Loading...
Supporting developers, startups, and full-fledged companies building on Stellar and Soroban
© 2025 Stellar Development Foundation
Subscribe to the Newsletter
By Bevor
Build collaborative AI security copilot enabling iterative vulnerability analysis teams can refine together to secure Stellar contracts.
Static tools and one-shot audits only get you so far. Imagine you could collaborate with an AI assistant to optimize your security workflow. One that produces analyses that you can iterate on, improve, and collaborate with team members on. That's what we're building.
AI Approach, Limitations & Human-Centered Design
Bevor is designed as a human augmentation tool, not a replacement for security professionals.
We place human judgment at the center of every decision:
Developers review and validate findings in their IDE
Professional auditors triage AI reports and make final security determinations
Security teams coordinate responses to mainnet alerts
Bevor's role: Exhaustive pattern matching and 24/7 monitoring
Human role: Context, business logic, and final accountability
Our goal is to accelerate auditors and developers, not replace them. Professional auditors face limited time windows (2-6 weeks per engagement) while attackers have unlimited time. Bevor extends defender coverage by pre-scanning code to reduce audit time by 50%, providing real-time feedback during development, and monitoring mainnet continuously post-deployment.
The system improves through continuous feedback loops at every level: developers dismissing false positives in the IDE, auditors validating findings in the dashboard, and real-world contract behavior on mainnet.
We are transparent about AI limitations:
Cannot replace professional audits for high-value protocols
False positives occur (target below 15% for high severity)
Novel attack patterns may be missed (false negatives)
AI-generated suggestions require human validation
May not understand intentional design trade-offs
Our mitigations:
Confidence scoring from experts (0-100%) on every finding, both explicit and implicit from expert use (auditing in IDE for example).
Enhance professional audits required significant complex protocols
Clear product labeling as supplementary to human expertise
Final security responsibility always rests with developers and auditors. Bevor makes security teams more effective by addressing bandwidth constraints while maintaining human oversight at every critical decision point.
Products
MCP Server
AI-powered security analysis integrated directly into Cursor, Windsurf, Claude Code and more development workflows. Provides real-time vulnerability detection as developers write Soroban Rust smart contracts, enabling auditors and developers to catch security issues during the coding process rather than post-deployment. This accelerates secure development cycles and reduces the cost of fixing vulnerabilities.
Automated security scanning integrated into GitHub Actions and more. Analyzes Soroban contracts on every pull request and merge, passively securing Rust contracts throughout the DevOps workflow without manual intervention. Blocks deployments of vulnerable code and provides actionable security feedback before contracts reach production on Stellar.
Collaborative audit workspace enabling security firms and development teams to coordinate on Soroban contract reviews. Teams can collectively identify vulnerabilities, track remediation progress, and converge on optimally secure solutions. Provides unified visibility into security across multiple Stellar protocols and facilitates knowledge sharing between auditors + developers.
Public-facing API enabling the Stellar community to build custom security integrations and autonomous security agents for Soroban contracts. Serves as the foundation for chain-scale monitoring infrastructure, allowing continuous scanning of deployed contracts on Stellar mainnet. Empowers developers to create specialized security tools tailored to their protocol's needs while contributing to ecosystem-wide security improvements. Additionally serves as the basis for Bevor's chain scale monitoring solution to deliver vulerabilities to stellar protocol teams privately and free of charge (no bug bounty farming).
Bevor complements existing Soroban security tools by integrating them directly into the developer's IDE, making security analysis more accessible and comprehensive. It can orchestrate CLI tools like Scout while providing an enhanced, automated experience.
Bevor is also the only that will actively scan across the entirety of Stellar for vulnerabilities in deployed contracts and report vulnerabilities to teams for free.
Scout: Static analysis tool for detecting common security issues and best practice deviations in Soroban smart contracts.
Almanax: AI-powered audit scanner for vulnerability detection in Soroban contracts.
Sunbeam: Formal verification tool for Soroban smart contracts.
Komet: Combines formal verification and fuzz testing for Soroban contracts.
With hundreds of millions of dollars exploited across blockchain ecosystems in recent months alone, there has never been a more critical time to enable the use of many quality security tools that work together cohesively to prevent vulnerabilities before deployment on Stellar.
The greater the optionality and robustness of the security tooling ecosystem, the faster and more safely adoption can happen for building on Stellar, empowering developers with confidence while protecting users and their assets.
