Company Description
VulnautAI is an AI-powered smart contract security auditing platform built for
the world's leading Web3 audit firms. We're not building a generic code
scanner — we're building a system that gets smarter with every audit,
accumulating the institutional knowledge of each firm over time and surfacing
it at the moment it's most useful.
We have ongoing betas from top-tier audit firms, a proprietary dataset of
180,000+ vulnerability findings, and a static analysis pipeline in active
development. We're approaching revenue and moving fast.
Role Description
You will own the architecture and implementation of our continuous learning
system — the mechanism by which auditor corrections, false positive labels,
and confirmed findings flow back into the model and make it measurably better
over time.
You'll also own the retrieval architecture that powers our historical audit
intelligence feature: when a new contract comes in, the system identifies
syntactically and semantically similar code from a firm's prior audits and
surfaces whether known bugs from those audits are relevant to the current one.
This is a founding-team-level role.
What We're Looking For
Learning loop architecture — Design and implement the full pipeline: auditor
correction signals → feedback ingestion → fine-tuning or embedding update
logic → evaluation harness → versioned model rollout, all within per-client
isolated infrastructure
Per-client isolation — Architect the system so each firm's corrections and
historical data improve only their own model instance, with no cross-client
data contamination (Postgres + Pinecone per-tenant)
Code similarity retrieval — Build the semantic code search layer that matches
incoming contract code against a firm's historical audit corpus and retrieves
associated findings as candidate vulnerabilities
Evaluation harness — Define and instrument the metrics that confirm the system
is actually improving: precision, recall, false positive rate, retrieval
relevance, and correction signal quality
Dataset integration — Incorporate our existing 180K+ finding dataset as the
foundational training scaffold, working with existing taxonomy and field
structure
Qualifications
Demonstrated experience architecting a continuous learning or RLHF-style
feedback loop end-to-end — not just operating within one
Production RAG pipeline experience: ingestion, chunking strategy, embedding
validation, retrieval relevance tuning, vector database management
Strong Python and ML engineering fundamentals (PyTorch or equivalent, MLflow
or similar experiment tracking)
Experience with per-tenant or multi-tenant ML infrastructure — you understand
the data isolation requirements and have solved them before
Experience with code embedding models (CodeBERT, StarEncoder, or similar) or
AST-based chunking
LangGraph or multi-agent pipeline experience
Fine-tuning experience on domain-specific code datasets