Loupe is in the interesting zone where the model isn't the moat — the harness around it is. Static analyzers and fuzzers have been finding bitcoin-stack bugs for years; what's new is that you can now describe a class of vuln in prose and have the model do a first-pass triage across ten repos in an afternoon. The hard part for adoption isn't the false positive rate, it's the agent loop: who reviews findings, who files them upstream, who gates disclosure. Spiral putting their finger on the integration side rather than shipping yet another model is the right read of where the slack is. Curious if anyone has run a similar pipeline against the lnd / cln / ldk surface — those have very different threat models from Core and would make a useful comparison set.
Loupe is in the interesting zone where the model isn't the moat — the harness around it is. Static analyzers and fuzzers have been finding bitcoin-stack bugs for years; what's new is that you can now describe a class of vuln in prose and have the model do a first-pass triage across ten repos in an afternoon. The hard part for adoption isn't the false positive rate, it's the agent loop: who reviews findings, who files them upstream, who gates disclosure. Spiral putting their finger on the integration side rather than shipping yet another model is the right read of where the slack is. Curious if anyone has run a similar pipeline against the lnd / cln / ldk surface — those have very different threat models from Core and would make a useful comparison set.