Table of Contents
Fetching ...

Zer0n: An AI-Assisted Vulnerability Discovery and Blockchain-Backed Integrity Framework

Harshil Parmar, Pushti Vyas, Prayers Khristi, Priyank Panchal

TL;DR

Zer0n tackles the trust gap in AI-driven vulnerability discovery by binding LLM-based reasoning to an immutable blockchain ledger. It combines Gemini 2.0 Pro for vulnerability reasoning with an Avalanche C-Chain based integrity layer that records cryptographic hashes $h = H(R)$ of analyses, enabling verifiable audit trails while keeping computation off-chain for speed. Empirical results on 500 endpoints show a precision of $78\%$, recall of $82\%$, and an F1 of $80\%$, with an overhead of $22.9\%$, indicating practical feasibility for security workflows. Overall, Zer0n demonstrates that a hybrid architecture can provide both rapid vulnerability analysis and mathematically verifiable provenance, paving the way for trustable AI-assisted cybersecurity research.

Abstract

As vulnerability research increasingly adopts generative AI, a critical reliance on opaque model outputs has emerged, creating a "trust gap" in security automation. We address this by introducing Zer0n, a framework that anchors the reasoning capabilities of Large Language Models (LLMs) to the immutable audit trails of blockchain technology. Specifically, we integrate Gemini 2.0 Pro for logic-based vulnerability detection with the Avalanche C-Chain for tamper-evident artifact logging. Unlike fully decentralized solutions that suffer from high latency, Zer0n employs a hybrid architecture: execution remains off-chain for performance, while integrity proofs are finalized on-chain. Our evaluation on a dataset of 500 endpoints reveals that this approach achieves 80% detection accuracy with only a marginal 22.9% overhead, effectively demonstrating that decentralized integrity can coexist with high-speed security workflows.

Zer0n: An AI-Assisted Vulnerability Discovery and Blockchain-Backed Integrity Framework

TL;DR

Zer0n tackles the trust gap in AI-driven vulnerability discovery by binding LLM-based reasoning to an immutable blockchain ledger. It combines Gemini 2.0 Pro for vulnerability reasoning with an Avalanche C-Chain based integrity layer that records cryptographic hashes of analyses, enabling verifiable audit trails while keeping computation off-chain for speed. Empirical results on 500 endpoints show a precision of , recall of , and an F1 of , with an overhead of , indicating practical feasibility for security workflows. Overall, Zer0n demonstrates that a hybrid architecture can provide both rapid vulnerability analysis and mathematically verifiable provenance, paving the way for trustable AI-assisted cybersecurity research.

Abstract

As vulnerability research increasingly adopts generative AI, a critical reliance on opaque model outputs has emerged, creating a "trust gap" in security automation. We address this by introducing Zer0n, a framework that anchors the reasoning capabilities of Large Language Models (LLMs) to the immutable audit trails of blockchain technology. Specifically, we integrate Gemini 2.0 Pro for logic-based vulnerability detection with the Avalanche C-Chain for tamper-evident artifact logging. Unlike fully decentralized solutions that suffer from high latency, Zer0n employs a hybrid architecture: execution remains off-chain for performance, while integrity proofs are finalized on-chain. Our evaluation on a dataset of 500 endpoints reveals that this approach achieves 80% detection accuracy with only a marginal 22.9% overhead, effectively demonstrating that decentralized integrity can coexist with high-speed security workflows.
Paper Structure (23 sections, 1 equation, 3 figures, 7 tables, 1 algorithm)

This paper contains 23 sections, 1 equation, 3 figures, 7 tables, 1 algorithm.

Figures (3)

  • Figure 1: Zer0n system architecture illustrating trust boundaries, adversarial environment, and blockchain-backed integrity logging.
  • Figure 2: Verification flow in Zer0n. A vulnerability report is hashed and recorded on the blockchain. Any post-analysis modification results in a hash mismatch during verification, enabling tamper detection.
  • Figure 3: Sequence Diagram illustrating the interaction flow associated with a vulnerability scan. Time flows downwards. The Node.js backend acts as a bridge, preserving the asynchrony of the analysis while ensuring atomic logging on the Avalanche blockchain.