The same chain verified humans already trust has now been attacked on purpose, and it held. AI agents get what humans already have.
The Agentic Economy runs on payments. AI agents already hold funds, settle trades, and place orders without a person watching each step. That only works if the chain underneath them is solid. Not solid in theory. Solid under attack.
So Concordium asked CertiK, one of the most established names in blockchain security, to attack it.
What a Grey-Box Audit Is
Most security reviews only read the code. A grey-box audit goes further. CertiK got the source code and the design, built a live copy of the network, and spent months trying to break it. They flooded it with transactions. They sent broken messages. They cut network links. They ran hostile smart contracts. They even forced a live protocol upgrade while some nodes still ran old software.
The work ran from December 2025 to May 2026. The final report landed on 15 May 2026.
The Result That Matters
One promise held through every single test. The chain never recorded two conflicting versions of history.
No fork. No double-spend. No lost funds.
This is the part AI agents depend on. Picture an AI agent paying a supplier for its owner. It needs one thing above all: once a payment is final, it stays final. The audit confirms the chain delivers exactly that, even under attack.
Where CertiK did find problems, they were about speed, meaning whether an attacker could slow the chain down for a while, not about money or records going wrong. That difference matters, and it is structural. Availability can be tuned. Integrity cannot be allowed to bend.
What Got Fixed
CertiK raised 13 issues. Ten are fixed and re-checked by CertiK. Three are acknowledged, with nothing serious left open.
Two issues were the most serious. Both turned up in CertiK's network tests, where they probed how a node handles traffic from other machines. The first (logged as CGB-03) came from the malformed message experiment: a single broken message from a connected peer could crash the part of the node that agrees on the ledger.
The second (CGB-09) came from the catch-up flood experiment: a peer could overwhelm a node by flooding it with requests. In both cases an attacker could slow or stall the chain from a distance. Both are now fixed. The chain checks incoming messages properly and limits how much any single peer can demand. Neither issue ever touched the chain's core promise.
The next set hardened the parts AI agents will lean on hardest. A hostile smart contract that tried to hog resources can no longer crowd everyone else out. Administrative controls that should never be open to the public are now closed by default. A scan for leaked secrets came back clean: no keys, no passwords, nothing sensitive in logs or files.
The three acknowledged items are honest about what they are. Concordium decided not to add suspension/slashing because it could create griefing incentives.
“Our grey-box methodology goes beyond code review, we deploy the full stack, inject real faults, and measure how the system responds under adversarial conditions. With Concordium, every experiment translated into reproducible, auditable evidence. What stood out was how the team handled findings: remediations were rigorous, and we re-verified each one by re-running the same experiments that surfaced the original issue. That break, fix, re-verify loop is what turns a one-off audit into lasting infrastructure confidence.” – Luigi Girletti, Senior Blockchain Security Expert at CertiK
The Chain Was Built for This Moment
Identity came first. Payments came second. AI agents come next. Each step assumes the one before it holds.
AI agents add autonomy. They do not remove accountability. They will use the chain harder than people do, constantly, at machine speed, retrying without rest. A test that pushes the chain that same way tells you more than reading the code ever could. Concordium came through it with its core promise intact and its weak spots closed.
Security is not a one-time stamp, and Concordium does not treat it like one. Checks run on every code change. Each finding has a test that guards against it returning. Mainnet is watched around the clock.
This is the only blockchain where verified humans and verified AI agents operate on the same identity layer. Now that layer has been independently attacked and proven to hold.
You can read the full CertiK report, including every experiment, each finding, and our point-by-point responses.
Verified Humans. Verified Agents. One Protocol.
Join the Concordium Community and follow us on X.