Introduction
A recent investigation carried out by MATS and Anthropic Fellows highlights a serious threat posed by artificial intelligence (AI) agents: their ability to exploit vulnerabilities within smart contracts for profit. This alarming capability establishes a significant baseline for potential economic damage in the realm of decentralized finance (DeFi).
Research Findings
Utilizing an innovative benchmark called the Smart Contracts Exploitation (SCONE-bench), which analyzes 405 smart contracts that were compromised between 2020 and 2025, the researchers deployed advanced models—specifically Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5—to create simulated exploits valued at an estimated $4.6 million. Their findings, published in a report dated December 1, emphasized the successful development of these exploits, revealing a stark warning about the risks associated with AI agents’ capabilities.
Vulnerability Assessment
In a further examination, the team assessed how Sonnet 4.5 and GPT-5 fared against 2,849 newly launched contracts that were believed to be secure, discovering two new zero-day vulnerabilities. This testing resulted in the formation of exploits with a potential worth of $3,694, all achieved at an API expense of only $3,476. This success exemplifies the feasibility of economically viable, autonomous exploitation in real-world scenarios, making the need for robust, proactive defense measures using AI more pressing than ever.
Efficiency Improvements
Perhaps the most shocking aspect of the study was the observed improvement in efficiency; attackers can now manage around 3.4 times more successful exploits on the same computational budget compared to six months prior. Additionally, the costs associated with these attacks have plummeted by an incredible 70%, allowing these intelligent systems to operate at a fraction of previous expenses.
Jean Rausis, co-founder of SMARDEX, attributes this significant reduction in costs mainly to the introduction of agentic loops, which facilitate self-adjusting workflows, thus minimizing token waste during the analysis of contracts. Rausis also pointed out advancements in model architecture as key contributors. Enhanced context windows and memory capabilities in systems like Claude Opus 4.5 and GPT-5 allow for prolonged simulations without repetition, improving overall efficiency by 15–100% during lengthy tasks. While vulnerability detection success rates on SCONE-bench have risen modestly from 2% to 51%, the real optimization effects on execution time are far more pronounced.
Potential Economic Impact
While the study projects a simulated economic impact of $4.6 million, experts warn that actual financial ramifications could be considerably steeper, potentially estimated at 10 to 100 times higher. Rausis suggests that the genuine risks posed by a major exploit could reach between $50 million and $500 million. He also cautions that, as AI continues to develop, the overall financial exposure across the sector—including unaccounted leverage and oracle failures—could skyrocket, potentially reaching $10 to $20 billion annually.
Conclusion and Recommendations
The findings of the research paper conclude with a cautionary note: while smart contracts currently represent the first wave of automated attacks, proprietary software could soon become the next target as AI agents refine their reverse engineering techniques.
Importantly, the report underscores that the same AI technology capable of launching attacks can also be employed defensively to address vulnerabilities. Rausis recommends a three-pronged strategy for policymakers and regulators aimed at countering the systemic financial risks linked to automated DeFi attacks, which includes implementing AI oversight, establishing new auditing standards, and fostering global collaboration.
