> For the complete documentation index, see [llms.txt](https://shepherd-1.gitbook.io/shepherd/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://shepherd-1.gitbook.io/shepherd/the-problem.md).

# The Problem

Despite rapid growth in Web3, security tooling has not kept pace. Critical gaps remain in how we defend protocols today.

The current ecosystem is crowded with static analyzers, linters, and symbolic execution engines. However, these solutions face serious limitations:

* **No exploit validation**

  Most tools flag theoretical issues, but don't prove whether they can be exploited in real execution. Think tools like: Slither, MythX, etc.

***

* **No learning or iteration**

  Existing tools lack memory, meaning they can't improve over time, adapt strategies, or learn from past failures.

***

* **Isolated analysis**

  Most tools analyze contracts in isolation, missing the composability and system-level interactions that make Web3 both powerful and vulnerable.&#x20;

***

* **No explainability**

  Many tools produce outputs that are technically dense or lack meaningful context, making it harder for teams to prioritize, triage, and address security risks efficiently.

***

* **One-shot execution**

  Without a persistent state or feedback loop, each test run starts from scratch, limiting the ability to refine or deepen results.&#x20;

***

* **No historical context**

  Some of the most dangerous vulnerabilities arise from nuanced, emergent behaviors — patterns that only become clear when prior exploit history and interactions are factored in.