Yes
$102.0K
50+ Soroban smart contracts audited
3 enterprise pilots completed (Trail of Bits, Hacken, Halborn)
15+ active Stellar developers on platform
$50M+ total value protected across Soroban contracts
Developer Security: Enable vulnerability identification before deployment
Ecosystem Leadership: Establish Stellar as a leading ecosystem with native and accessible AI-powered security infrastructure
Audit Efficiency: Reduce manual review time by 60% through automated analysis
Enterprise Integration: Successfully integrate into Stellar auditing firms workflows and large development team's security process
Chain Scale Security: Privately deliver free security vulnerability notices in an automated manner to teams deployed on stellar.
Pilots successful including case-studies with Stellar tooling integration
Track critical findings from Stellar teams and auditors using Bevor
Bevor API compatibility with latest Soroban releases
Track false-positive rate to target below 15% for high-severity vulnerabilities
Announcements on Stellar Discord (#dev, #soroban channels) and technical blog post
Demo video showcasing Soroban vulnerability detection
Conduct Trail of Bits, Hacken, Halborn pilots if not started already
Offer pilots and integrations to affiliated Stellar auditing firms and development teams
Provide free API usage to Stellar developers and agent builders
Active Stellar Discord presence (#dev, #soroban, #security)
Comprehensive integration documentation
48-hour SLA for security-critical issues
Monthly release notes and updates
Quarterly pilot program progress updates
Published case studies of vulnerabilities discovered
MIT Media Lab speaking engagements promoting Stellar in secure agentic infrastructure (example talk at MIT NANDA Event)
Monthly developer showcases and security webinars
Active participation in Stellar community events and Meridian conference
Comms on security best practices to stellar builder community
Since our founding, we've built significant momentum across product adoption, revenue generation, and strategic partnerships:
Daily Active Users: 20
Monthly Active Users: 167
Total Audit Requests: 5,750
Total Value Protected: $10M+
Revenue Generated: $120k+
Funding Raised: $217k in our pre-seed round so far
We've established pilot programs with leading security firms in the blockchain space:
Trail of Bits: Active pilot with their internal auditing team. Trail of Bits has extensively audited projects in the Stellar ecosystem, and we're positioning our Stellar tooling for inclusion in their upcoming pilot phases.
Halborn: Pilot program underway with their security team. Also active in auditing top Stellar protocols such as Normal AMM.
Hacken: Active pilot engagement and referral partnership already on-paper. Hacken has deep experience auditing Rust projects and represents a key channel for introducing our Stellar-specific capabilities to their client base.
zkCross: Official partnership and plans to audit their smart contract suite (alongside Halborn audit). Will publish a case study on our performance analyzing their complex infrastructure that's deeply integrated with the Stellar ecosystem.
We've already conducted numerous complex Rust audits privately, securing over $5M in assets through these engagements alone. Our alpha-stage tooling has successfully identified major vulnerabilities that could have resulted in complete protocol drainage, demonstrating both the critical need for our solution and our technical capability to deliver meaningful security outcomes.
We're partnered with MIT Media Lab through their NANDA (Network for AI and Decentralized Applications) Internet of Agents project. We've presented on stage about crypto's role in agentic payment rails and coordination alongside Google's A2A team, Anthropic's MCP team and Dell's CTO. Through this partnership, we'll actively work to bring Stellar into this cutting-edge initiative at the intersection of AI agents and decentralized infrastructure.
Description: Deploy hosted Soroban SDK environment in microservice with Rust toolchain (stable), soroban-sdk v23.2.1, and wasm32v1-none compilation target. Integrate with existing Bevor microservices architecture to support the complete Soroban contract lifecycle, from development through deployment and invocation. The infrastructure will handle contract compilation with Soroban's Rust dialect (including contract macros, custom types, and environment interactions), WASM optimization, and interface extraction for contract analysis and testing.
Technical Implementation Details:
Detect Soroban Specific vulnerability classes
set-contract-storage
avoid-core-mem-forget
avoid-panic-error
avoid-unsafe-block
soroban-version
storage-change-events
token-interface-events
token-interface-inference
unnecessary-admin-parameter
unprotected-mapping-operation
unprotected-update-current-contract-wasm
unrestricted-transfer-from
unsafe-expect
unsafe-map-get
unsafe-unwrap
unused-return-enum
vec-could-be-mapping
... (+ others)
Soroban-Specific Rust Environment: Configure toolchain to support Soroban's contract dialect including #[contract], #[contractimpl], #[contracttype], and #[contracterror] macros
Contract Lifecycle Support:
Write phase: Rust source compilation with soroban-sdk dependencies
Build phase: WASM binary generation with optimization (wasm-opt integration)
Install phase: Contract code installation preparation and validation
Deploy phase: Contract instance deployment simulation and interface generation
Invoke phase: Function invocation testing framework
Environment Integration: XDR serialization/deserialization for Stellar types, Soroban host environment simulation for contract analysis
Security & Validation: Resource metering simulation, authorization pattern detection, and storage pattern analysis
Completion Criteria:
Soroban SDK microservice operational and connected to Worker Service
Successfully compiles and analyzes sample Soroban contracts using contract-specific macros and types
API endpoints functional for Soroban mainnet contract submissions by developers
Contract interface (functions, custom types, errors) extracted and returned via API
WASM optimization pipeline operational with configurable optimization levels
Estimated Completion: February 2026
Budget: $20,000
Description: Implement foundational static analysis capabilities for Soroban Rust contracts, including contract lifecycle validation (build, test, deploy, invoke) and basic security pattern detection specific to Soroban's Rust dialect.
