How Labrys built a free AI smart contract audit tool for Hashlock: from 3-week MVP to 85,000+ users and global brand recognition.
01About Hashlock
Hashlock is a global leading blockchain security firm specializing in in-depth smart contract security audits for Web3 projects across Ethereum, Solana, and beyond. Founded by Fletcher Roberts and Jock Haslam, the company has built a strong reputation for rigorous, expert-led audits that help protocols launch with confidence.
As AI began reshaping the technology landscape, Hashlock saw an opportunity: not to replace their human-led audit process, but to extend its reach. The idea: build a free, AI-powered smart contract auditing tool that any Web3 developer could access instantly, lowering the barrier to entry for security best practices across the industry.
02The Idea: A Free AI Smart Contract Audit Tool
There was no shortage of buzz around AI in Web3 when Hashlock first began thinking about this project. A few firms were already exploring AI auditing tools, but none of them were fully free. That gap was exactly the opportunity Fletcher had in mind.
“A big part of what we want to do with our brand is to have the ethos of giving back to the industry. But, of course, it benefits us because it allows us to ethically create a lead magnet by creating a quick and helpful tool.” — Fletcher Roberts, CEO & Co-Founder, Hashlock
The positioning was deliberate: the AI audit tool would not compete with Hashlock’s flagship service: the in-depth, manual security audit. Instead, it would sit upstream in the customer journey, helping early-stage developers and Web3 builders assess their contracts quickly and for free, while directing those who needed deeper assurance toward Hashlock’s full audit offering.
It seemed like a no-brainer. Labrys was the natural choice to build it given the established partnership Hashlock and Labrys have since 2022.
03Partnering with Labrys
Work began in July 2025. The project was led by Beau Leech as Project Manager with Senior Engineer Barry Earsman driving the technical architecture, alongside Max Taylor who helped shape the initial design and infrastructure.
From the outset, the team knew this would not be a standard build. AI tooling and development moves fast, requirements evolve, and user expectations for an auditing tool are high. The approach needed to be agile, iterative, and technically robust enough to grow with the product.
04MVP in Three Weeks
The first milestone was getting something tangible into Fletcher’s hands as quickly as possible. Within roughly three weeks, the team had a working MVP — an interface where smart contracts could be submitted and receive a meaningful audit output from the AI engine. From there, development expanded sprint by sprint.
“I thought it would take longer. And I didn’t think it would be as good. I remember stressing early on and thinking the tool’s not going to be smart enough. And the Labrys team was kind of like, just relax, trust us.” — Fletcher Roberts, CEO & Co-Founder, Hashlock
Over the following months, the team built out GitHub integration for contract submission, iterated through multiple versions of the home page, results page, and audit history dashboard, and developed a fully custom admin backend that gives Hashlock complete control over LLM configuration and system behaviour, without being locked into any single provider.
05Architecture Built for Flexibility
Given the pace of change in AI, Barry and the engineering team made a key architectural decision early: build for maximum flexibility, not just for the requirements on day one.
“We needed to be able to come up with a system that was robust, but also flexible enough that we could adapt the design based on what we discovered. We created a pluggable architecture and based everything around a very configurable workflow framework, which turned out to be a very good idea.” — Barry Earsman, Senior Engineer, Labrys
The configuration, including the choice of AI model and parameters for each step in the audit workflow, was made fully database-driven. Swapping in a new model or tuning the audit logic requires no code deployment; it’s a configuration change. In a space where new models ship weekly, this turned out to be one of the most valuable decisions made on the project.
06A Truly Collaborative Process
One of the defining features of this engagement was the closeness of the collaboration. At peak velocity, the team was holding two meetings per week. Fletcher had direct access to the project management software and could — and frequently did — reprioritise the backlog mid-sprint. Rather than being a source of friction, this agility was welcomed.
“I would ask for a lot of different things that weren’t in the original scope. You guys really understood what we were trying to do including the mission of creating a free AI audit tool that’s going to genuinely help people. And I think you were pretty excited about that too.” — Fletcher Roberts, CEO & Co-Founder, Hashlock
07Challenges Along the Way
No ambitious build comes without its hurdles, and this one was no exception.
Scaling Beyond Simple Contracts
The tool worked well for small contracts — two to five files — but as the team began testing it against larger, more complex protocols, they hit a wall. Serverless function timeouts, context window limitations, and token limits combined to create a period of intensive debugging and iteration that lasted roughly two to three weeks.
The solution required creatively batching and parallelising workloads through the workflow engine, finding ways to handle large codebases within the constraints of serverless architecture, a challenge that was genuinely novel territory, given how rapidly the underlying platforms were evolving at the time.
Taming Non-Deterministic AI Outputs
For a security audit tool, consistency matters. A developer who runs the same contract through the tool multiple times needs to trust that the findings are reliable and repeatable. But by nature, large language models produce different outputs for the same input, a fundamental challenge for this use case.
The Labrys delivery team tackled this with a structured, scientific approach: forming hypotheses about prompt and workflow changes, implementing them, running standardised benchmarks across the team, reviewing outputs, and iterating. The goal was to reduce variance and build confidence in the reliability of audit results over time, work that continues to inform how the tool evolves.
08The Results
The numbers speak for themselves. Still technically in Beta, the AI Audit Tool has delivered results that far exceeded initial expectations.
- 85,000+ users have accessed the app since launch
- 2,159+ signed-up organisational users — Web3 businesses actively auditing smart contracts
- Global reach: active users in virtually every country in the world, including 20,000+ in the US, 15,000+ in other leading markets, and approximately 6,000 in Hong Kong alone.
“It’s actually was a game changer in terms of web traffic and also just brand recognition. A few people at recent conferences knew us from the AI audit tool.” — Fletcher Roberts, CEO & Co-Founder, Hashlock
Importantly, the growth has shifted from paid to organic. Early momentum was driven by targeted advertising, but today the tool continues to grow largely on the strength of its reputation: with users in niche Web3 communities discovering and sharing it independently. Running a free tool at this scale involves meaningful ongoing cost in AI inference spend, but for Hashlock the return in brand equity, lead generation, and pipeline is clear.
09What’s Next?
The tool currently supports Solidity and Rust smart contract languages, but the longer-term vision is to support any smart contract language a developer might bring: a flexible, LLM-powered interface that simply audits what you give it, regardless of the stack.
For the near term, the focus is on UX: building an experience specifically designed for Web3 builders, not just an AI wrapper. That means thoughtful prompting, clearer audit output formatting, and a workflow that reflects how developers actually build and iterate on contracts. A formal v1 launch (moving out of Beta) is on the horizon.
Fletcher also shared a broader lesson from the project that he believes applies far beyond Hashlock:
“Whatever your service is, create an AI tool that does one step in that process and let the AI do that for free for your users. You’re going to get an awesome lead magnet, but you’re going to help hundreds of people — maybe thousands of people — that you wouldn’t have been able to help before.” — Fletcher Roberts, CEO & Co-Founder, Hashlock
10Conclusion
A Word from the Team
We’re proud of what we built together. The Hashlock AI Audit Tool represents something we believe in deeply: technology that genuinely helps people, built with craft and care. We can’t wait to see what comes next.
Ready to Build with Labrys?
Based in Brisbane, Australia, we build all of our software in-house with a team of experienced engineers passionate about both blockchain and AI. Whether you’re looking to develop a smart contract security tool, a dApp, or an AI product, we’d love to hear from you.
Just get in touch to find out more.