Stellar Community Fund

By Almanax

Almanax - AI Security Agents

SCF #32

$95.0K

Build

Awarded

Almanax is building AI agents designed to fix vulnerabilities in blockchain applications and smart contracts before they are deployed on Stellar.

Products & Services

Almanax will deliver a fully operational "AI security engineer" that integrates into CI/CD pipelines and code repositories. This tool will support analysis, security scanning, and remediation of vulnerabilities for any code deployed on-chain or interacting with the Stellar/Soroban network. It will be free to use up to a certain rate limit.

Additionally, Almanax will integrate Stellar/Soroban data into its Web3 Security Atlas, an open-source repository of security resources and labeled vulnerable code that can be used by developers to evaluate the performance of AI and static analysis tools, as well as to build more secure applications.

Soroban

Yes

Requested Budget

$95.0K

Success Criteria

Most of the security in web3 today is outsourced to 3rd party vendors, leaving a big gap for internal security tools. We’re filling that gap. We want to significantly reduce the costs of security from hundreds of thousands of dollars required today, allowing every developer to have bank-grade security.

At the same time, we'll shorten the wait times for security reviews from months to seconds, facilitating faster development and deployment of projects.

Go-To-Market Plan

We'll have a self-service tool that developers can sign up for and use instantly. Security scans will be free, up to a certain limit. This will allow us to penetrate organizations before we approach them to close an enterprise SaaS deal. We'll also proactively scan code that is already deployed onchain and flag vulnerabilities to the team behind them. This will allow us to also win bug bounties.

Traction Evidence

- We raised 2 rounds of VC investments (single digit millions, the 2nd one not publicly announced yet)

- Got revenues pre-launch

- Built first version of the product

- Achieved state-of-the-art (SOTA) performance on vulnerability detection with our AI model: https://www.almanax.ai/post/almx-1-achieves-sota-performance-in-web3-vulnerability-detection

- Currently running a closed beta with some of the best security researchers and blockchain engineers in the world

Tranche 1 (Deliverable Roadmap) - MVP

Deliverable 1: Web3 Security Atlas (Data Collection & AI Model Training)

Brief description:

Collect and curate an open-source dataset, including Stellar/Soroban-specific developer documentation, code repositories, audit reports, and various on-chain interaction data.
This dataset will be used to fine-tune our agentic AI model for comprehensive analysis of all blockchain-related code.
We will also be releasing an evaluation benchmark dataset on Hugging Face.

How to measure completion: A robust dataset and a fine-tuned AI model capable of analyzing and securing any Soroban-related code with high accuracy.

Estimated date of completion: January 2024

Budget: $25k

Deliverable 2: V1 Development

Brief description:

Develop a web app that can analyze any input code with detailed reporting on vulnerabilities, customizable alerts, and enhanced repository integrations.

How to measure completion: Web app can successfully analyze Github repositories of Soroban projects.

Estimated date of completion: February 2024

Budget: $25k

Deliverable 3: CLI Tool & CI/CD Integration

Brief description:

Develop a Command-Line Interface (CLI) tool that integrates with popular CI/CD pipelines and code repositories (e.g., GitHub, GitLab).
This tool will enable developers to automatically analyze their code for vulnerabilities and issues during the development process.

How to measure completion: Functional CLI tool integrated with CI/CD pipelines, enabling automated code analysis

Estimated date of completion: February/March 2024

Budget: $20k

Tranche 2 (Deliverable Roadmap) - Testnet

Deliverable 4: Beta Launch – Product Deployment & Initial Integrations

Brief description:

Launch a beta version of the product, allowing select Soroban developers to integrate the CLI into their workflows.
Conduct initial integrations with major code repositories and CI/CD platforms, and gather feedback to validate functionality and performance.

How to measure completion: Soroban developers are using the product

Estimated date of completion: March 2024

Budget: 0

Tranche 3 (Deliverable Roadmap) - Mainnet

Deliverable 5: Product Launch – Advanced Integrations & Continuous Monitoring

Brief description:

Public launch
Introduce advanced integrations with platforms like GitHub Actions and GitLab CI, enabling real-time vulnerability monitoring and automated PR creation/remediation suggestions.
Enhance the AI system to support automated and continuous monitoring of deployed code.

How to measure completion: Public announcement on social media

Estimated date of completion: April/May 2024

Budget: $25k