DeFi isn’t safe anymore because AI is becoming ‘superhuman’ at hacking, security chief warns
Share this article
As hacks pile up and DeFi TVL falls fast, one of crypto’s top security executives says AI coding agents have made smart contracts fatally vulnerable.
By Sam Reynolds|Edited by Jamie Crawley
May 27, 2026, 8:51 a.m. 1 min read
- OpenZeppelin CEO Manuel Aráoz warned that he now considers all of DeFi unsafe, arguing that AI coding agents have become “superhuman” at finding vulnerabilities in smart contracts.
- His comments come amid a sharp decline of more than $20 billion in DeFi’s total value locked this year and over $1.1 billion lost to hacks in the past 12 months, including high-profile exploits at Kelp DAO and Step Finance.
- The rise of powerful AI models like Anthropic’s restricted Claude Mythos, which can autonomously discover and weaponize software flaws, is raising new concerns that DeFi’s transparent, on-chain code may be increasingly difficult to defend at human speed.
OpenZeppelin CEO Manuel Araoz said he now considers “all” of decentralized finance (DeFi) unsafe because coding agents have become “superhuman” at finding vulnerabilities in a post on X Wednesday.
The warning from one of crypto’s top security executives comes as DeFi’s total value locked has dropped by over $20 billion since the start of the year, according to DeFiLlama data. While some of that reflects broader crypto price weakness, the sector has also been battered by a steady stream of exploits that continue to test confidence in onchain finance.
DefiLlama data shows that more than $1.1 billion has been lost to DeFi hacks over the past 365 days, including April’s $292 million Kelp DAO exploit, which exposed how vulnerabilities in cross-chain infrastructure can quickly spill into the broader ecosystem. Solana-based Step Finance, meanwhile, shut down earlier this year after a $27 million exploit left the project unable to recover.
Araoz’s comments also arrive as Anthropic has warned that its restricted Claude Mythos AI model can autonomously discover software vulnerabilities and develop working exploits at a level the company says surpasses existing automated tools.
That raises uncomfortable questions for DeFi, whose core security model was designed around human attackers operating at human speed.
DeFi’s transparency, long marketed as a strength, could become a liability if machine systems can scan publicly available smart contract code, identify weaknesses and weaponize them faster than defenders can patch them.
More For You
By Margaux Nijkerk|Edited by Stephen Alpher
17 hours ago
The product, called Base MCP, connects a user’s Base Account to AI clients such as ChatGPT, Claude and Cursor using the Model Context Protocol (MCP), an emerging standard that allows AI systems to securely interface with external tools and applications.
What to know:
- Coinbase’s Ethereum Layer 2 network Base launched “Base MCP,” a new AI integration that lets users connect their crypto wallets to AI tools like ChatGPT and Claude to send funds, swap tokens, track portfolios and interact with DeFi apps using simple chat prompts.
- The product launches with integrations for protocols…
Top Stories
