Spiral published its official Loupe announcement on May 12, 2026, describing the product as an AI-powered vulnerability scanner for open-source Bitcoin projects. The related Spiral post on X was also published on May 12, 2026, while the Project Loupe account posted its definition-style launch message the same day. Spiral later pointed users to the public project-loupe/loupe GitHub repository in a follow-up X post dated May 13, 2026 UTC, or May 12 in Pacific time. The visible references are Spiral’s official Substack announcement, the Spiral X post, the Project Loupe X post and the public GitHub repository.
Spiral and Block describe Loupe as a tool built to help open-source Bitcoin maintainers identify software vulnerabilities before attackers do. In the official write-up, Spiral said AI is increasingly useful for finding security flaws in open-source code, but warned that the same capability can create an imbalance when attackers have better scanning resources than maintainers. That framing is Spiral’s own rationale for the product, not an independent security assessment.
Meet Loupe, an AI-powered vulnerability scanner for open-source bitcoin projects. Attackers already use AI to find weaknesses. Maintainers should do the same.
Bitcoin Core, BDK, LDK, rust-bitcoin, Cashu, Jade, bitcoinj, and SRI are already onboard. https://t.co/S5kF1TWw4F https://t.co/2yst5utXLw
— Spiral (@spiralbtc) May 12, 2026
The announcement says several Bitcoin-related projects have committed to Loupe’s initial tests, including Bitcoin Core, BDK, LDK, rust-bitcoin, Cashu, Blockstream Jade, bitcoinj and SRI. That wording matters: the material supports saying these projects are part of, or committed to, initial testing. It does not prove that all of them are already running Loupe independently in production.
Public repository, staged rollout and technical scope
Loupe is not presented as a fully closed product. A public GitHub repository under project-loupe/loupe is visible, and its README describes Loupe as a security-scanning harness for source repositories. However, the official post also describes it as a free “scanning-as-a-service” tool for FOSS Bitcoin projects, with Block and Spiral initially running and funding some scans. A precise license was not visible in the rendered GitHub material reviewed, so the safest wording is that Loupe has a public repository, while the operational rollout appears staged around initial tests and later maintainer handoff.
The GitHub README says Loupe uses a server, worker fleet and CLI. Workers clone repositories, run configured scanners and submit findings back to the server over mutual TLS. The current LLM workflow uses agent-based scanning and self-validation, where a reported issue should be backed by a regression-test proof of concept before being dispatched through a configured reporter such as GitHub issues, email or manual triage. Spiral’s announcement similarly says Loupe aims to avoid low-quality AI reports by only reporting vulnerabilities backed by a demonstrable test case.
For now, the confirmed status is a May 12, 2026 launch announcement by Spiral, backed by a public GitHub repository and a staged testing process involving named Bitcoin projects. The material does not establish pricing beyond Spiral’s statement that the tool is free for FOSS Bitcoin projects and that anyone can use it if they bring their own model access and tokens. Nor does it show an independent audit, benchmark or production-readiness review.