: if funds move, it records exactly where they went and how much.
  • Reproduces the claimed financial impact: if the vulnerability is real, the loss is demonstrated. If it can't be reproduced, the finding doesn't reach you.
  • Generates a full proof of concept: every validated finding includes a shareable PoC that can be re-run, verified, and included in a report independently.

This is not one LLM judging the output of another. It is the proposed exploit being executed against real protocol state.

What You Receive

Every validation result includes a clear record of what was tested and what happened during execution.

For successful validations, this can include:

  • The transactions that succeeded or failed
  • The exact state changes produced
  • The movement of funds
  • The conditions required for exploitation
  • A complete PoC that can be reviewed and reproduced independently

Findings that do not reproduce are returned with a record of the attempted execution and where the proposed attack failed.

The goal is not to replace security judgment. It is to give security teams stronger evidence and remove much of the repetitive work required to produce it.

Who Validation is for

Validation is built for every side of the security process. All are asking the same question: is this actually exploitable?

Solo auditors and security researchers

An independent exploit-validation layer. Run any finding through a high-fidelity, forked mainnet simulation before it reaches your final report. Spend less time disproving false positives, more time on the vulnerabilities that survived execution.

Security firms

Remove hours of manual triage from every engagement. Findings that can't be reproduced under execution don't reach your queue. The ones that do come pre-evidenced — no additional verification work required before they go into a client report.

Bounty judges

Objective, reproducible evidence for every submission. Instead of relying solely on written reasoning, review the exploit execution, inspect the state changes, and determine whether the claimed impact can actually be reproduced. "Here is the exploit, the transaction, and the resulting loss" is more useful than "we rated this medium severity."

Protocol teams

You shouldn't need to wait for a full audit cycle to find out whether a reported vulnerability is real. Validation shows what an attacker can actually execute against your protocol — and what they can't. Theoretical risk and demonstrated impact are not the same thing. Validation tells you which is which before you ship. Not severity scores — proof of impact delivered straight to you, without having to spend thousands on an audit before you launch.

Detection vs. Validation

Detection asks:

Where might the protocol break?

Validation asks:

Can the proposed attack actually be executed?

Azimuth brings both stages together, turning potential vulnerabilities into tested, reproducible evidence.

Validation in Action:

To benchmark Validation, we ran it against EVMBench — the smart contract security benchmark developed by OpenAI and Paradigm researchers to evaluate whether AI systems can identify and reproduce real, documented exploits.

Azimuth successfully reproduced 20 of the 22 EVMBench exploits, a 91% execution success rate.

These aren't theoretical vulnerabilities. EVMBench is built on exploits that were executed against live protocols. Reproducing them requires building the correct attack path, executing the right transaction sequence, and demonstrating the resulting impact — the same process Validation runs on every finding submitted through Azimuth.

Validation is now available with any of our Azimuth subscriptions.

Submit a finding. Let Azimuth prove whether it's exploitable: app.testmachine.ai