Manuel Aráoz warns AI agents have become superhuman at exploiting smart contracts
Manuel Aráoz, CEO of OpenZeppelin, declared on May 26, 2026 that he now considers all of DeFi unsafe. His warning centers on a stark asymmetry: AI coding agents have become capable of autonomously discovering and exploiting smart contract vulnerabilities faster than human defenders can patch them.
“I now consider all of DeFi unsafe,” Aráoz said. “Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.”
The warning arrives amid a documented surge in DeFi exploits. Over the past 12 months, the sector has lost $1.1 billion to hacks. In April 2026 alone, Kelp DAO suffered a $292 million exploit. Step Finance, a Solana-based DeFi protocol, shut down earlier in 2026 following its own exploit that cost $27 million. Simultaneously, DeFi’s total value locked has declined over $20 billion since the start of 2026, reflecting both broader crypto price weakness and a steady stream of security breaches.
The vulnerability lies in DeFi’s foundational design. Smart contract code is publicly available on-chain by nature. Aráoz’s concern centers on Anthropic’s Claude Mythos AI model, which the company has warned can autonomously discover software vulnerabilities and develop working exploits at a level surpassing existing automated tools. If machine systems can scan publicly available code and weaponize weaknesses faster than defenders can respond, the entire security model collapses.
DeFi’s transparency, historically marketed as a core strength of decentralized finance, could become a liability. The sector was designed around human attackers operating at human speed. That assumption no longer holds.
The asymmetry Aráoz identifies is structural. Defenders must secure every vector in a smart contract. Attackers need only one. When attackers can deploy AI agents to discover vulnerabilities at superhuman speed, the burden on defenders becomes insurmountable.
The scale of recent losses underscores the urgency. $1.1 billion in a single year represents a sustained drain on protocol reserves and user confidence. Kelp DAO’s $292 million loss alone ranks among the largest DeFi exploits on record.
OpenZeppelin did not specify what technical measures it or other security firms are proposing to address AI-driven vulnerability discovery. Aráoz’s warning does not clarify whether the risk applies equally across all DeFi protocols or if some architectures are more vulnerable than others. The source also does not detail the specific mechanisms by which Claude Mythos discovers vulnerabilities, nor does it provide data on how many exploits in the $1.1 billion total were specifically AI-assisted.
The statement signals that the security industry recognizes a fundamental shift in the threat landscape. If AI agents can outpace human defenders, DeFi protocols face a choice: redesign their security models, accept higher exploit risk, or reduce on-chain exposure.
