On May 11, 2026, OpenZeppelin announced the Continuous Security Program, a subscription-based model designed to address the limitations of traditional point-in-time audits for rapidly evolving onchain systems. The program recognizes that most recent major hacks stem from off-chain attacks—operational failures, key management lapses, and code shipped between audits—rather than missed smart contract bugs. It provides always-on coverage across the entire lifecycle: architecture validation before code is written, secure build foundations using OpenZeppelin's libraries, continuous vulnerability detection via AI-augmented analysis, and ongoing support post-deployment. Central to the program is OpenZeppelin AI Auditor, an AI-native tool built by the team behind 900+ audits and $250 billion secured onchain, enabling repository-level reasoning and continuous scanning. Senior security researchers lead each engagement, combining human expertise with AI scalability. The program targets gaps left by periodic audits, which miss code changes, upgrades, and configuration issues that accumulate between engagements. It is already backed by OpenZeppelin's decade of experience, including contracts used by top stablecoins and institutional clients like Aave, Uniswap, and Fidelity Digital Assets.

Key facts

• Continuous Security Program is subscription-based, closing gaps left by point-in-time audits.
• Covers architecture, build, secure, and support phases of the full lifecycle.
• Uses AI Auditor for repository-level reasoning, trained on a decade of audit data.
• Senior researchers lead engagements, combining human expertise with AI scalability.
• Addresses off-chain risks like key management and operational failures.
• Backed by 900+ audits, $35 trillion transferred via OpenZeppelin Contracts.

KeyAudit data perspective