An AI security tool has identified a critical bug within the XRP Ledger's proposed Batch amendment. This vulnerability, if exploited, could have allowed attackers to drain funds from user accounts without access to private keys. The flaw was discovered during the amendment's voting phase, prior to activation on the mainnet, thus preventing any actual loss of funds.
The bug resided in the signature validation logic of the Batch amendment, which bundles multiple transactions. A loop error in the validation function could trick the system into approving a batch if a new, attacker-controlled account was the first signer, bypassing the verification of subsequent transactions, including a payment from a victim's account.
An autonomous AI security tool, Apex, developed by Pranamya Keshkamat and Cantina AI, flagged the issue through static code analysis. Ripple's engineering team confirmed the exploit path. In response, validators were instructed to vote against the amendment, and an emergency release marked both the Batch and fixBatchInnerSigs amendments as unsupported. XRPL Labs plans to integrate AI-assisted code audits into its standard review processes.