January 23, 2026
featured post

Introducing Sherlock AI V2.2

Sherlock AI v2.2: Solana Support and Specialist Architecture

Today, we’re rolling out Sherlock AI v2.2 with Solana Rust support and a redesigned analysis architecture built around coordinated specialists rather than a single generalist process.

Solana Rust Support (Beta)

Sherlock AI can now analyze Solana Rust programs. This expands coverage beyond EVM-only workflows and brings Sherlock AI into the Solana ecosystem.

As Solana adoption grows, security tooling needs to cover non-EVM execution environments with the same level of rigor teams expect elsewhere. v2.2 is our first step in that direction.

Planning and Specialists

The core architectural change in v2.2 is how code analysis is performed.

Sherlock AI now uses domain-specific analysis workflows, called specialists, coordinated by a planner. The planner analyzes the codebase, determines which risk surfaces are present, routes scopes to the relevant specialists, compares their findings, and coordinates follow-up passes when signals overlap or conflict.

Instead of one generalist agent checking everything at once, each specialist focuses deeply on a specific class of vulnerabilities:

  • Economic Logic specialists trace value flows and invariants
  • Math & Crypto specialists focus on signature verification and cryptographic safety
  • State Transition specialists examine state changes and value conservation

We’ve deployed seven specialists covering the full methodology: Math & Crypto, DeFi Economics, Code Correctness, MEV Detection, State Transition Safety, External Integration, and Access Control.

This structure allows the system to reason more thoroughly about each risk surface and reduces noise caused by applying every checklist to every function. The result is deeper analysis where it matters, without spreading attention thin.

Improved Contextual Awareness

Beyond the specialist architecture, Sherlock AI now incorporates repository context and documentation to better infer protocol intent and trust assumptions.

This helps the system understand what the code is meant to do, not just what it does syntactically. In practice, this reduces false positives and increases the number of valid, actionable findings.

Coming Soon: v2.3

Next up, we expect to ship stronger assumption controls so teams can correct assumptions and steer analysis directly.

We’re also building execution-context reviews that include external dependency context when protocols integrate with infrastructure like Aave, Uniswap, and similar systems. The goal is to reason about the full execution environment, not just isolated code.

Sherlock AI v2.2 is live now for all active customers.

Questions or feedback? Reach out.

Want to read more?

When Audits Go Head-to-Head: How Case Studies Reveal the Most Effective Methodology

When it comes to the blockchain, securing trust requires bulletproof auditing. But how can teams determine which provider delivers truly rigorous security reviews?

Sep 18, 2025

What is Formal Verification?

What is Formal Verification, and What Role Does It Play in Smart Contract Auditing? This post details the methodology, tools, and practical application of Formal Verification in a smart contract audit.

Sherlock Academy
Jan 23, 2026

Vulnerability Analysis: Numa Price Manipulation (August 2025)

On August 10th, 2025, Numa was exploited through a price manipulation in its synthetic minting logic. Our postmortem explains how the attack unfolded, the technical root cause, and lessons for builders.

Sherlock Academy
Jan 23, 2026

Secure Your Protocol with sherlock

Sherlock delivers complete lifecycle security, from early development to protection on live code. Tell us what stage you’re in and we’ll help you from there.
Contact Our Team

Products

Collaborative Audits

Audit Contests

Bug Bounties

Sherlock AI

Sherlock Shield

Live Security

Leaderboards

App

Live Audits

Live Bug Bounties

Resources

Blog

Docs

Brand Kit

Sherlock secures Web3 protocols across development, launch, and live operation through a unified lifecycle security model.

Sherlock’s services do not constitute a guarantee against all security incidents or losses. Responsibility for protocol operation and risk management remains with the protocol team.

Follow Us On

Copyright © Sherlock Protocol 2026. All Rights Reserved.