Improvements to the Arbitrum Audit Program

Non-constitutional

1. Summary

This proposal seeks DAO approval for two operational enhancements to the Arbitrum Audit Program (AAP):

1. Moving from a mandatory Arbitrum exclusivity condition to a flexible alignment framework
2. Introducing a pilot program offering AI-security scans through the AAP
   Ratifying this proposal in an off-chain vote will introduce these enhancements to the AAP immediately.

2. Background & Rationale

The Arbitrum Audit Program was launched in August 2025, establishing a $10m bucket to subsidize security audits for projects building on Arbitrum. The program is managed by the AAP Committee, composed of the Arbitrum Foundation, Offchain Labs, and an independent security expert elected by the DAO. After two operational quarters, the program has demonstrated strong demand, disciplined capital deployment, and measurable improvements in applicant quality from the first quarter to the second. Kindly refer to the program’s transparency reports (transparency report 1; transparency report 2) for topline metrics and performance.

As highlighted in previous transparency reports, the program’s original operational procedures have surfaced two major constraints, which, if addressed, can significantly improve the efficiency of the program. The mandatory Arbitrum exclusivity agreement, irrespective of the maturity of the team or size of the audit subsidy, has been an operational burden. Additionally, the absence of a preparatory or alternative security pathway for teams not yet ready for full-scope audit is a notable gap in the program. These two constraints are discussed in more detail below.

2.1 Revisiting the Exclusivity Requirement

The exclusivity requirement was put in place to ensure ecosystem alignment. These excerpts are from the original proposal:

"Arbitrum exclusivity. Audited code must remain exclusive to Arbitrum for a fixed
period of time."

"All audited code MUST remain exclusive to the Arbitrum ecosystem and this will
be included in the relevant legal agreements. Breaching exclusivity will obligate
the project to repay the full subsidy to the DAO via the Arbitrum Foundation (AF). Non-compliance may lead to legal recourse and/or a proposal to the DAO to ban
the project from all future DAO-funded initiatives."

While sensible in intent, operational experience has shown that the exclusivity requirement in its current form introduces a material amount of friction. It has caused several quality applicants to opt out of the program completely (in many cases at the final stage of discussions), led to extended negotiations, and, in general, slowed approval timelines.

Moreover, the AAP has the potential to further the alignment of mature protocols with the Arbitrum ecosystem, in addition to the support it provides for early-stage teams. For example, there are protocols that are live on other chains and are considering deploying or migrating to Arbitrum, as well as existing multi-chain protocols on Arbitrum that are building a new version, which could be supported through the AAP. The mandatory exclusivity agreement isn’t flexible or competitive enough to cater to these teams.

2.2. Broadening Security Support Beyond Full Audits

A recurring theme across both operational quarters has been readiness gaps among applicants. Quite a few applications exhibit promise in terms of business direction and technical capability but are too early-stage for a traditional full-scope audit. Their codebase is oftentimes not to the program’s standards in terms of documentation/preparedness for an audit.

However, this is a category of builders that if provided with the right early-stage support, could be a valuable asset to the Arbitrum ecosystem long-term. Introducing a new offering so that the program can cater to builders in all stages will further improve its effectiveness. Through a pilot program with AI security tools, we can expand ecosystem coverage more flexibly, improve long term audit readiness of teams building on Arbitrum and uncover the possibilities offered by these new tools.

This proposal seeks DAO approval to amend the AAP to address these limitations.

3. Specification

3.1 Proposed change to the Arbitrum Exclusivity Requirement

We suggest moving on from strict exclusivity to a flexible alignment framework. Under the revised framework, exclusivity will still be preferred but some projects may be exempted from maintaining Arbitrum exclusivity for audited code. This option will be available for applicants that commit to meaningful Arbitrum alignment through one or more of (but not limited to) the following:

• deploying core infrastructure on Arbitrum first
• routing primary liquidity through Arbitrum
• prioritizing Arbitrum for feature launches
• concentrating token incentives/token launches on the Arbitrum ecosystem

The AAP committee is responsible for negotiating the terms with each applicant and making the final decision.

3.2 Introducing a Pilot Program Offering AI Security Scans

Secondly, we propose introducing a pilot program to assess the effectiveness, both technical and with regards to ecosystem impact, of AI security providers.

Many AI security tools have emerged in the past few months and the program has the opportunity to benchmark these tools against traditional audits currently available. Presently, the plan is to offer AI security scans to serve early-stage and teams that are not yet audit ready and to use them to improve readiness before full-scope audits where needed. AI services will not replace professional audits for production deployments requiring full audit coverage but will serve as an indicator for a codebase’s maturity and a need for a traditional audit.

AAP Committee will select the AI tools from among the auditors currently whitelisted, and it may extend invites to external suppliers if evaluated as beneficial. ArbitrumDAO will be updated on the selected AI security providers as soon as the program is ready to start offering it.

No increase to the existing AAP budget is requested.

4. Timeline & Voting Options

We aim to take this proposal to an off-chain vote on 02/04/2026. Voting options will be:

1. FOR (Approve suggested changes)
2. AGAINST (Do not proceed with the changes)
3. ABSTAIN

This proposal will be considered approved if it passes the off-chain vote, i.e., there are more votes “FOR” than “AGAINST”, and the combined number of “FOR” and “ABSTAIN” votes surpasses the non-constitutional quorum (measured at the time the offchain vote is posted).