"What is the headline gap, and what kind of story is it?" 92% detection (purpose-built DeFi agent) vs 34% (general LLM) on DeFi-specific vulnerabilities. It is a DOMAIN-SPECIFICITY story, not a model-size story. A general LLM, however large, was not trained to reason about DeFi-native failure modes at depth — they are absent from its training distribution. course2a::sdd11::recall "What are the DeFi-native failure modes where the gap compounds?" Oracle manipulation (flash-loan → skew → liquidate). Flash-loan economics (atomic single-tx capital inversion). MEV (sandwich, front-running). Compositional risk (A→B integration vuln). These are absent from general training at reasoning depth. On general classes (modifier, standard reentrancy), the gap narrows. course2a::sdd11::analysis "What are the three pillars of specificity?" (1) Domain tooling (Foundry fork/fuzz/invariant, Tenderly, RPCs) — agent EXECUTES hypotheses. (2) Domain knowledge encoding (attack-pattern templates: oracle/flash-loan/MEV/composition). (3) Domain-specific verification (fork + replay → demonstrated tx). The pillars compound — each alone is insufficient. course2a::sdd11::analysis "Does building a domain agent require retraining the base model?" NO — this is a common misconception. The three pillars (tool grafting, knowledge encoding, verification harness) are EXTERNAL to the base model. You take a general LLM and surround it with domain structure (Heimdallr's reorganization + cascade is the canonical example). Retraining/fine-tuning is rarely justified — the pillars capture most of the 92% at a fraction of training cost. course2a::sdd11::analysis "Why do the three pillars compound (why is each alone insufficient)?" Domain tooling without encoded patterns can execute a hypothesis but can't GENERATE the right one. Encoded patterns without verification can generate a plausible hypothesis but can't CONFIRM it. Verification without the first two is a test harness with nothing to test. The 92% requires all three; the 34% has none. course2a::sdd11::analysis "What is the hybrid architecture, and why is it the pragmatic choice?" Per-task routing: general LLM for breadth tasks (triage, explain, report, test-gen — sufficient quality, lower cost), domain agent for deep DeFi detection (3 pillars, 92%). Outputs merge. Making the hybrid EXPLICIT (not paying domain-agent cost on every capability) is the cost-optimization decision. Specialist handles high-risk depth; generalist handles breadth. course2a::sdd11::analysis "What is a demonstrated attack, and why is its handling different from a finding?" An execution-verified exploit (fork + replay) — higher-sensitivity than a finding; it is a WEAPON. Must be stored, transmitted, and access-controlled as EXPLOIT CODE, not as findings. An exfiltrated demonstrated-attack library is an attacker's toolkit. This is the domain agent's output-handling risk surface. course2a::sdd11::analysis "What is the knowledge-base integrity risk?" The encoded attack patterns are the agent's core IP AND its attack surface. A POISONED pattern (attacker submits a misleading pattern to the KB) could steer the agent toward false negatives on a specific protocol. Mitigation: the pattern KB is curated, reviewed, and version-controlled — NOT an open submission system. course2a::sdd11::analysis "State the purpose-built approach's score and the tradeoff accepted." 49/60. High on the modules that matter for a security agent: Tool Design (5), Sandboxing (5), Verification (5). Tradeoff: BREADTH for depth (general LLM wins on non-DeFi tasks), higher cost per audit (fork infra/RPC/pattern maintenance), KB maintenance burden. Lowest: State (3, no cross-audit learning). course2a::sdd11::analysis "Name 3 things the purpose-built approach does better than a general LLM." (1) Execution-verified detection on DeFi-native classes (fork + replay demonstrates the loss; LLM guesses from text — the 92 vs 34 in one sentence). (2) Encoded attack-pattern knowledge (finite, learnable shapes of DeFi attacks as templates). (3) Domain tooling as first-class (Foundry/Tenderly/RPCs are agent tools, not external utilities). course2a::sdd11::recall "Name 3 tradeoffs you accept when you specialize." (1) Breadth for depth (specialist; general model wins on non-DeFi tasks like summarize/explain/test-gen). (2) Higher cost per audit (fork infra, RPC, pattern maintenance vs one LLM call). (3) Knowledge-base maintenance burden (patterns must be curated/updated as DeFi evolves; general LLM updates with training). course2a::sdd11::analysis "Name 3 things you would add to a purpose-built DeFi agent." (1) Make the hybrid explicit per-task (general LLM for triage/reporting, domain agent for deep detection). (2) Cross-audit pattern learning (agent proposes novel patterns to the KB). (3) A false-positive axis on pattern matching (how many flagged patterns were real? prevents alert fatigue). course2a::sdd11::application "State the Architect's Verdict in one line." The 92 vs 34 gap is domain-specificity, not model size; close it with three external pillars (domain tooling, encoded patterns, execution verification — no retraining); build the domain agent for high-value DeFi protocols, run the general LLM for breadth, make the hybrid explicit per-task. course2a::sdd11::recall