The decentralized finance (DeFi) sector has long been hailed as the future of finance—permissionless, transparent, and efficient. But a stark warning from one of its most respected voices is shaking that narrative to its core. Manuel Aráoz, co-founder and former chief technology officer of OpenZeppelin, the firm behind the most widely used smart contract auditing framework, has declared that he now considers all of DeFi unsafe. His reason: artificial intelligence has become superhuman at hacking smart contracts.
The Credibility of the Warning
Manuel Aráoz is not a fringe commentator. He co-founded OpenZeppelin in 2015, a company that essentially wrote the rulebook for secure smart contract development. OpenZeppelin’s contracts library is the gold standard for Ethereum-based projects, used by thousands of protocols to handle tokens, access control, and upgrades. Aráoz served as CTO until 2019, when he left to focus on other ventures, but his expertise in smart contract security remains unparalleled. When someone with his background says the sky is falling, the industry listens.
Aráoz’s warning comes at a time when DeFi’s total value locked (TVL) has tumbled by more than $20 billion this year alone, according to data from DeFi Llama. The decline is partly a reflection of broader market turbulence, but it also reflects a growing crisis of confidence. Over the past 12 months, over $1.1 billion has been lost to hacks and exploits, with major incidents at protocols like Kelp DAO and Step Finance making headlines. These hacks were not amateur jobs—they were sophisticated attacks that leveraged deep technical knowledge of the code.
AI Agents: The New Breed of Attacker
What has changed, according to Aráoz, is the capability of AI. He specifically pointed to the rise of advanced AI coding agents, such as Anthropic’s restricted model Claude Mythos, which can autonomously discover and weaponize software vulnerabilities. These agents are not simply scouring code for known patterns; they are reasoning about logic flaws, edge cases, and economic attack vectors in ways that surpass human auditors.
“We’ve reached a point where AI can find vulnerabilities faster than any human team, and it can do it at scale,” Aráoz said in a recent interview. “DeFi’s transparency—every line of code visible on-chain—was once seen as a strength. Now it’s a liability. Attackers can train AI on the entire blockchain and target weak points instantaneously.”
The implications are profound. Traditional smart contract audits, which involve teams of human experts manually reviewing code, can take weeks or months. Even then, they are known to miss critical flaws. The infamous DAO hack in 2016, which led to a fork of Ethereum, was a reentrancy bug that had been missed by multiple reviewers. Today, an AI agent could theoretically find such a flaw in minutes and write an exploit script before the auditor even finishes their coffee.
Real-World Examples of AI-Driven Exploits
While fully autonomous AI hacks are still emerging, there are already examples of AI-assisted attacks. In 2025, a security researcher demonstrated how an AI agent could identify a vulnerability in a popular DeFi lending protocol and execute a flash loan attack autonomously. The researcher, who worked for a major blockchain security firm, showed that the AI could generate the exploit code, simulate it, and launch it without human intervention. The demonstration was a wake-up call for the industry.
More recently, the exploit of Step Finance, a Solana-based decentralized exchange, was partially attributed to an AI-powered tool that automated the discovery of a liquidity pool mismatch. While details remain under investigation, the speed and precision of the attack suggested machine-level capability.
The Broader Security Landscape
Aráoz’s warning is not isolated. Other figures in the blockchain security space have raised similar alarms. CertiK’s CEO recently warned that mass deployment of AI agents is a disaster waiting to happen, echoing concerns that autonomous agents could launch coordinated attacks across multiple protocols simultaneously.
Even beyond DeFi, the security community is grappling with the rise of superhuman AI. The same week Aráoz made his comments, a separate story about Bitcoin’s vulnerability to quantum computing also gained traction. Andrew Gault, an early venture investor in quantum hardware labs, warned that the real threat is not to wallet keys but to the encrypted authentication data flowing between institutions—data that is being stockpiled now for later decryption. Both threats—AI and quantum—underscore a theme: the pace of technological defense is struggling to keep up with the pace of attack.
Why DeFi Is Especially Vulnerable
DeFi’s architecture makes it a natural target. Smart contracts are deterministic and publicly visible, meaning attackers can simulate potential exploits offline without any risk. AI agents can scan every contract on a blockchain, test millions of attack vectors, and rank them by likelihood of success. In contrast, traditional stock exchanges rely on opaque order books, insider threats, and human oversight—areas where AI is less effective.
Moreover, the composability of DeFi—where one protocol’s contract can interact with another’s—creates a complex web of interdependencies. An AI agent can model these interactions and find cross-protocol attacks that no human would imagine. The 2021 bZx attacks, which exploited flash loans and price oracle manipulation, were complex by human standards; an AI could have executed them in seconds.
The Response from the Industry
In response to these threats, some projects are turning to AI themselves. New auditing firms are developing AI-powered vulnerability scanners that run in real time, alerting users to potential exploits before funds are drained. However, Aráoz argues that this is an arms race that humans are likely to lose.
“The asymmetry is too great,” he said. “A human auditor can review maybe 100 lines of code per hour. An AI can review millions. And the attacker only needs to find one flaw; the defender must find them all. That math doesn’t work in our favor.”
He also pointed out that many DeFi protocols lack the resources for continuous monitoring. Smaller projects, which make up the majority of the ecosystem, often rely on a single audit at launch and then never update their code. Those audits, he said, are now essentially worthless against AI-driven adversaries.
Historical Context: The Evolution of DeFi Hacks
To understand the gravity of the current moment, it’s worth looking at how DeFi hacks have evolved. In 2020, the first major DeFi hacks involved simple bugs like reentrancy or integer overflow. By 2021, attackers were using flash loans to manipulate oracles. In 2022, cross-chain bridges became the favorite target, with billions stolen from bridges like Wormhole and Ronin. In 2023 and 2024, the attacks grew more sophisticated, exploiting governance mechanisms and lending protocols.
Now, in 2026, the emergence of AI agents capable of autonomous reasoning represents a step change. These agents are not limited to known vulnerability classes; they can invent new ones. They can also adapt their attacks in real time, adjusting to countermeasures that protocols deploy mid-attack.
The $1.1 billion in losses over the past 12 months may only be the beginning. If Aráoz’s assessment is correct, that figure could multiply as AI tools become more accessible. Already, there are underground marketplaces where AI agents are rented out for hacking purposes, similar to how DDoS-for-hire services operate.
The Future of DeFi Security
Some argue that the solution lies in novel security primitives, such as zero-knowledge proofs, secure enclaves, or formal verification. Formal verification, where code is mathematically proven to be correct, has been advocated by Vitalik Buterin and others. However, it is expensive and time-consuming, and it may not be able to scale to the complexity of DeFi protocols.
Others propose moving away from fully transparent blockchains to systems that allow for private execution, where smart contract code is not publicly visible. But that would sacrifice the very transparency that makes DeFi appealing for many users.
Aráoz himself has not proposed a specific fix. He left OpenZeppelin six years ago and has since been involved in other projects, including cryptographic tools. But his warning serves as a call to action: the industry must rethink its security model from the ground up, or risk becoming obsolete.
The clock is ticking. With every passing day, AI models become cheaper, faster, and more capable. The same technology that powers chatbots and image generators is now being directed at the code that controls billions of dollars in assets. DeFi may have once been safe—or at least safe enough—but that era is ending.
Source: Coindesk News