Completion Criteria:
Framework to detect Soroban vulnerability patterns from OWASP and others such as:
Access Control Vulnerabilities
Price Oracle Manipulation
Logic Errors
Lack of Input Validation
Unchecked External Calls
Flash Loan Attacks
Integer Overflow and Underflow
Insecure Randomness
Generate structured security reports and enable collaboration on improving reports in dashboard
Estimated Completion: March 2026
Budget: $15,000
Description: Demonstrate end-to-end integration with one production Stellar application, demonstrating full audit workflow from contract submission through vulnerability detection and reporting.
Completion Criteria:
One Stellar protocol fully integrated
Complete audit report generated
Developer feedback collected and documented
Estimated Completion: March 2026
Budget: $7,000
Description: Benchmark comprehensive threat detection mapped to OWASP Smart Contract Top 10 (besides reentrancy given Soroban is designed to not allow this pattern) + more, adapted for Soroban's Rust-based contract architecture. Benchmark all specific, documented vulnerability patterns.
Completion Criteria:
Detection rules implemented for all 10 OWASP categories + more
Benchmarking suite created with known vulnerable contracts
Detection efficacy report published showing coverage rates
Estimated Completion: April 2026
Description: Implement advanced filtering and machine learning-based denoising to achieve false-positive rate below 15% for high-severity findings. Benchmark against known vulnerability datasets.
Completion Criteria:
False-positive rate <15% on high-severity findings
Automated severity classification system operational
Comparative benchmarking report published
Estimated Completion: April 2026
Description: Begin hand off full Bevor tool suite to Trail of Bits, Hacken, and Halborn pilot programs. Collect feedback from auditors and developers, iterating on collaborative security workflow features.
Completion Criteria:
3 enterprise pilots active with integrated tooling
Documented feedback from each pilot partner
Feature improvements implemented based on pilot feedback
Application submitted to additional auditing teams via Stellar LaunchKit
Estimated Completion: May 2026 (Could be done at the end, we will launch this when the tooling is hardened enough for their use-case)
Description: Execute fully-integrated production trial with one Stellar protocol, providing comprehensive security monitoring and continuous audit capabilities throughout their development lifecycle.
Completion Criteria:
One large Stellar protocol integrated in production
Case study published (subject to protocol approval)
Demonstrated value protected and vulnerabilities detected
Estimated Completion: May 2026
Budget: $6,000
Description: Build and deploy network-wide monitoring infrastructure for Stellar mainnet, continuously scanning deployed Soroban contracts for security issues and providing private security alerts to protocol teams.
Completion Criteria:
Monitoring infrastructure operational on Stellar mainnet
Real-time contract deployment tracking
Automated security alerting system
Private feedback delivered to at least 10 Stellar protocols (For free)
Estimated Completion: June 2026
Budget: $20,000
Blake Hatch | CEO & Co-Founder:
I earned my Computer Science degree from Northeastern University and have always been fascinated by low-level systems engineering. I founded Viridian Exchange, a venture-backed RWA marketplace for which I personally built all smart contracts, before advancing to lead Web3 initiatives at a Fortune 100-backed venture studio. My technical expertise expanded working on remote execution and caching infrastructure for the Bazel monorepo build system, where I honed my systems engineering skills in Rust and became a contributor to Google's open-source Bazel codebase. Most recently, I built out a Kubernetes cluster alongside an L6 engineer from Apple, successfully landing a deal with Samsung for the technology that dramatically reduced their CI/CD times from 3 days to just 1-2 hours.
https://www.linkedin.com/in/blake-hatch-180b9415a/
Peter Simone | CTO & Co-Founder:
I began my career in biomedical engineering, focusing on genomics and predictive modeling for cancer diagnostics. I then went on to get my M.S. in Data Science from NYU. I worked as a Data Scientist in industry in fintech, insurance, and then led the AI initiatives at a F100 backed venture studio. Since then, I've been more solely focused on SWE. I've been proud of building out money movement flows in fintech startups that helped facilitate over $20M in asset transfers. All of this has given me a strong background in product, data, and software development.
Blake Hatch
No other submissions.