OpenZeppelin CEO Manuel Araoz has issued a stark warning: DeFi as we know it may no longer be safe. In a post on X this week, Araoz said he now considers “all” of decentralized finance unsafe because AI-powered coding agents have become “superhuman” at finding vulnerabilities in smart contracts. The concern arrives at a fragile moment for the sector. DeFi’s total value locked (TVL) has fallen by more than $20 billion since the start of the year, according to DeFiLlama, and the past 365 days have seen more than $1.1 billion lost to hacks. High-profile incidents include April’s $292 million Kelp DAO exploit, which highlighted how weaknesses in cross‑chain infrastructure can ripple across the ecosystem, and a Solana-based $27 million exploit that forced Step Finance to shut down earlier this year. Araoz says the threat is not just bigger, it’s fundamentally different. “Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds,” he wrote. The asymmetry is worsened by DeFi’s openness: publicly available smart contract code—once touted as a security strength—could become a liability if machine systems scan, identify, and weaponize flaws far faster than developers can respond. Compounding the worry, AI safety researchers at Anthropic have warned that their restricted Claude Mythos model can autonomously discover software vulnerabilities and even craft working exploits at a level they say outperforms existing automated tools. If such capabilities are generalized or proliferate, the dynamics of on‑chain security could shift dramatically. What this means for DeFi: the industry may need to rethink its security model. Traditional defenses—audits, manual reviews, and reactive patches—face a time‑to‑respond problem against autonomous agents that operate at machine speed. Solutions under discussion include more rigorous formal verification, richer bug-bounty programs, runtime monitoring and fail-safes, and protocols built with exploit-resistant patterns from the ground up. Araoz’s warning is a wake-up call: as AI accelerates the ability to find and weaponize code flaws, DeFi teams, auditors and users will have to evolve security practices quickly or risk further erosion of trust and capital in the space.
OpenZeppelin CEO Warns AI Agents Pose New Threat to DeFi Security
ChainGPTShare
Summary
OpenZeppelin CEO Manuel Araoz has raised concerns about AI agents undermining contract security in DeFi. He noted these tools are now 'superhuman' at finding smart contract vulnerabilities. DeFi’s total value locked has fallen over $20 billion since January, with more than $1.1 billion stolen in hacks over the past year. Araoz pointed to the imbalance in blockchain security, where attackers only need one exploit while defenders must fix all bugs. Anthropic’s restricted Claude Mythos model can autonomously detect and weaponize flaws faster than current tools. The warning highlights the need for stronger contract security, including formal verification, bug bounties, and runtime monitoring.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.