"What is the headline gap, and what kind of story is it?"	92% detection (purpose-built DeFi agent) vs 34% (general LLM) on DeFi-specific vulnerabilities. It is a DOMAIN-SPECIFICITY story, not a model-size story. A general LLM, however large, was not trained to reason about DeFi-native failure modes at depth — they are absent from its training distribution.	course2a::sdd11::recall
"What are the DeFi-native failure modes where the gap compounds?"	Oracle manipulation (flash-loan → skew → liquidate). Flash-loan economics (atomic single-tx capital inversion). MEV (sandwich, front-running). Compositional risk (A→B integration vuln). These are absent from general training at reasoning depth. On general classes (modifier, standard reentrancy), the gap narrows.	course2a::sdd11::analysis
"What are the three pillars of specificity?"	(1) Domain tooling (Foundry fork/fuzz/invariant, Tenderly, RPCs) — agent EXECUTES hypotheses. (2) Domain knowledge encoding (attack-pattern templates: oracle/flash-loan/MEV/composition). (3) Domain-specific verification (fork + replay → demonstrated tx). The pillars compound — each alone is insufficient.	course2a::sdd11::analysis
"Does building a domain agent require retraining the base model?"	NO — this is a common misconception. The three pillars (tool grafting, knowledge encoding, verification harness) are EXTERNAL to the base model. You take a general LLM and surround it with domain structure (Heimdallr's reorganization + cascade is the canonical example). Retraining/fine-tuning is rarely justified — the pillars capture most of the 92% at a fraction of training cost.	course2a::sdd11::analysis
"Why do the three pillars compound (why is each alone insufficient)?"	Domain tooling without encoded patterns can execute a hypothesis but can't GENERATE the right one. Encoded patterns without verification can generate a plausible hypothesis but can't CONFIRM it. Verification without the first two is a test harness with nothing to test. The 92% requires all three; the 34% has none.	course2a::sdd11::analysis
"What is the hybrid architecture, and why is it the pragmatic choice?"	Per-task routing: general LLM for breadth tasks (triage, explain, report, test-gen — sufficient quality, lower cost), domain agent for deep DeFi detection (3 pillars, 92%). Outputs merge. Making the hybrid EXPLICIT (not paying domain-agent cost on every capability) is the cost-optimization decision. Specialist handles high-risk depth; generalist handles breadth.	course2a::sdd11::analysis
"What is a demonstrated attack, and why is its handling different from a finding?"	An execution-verified exploit (fork + replay) — higher-sensitivity than a finding; it is a WEAPON. Must be stored, transmitted, and access-controlled as EXPLOIT CODE, not as findings. An exfiltrated demonstrated-attack library is an attacker's toolkit. This is the domain agent's output-handling risk surface.	course2a::sdd11::analysis
"What is the knowledge-base integrity risk?"	The encoded attack patterns are the agent's core IP AND its attack surface. A POISONED pattern (attacker submits a misleading pattern to the KB) could steer the agent toward false negatives on a specific protocol. Mitigation: the pattern KB is curated, reviewed, and version-controlled — NOT an open submission system.	course2a::sdd11::analysis
"State the purpose-built approach's score and the tradeoff accepted."	49/60. High on the modules that matter for a security agent: Tool Design (5), Sandboxing (5), Verification (5). Tradeoff: BREADTH for depth (general LLM wins on non-DeFi tasks), higher cost per audit (fork infra/RPC/pattern maintenance), KB maintenance burden. Lowest: State (3, no cross-audit learning).	course2a::sdd11::analysis
"Name 3 things the purpose-built approach does better than a general LLM."	(1) Execution-verified detection on DeFi-native classes (fork + replay demonstrates the loss; LLM guesses from text — the 92 vs 34 in one sentence). (2) Encoded attack-pattern knowledge (finite, learnable shapes of DeFi attacks as templates). (3) Domain tooling as first-class (Foundry/Tenderly/RPCs are agent tools, not external utilities).	course2a::sdd11::recall
"Name 3 tradeoffs you accept when you specialize."	(1) Breadth for depth (specialist; general model wins on non-DeFi tasks like summarize/explain/test-gen). (2) Higher cost per audit (fork infra, RPC, pattern maintenance vs one LLM call). (3) Knowledge-base maintenance burden (patterns must be curated/updated as DeFi evolves; general LLM updates with training).	course2a::sdd11::analysis
"Name 3 things you would add to a purpose-built DeFi agent."	(1) Make the hybrid explicit per-task (general LLM for triage/reporting, domain agent for deep detection). (2) Cross-audit pattern learning (agent proposes novel patterns to the KB). (3) A false-positive axis on pattern matching (how many flagged patterns were real? prevents alert fatigue).	course2a::sdd11::application
"State the Architect's Verdict in one line."	The 92 vs 34 gap is domain-specificity, not model size; close it with three external pillars (domain tooling, encoded patterns, execution verification — no retraining); build the domain agent for high-value DeFi protocols, run the general LLM for breadth, make the hybrid explicit per-task.	course2a::sdd11::recall
