Finance
What to know:
- A purpose-built AI security agent detected vulnerabilities in 92% of 90 exploited DeFi contracts ($96.8 million in exploit value), compared with 34% and $7.5 million for a baseline GPT-5.1-based coding agent running on the same underlying model.
- The gap came from domain-specific security methodology layered on top of the model, not differences in core AI capability, according to the report.
- The findings come as prior research from Anthropic and OpenAI shows AI agents can execute end-to-end smart contract exploits at low cost, accelerating concerns that offensive AI capabilities are scaling faster than defensive adoption.
A purpose-built AI security agent detected vulnerabilities in 92% of exploited DeFi smart contracts in a new open-source benchmark.
The study, released Thursday by AI security firm Cecuro, evaluated 90 real-world smart contracts exploited between October 2024 and early 2026, representing $228 million in verified losses. The specialized system flagged vulnerabilities tied to $96.8 million in exploit value, compared with just 34% detection and $7.5 million in coverage from a baseline GPT-5.1-based coding agent.
Both systems ran on the same frontier model. The difference, according to the report, was the application layer: domain-specific methodology, structured review phases and DeFi-focused security heuristics layered on top of the model.
The findings arrive amid growing concern that AI is accelerating crypto crime. Separate research from Anthropic and OpenAI has shown that AI agents can now execute end-to-end exploits on most known vulnerable smart contracts, with exploit capability reportedly doubling roughly every 1.3 months. The average cost of an AI-powered exploit attempt is about $1.22 per contract, sharply lowering the barrier to large-scale scanning.
Previous CoinDesk coverage outlined how bad actors such as North Korea have begun using AI to scale hacking operations and automate parts of the exploit process, underscoring the widening gap between offensive and defensive capabilities.
Cecuro argues that many teams rely on general-purpose AI tools or one-off audits for security, an approach the benchmark suggests may miss high-value, complex vulnerabilities. Several contracts in the dataset had previously undergone professional audits before being exploited.
The benchmark dataset, evaluation framework and baseline agent have been open-sourced on GitHub. The company said it has not released its full security agent due to concerns that similar tooling could be repurposed for offensive use.
Read More
- Best Controller Settings for ARC Raiders
- ‘Crime 101’ Ending, Explained
- Every Targaryen Death in Game of Thrones, House of the Dragon & AKOTSK, Ranked
- The Best Members of the Flash Family
- The Pitt Season 2, Episode 7 Recap: Abbot’s Return To PTMC Shakes Things Up
- Battlefield 6 Season 2 Update Is Live, Here Are the Full Patch Notes
- 7 Best Animated Horror TV Shows
- The Strongest Dragons in House of the Dragon, Ranked
- Dan Da Dan Chapter 226 Release Date & Where to Read
- Where Winds Meet: How To Defeat Shadow Puppeteer (Boss Guide)
2026-02-20 22:38