On-chain programs: Solidity, VMs, design patterns, upgradeability, and verification.
An agent hits an API, gets HTTP 402, signs a stablecoin authorization, and a facilitator settles it on-chain for a fraction of a cent. We trace one real payment on Base down to the gas — and where the trust actually sits.
An agent holding your raw key is one prompt injection from total loss — and 97% of early EIP-7702 delegations went to drainer sweepers. We read the sweeper's source off the chain, dissect a real 35.97-USDC-a-day spend permission on Base, and do the blast-radius math.
Story raised $140M to make IP programmable for the AI era. We read its chain: 6.46M registered IP assets, 230,300 licenses ever minted, one week of royalties totaling $10 — plus the LAP/LRP royalty math and the precompile at 0x0101 that computes the graph.
We ran multi-agent LLM pipelines against historical exploit corpora and live audit engagements. The results reshape where AI fits in a security review — and where it absolutely doesn't.