In simulated tests, advanced AI models found and exploited blockchain vulnerabilities, accumulating millions in theoretical value and highlighting new security challenges for DeFi.

Research from the AI firm Anthropic has demonstrated that powerful artificial intelligence systems can identify weaknesses in blockchain applications and execute profitable attacks. Within a controlled, simulated environment, these AI agents exploited smart contracts for millions of dollars in value, raising fresh concerns about the security of the Decentralized Finance (DeFi) ecosystem.

The study, conducted with MATS and Anthropic Fellows, tested leading AI agents against a benchmark called Smart CONtracts Exploitation (SCONE-bench). This benchmark was built using 405 real-world smart contracts that had been successfully hacked between 2020 and 2025. In the initial phase, the AI models managed to exploit just over half of these contracts, amassing a simulated total of $550.1 million in stolen funds.

Finding New and Unknown Flaws

To confirm the AIs weren’t simply recalling past events, the team narrowed its focus to 34 contracts that were exploited after March 1, 2025, a date beyond the models’ knowledge cutoff. Even on this unfamiliar dataset, Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 generated working exploits on 19 contracts, worth a combined $4.6 million in simulated value. Claude Opus 4.5 alone accounted for approximately $4.5 million of that total.

In a further test for discovering brand-new problems, Anthropic ran the models against 2,849 recently deployed Binance Smart Chain contracts with no known vulnerabilities on October 3, 2025. Both Sonnet 4.5 and GPT-5 successfully identified two zero-day bugs and created attacks worth $3,694. Significantly, GPT-5 accomplished this at an API cost of just $3,476, showcasing the improving economics of AI-driven attacks.

A Double-Edged Sword for Crypto Security

Anthropic stressed that all testing took place on forked blockchains and local simulators, ensuring no live networks or real funds were ever at risk. The research aimed to measure what is technically possible with today’s AI, not to interfere with production systems.

The study found that the financial viability of these attacks is rapidly improving. Over the past year, the potential revenue from exploits on the 2025 vulnerabilities roughly doubled every 1.3 months, while the cost to generate a working exploit fell sharply. This trend means attackers can get more effective results for the same budget as AI models advance.

While the work focused on DeFi, Anthropic argues that these AI skills are transferable to traditional software security. The core message for developers is that these tools are a double-edged sword: AI systems capable of exploiting smart contracts can also be used to audit and fix them before they go live.