AI-powered bug hunter spots signature validation issue that could have exposed billions in XRP to risk.
The XRP Ledger Foundation has confirmed it successfully patched a critical vulnerability discovered in a not-yet-activated amendment to Ripple’s XRP Ledger, preventing what could have become one of the largest exploits in crypto history.
We released a full report on the Batch amendment issue from last week.
The bug revolved around the signature validation logic of the Batch amendment.
It was caught before the amendment was activated by the autonomous AI agent Apex at @cantinaxyz.
Thank you to all validators… pic.twitter.com/bDENk49WZS
— XRP Ledger Foundation (Official) (@XRPLF) February 26, 2026
The flaw was identified on February 19 by security engineer Pranamya Keshkamat at Cantina, alongside the firm’s autonomous AI security bot. According to the foundation, the issue stemmed from a “critical logic flaw” within the signature-validation component of the amendment’s code batch.
If activated and exploited, the vulnerability could have allowed attackers to execute transactions from victim accounts, including draining funds without access to private keys. However, the amendment was still in its voting phase and had not gone live on the mainnet. “No funds were at risk,” the foundation emphasized.
Potential ecosystem fallout averted
Beyond direct theft, the flaw posed broader systemic risks. The foundation warned that a large-scale exploit could have destabilized the network and severely undermined trust in XRPL’s infrastructure.
Hari Mulackal, CEO of Cantina and Spearbit, said the company’s autonomous bug-hunting tool, Apex, uncovered the issue through static analysis of the rippled codebase. He noted that, had the exploit been triggered, it might have represented the largest hack by dollar value, potentially putting nearly $80 billion at risk, likely referencing the market capitalization of XRP.
To mitigate the threat, validators were urged to vote against the amendment. An emergency update, rippled version 3.1.1, was released on Feb. 23 to prevent the amendment from being activated.
Rise of AI in cybersecurity
The incident underscores the growing role of AI-driven tools in cybersecurity. Recent research introduces SCONE-bench, a benchmark set of 405 real-world smart contracts exploited between 2020 and 2025, evaluating AI agents’ capabilities to discover and exploit vulnerabilities.
Just days after the XRPL discovery, AI firm Anthropic launched Claude Code Security, a vulnerability scanner it claims can reason like a seasoned security researcher, a move that recently weighed on shares of public cybersecurity firms.
Enjoyed this piece? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads and CoinMarketCap Community for seamless access to high-quality industry insights.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
