PatchProof - Subnet Design Proposal

## 1. Introduction: The Vision for Verified Exploit Remediation

PatchProof is a Bittensor subnet designed to create a decentralized market for verified vulnerability-remediation artifacts. Our core vision is to transform AI security work from “AI found a bug” into “AI produced a fix that validators proved is safe to ship.”

AI agents are becoming increasingly capable at finding vulnerabilities and generating patches. But finding a bug is not the same as safely fixing it. Every vulnerability report creates follow-up work for maintainers and security teams: is the bug real, does the patch actually block the exploit, does it survive variants, did it break existing behavior, and can the fix be trusted for release?

To solve this, PatchProof defines one concrete digital intelligence commodity:

verified remediation artifact = patch diff + exploit replay proof + hidden-variant proof + regression proof + originality fingerprint*

Miners compete to submit minimal security patch diffs for vulnerability tasks. Validators independently replay the original exploit, apply each patch in a clean sandbox, run public tests, hidden exploit variants, fuzz/invariant checks, regression tests, and originality detection. The best verified remediation artifacts are rewarded through Bittensor weights.

PatchProof is not a generic AI code-fixing subnet. It is a release-safety gate for security remediation. The subnet does not reward suggestions, reports, or unverifiable claims. It rewards executable proof that a vulnerability was actually fixed.

This proposal outlines the PatchProof subnet design, including its incentive structure, miner and validator roles, anti-gaming mechanisms, market rationale, and working prototype. The goal is to build the decentralized release-safety layer for AI-generated security fixes.

## 2. Incentive & Mechanism Design

The incentive mechanism of PatchProof is built around a simple rule:

Validators do not trust miner claims. Validators rerun everything.*

The subnet rewards miners only when their patch survives validator-controlled verification. Miner logs and summaries are metadata only. The source of truth is the validator’s deterministic execution.

### Emission and Reward Logic: A Verification-First Reward System

Each validation round starts with a vulnerability task containing:

repository snapshot;
vulnerability description;
exploit reproduction script;
public tests;
file constraints and allowlists;