AI Agents Can Now Hack Smart Contracts. That's a Problem.
By Owen Achebe
A new benchmark from OpenAI and Paradigm shows AI agents can independently exploit 72% of smart contract vulnerabilities. With over $100 billion locked in DeFi, the implications are staggering — and the defensive applications might not keep up.
OpenAI and crypto investment firm Paradigm just dropped something that should make every DeFi developer sweat: a benchmark proving that AI agents can find, exploit, and fix smart contract vulnerabilities almost entirely on their own.
The benchmark is called EVMbench. It covers 120 vulnerabilities pulled from 40 real-world security audits of Ethereum smart contracts. And in the most realistic testing setup — where AI agents interact with a local blockchain with no hand-holding — the results are sobering.
GPT-5.3-Codex, OpenAI's top coding model, successfully exploited 72% of the vulnerabilities. Anthropic's Claude Opus 4.6 led on detection, catching 45.6% of bugs. And when agents were given even a small hint about where to look, exploit success rates jumped from 63% to 96%.
Read that last number again. With a nudge in the right direction, AI agents can exploit nearly every smart contract vulnerability they encounter.
## The $100 Billion Question
There's currently more than $100 billion locked in smart contracts across Ethereum and its ecosystem. That's not play money. That's real capital, secured by code that — as this benchmark demonstrates — can be cracked by an AI agent with a few hundred dollars worth of API calls.
Smart contract security has always been a cat-and-mouse game. Auditors review code before deployment. Bug bounties incentivize white-hat hackers to find vulnerabilities. And yet, according to Chainalysis, over $3.7 billion was stolen from DeFi protocols in 2025 alone. The problem isn't that nobody's looking for bugs. It's that the attackers are getting faster than the defenders.
EVMbench suggests that imbalance is about to get much worse.
## How EVMbench Works
The benchmark isn't just a multiple-choice test. The researchers designed three evaluation modes, each more realistic than the last.
The simplest mode gives the AI agent the vulnerable contract code and asks it to identify the problem. Think of it as a take-home exam. Even here, models struggled — the best detection rate was under 50%, which tells you that finding vulnerabilities in complex Solidity code is genuinely hard, even for frontier models.
The second mode asks agents to write exploit code that actually works. They have to craft a transaction that takes advantage of the vulnerability and demonstrate it succeeds. This requires understanding not just the bug but the entire execution environment — how EVM opcodes work, how gas is calculated, how reentrancy plays out across contract calls.
The third mode is the scary one. Agents interact with a local blockchain instance in real time. They can deploy contracts, send transactions, and manipulate state. No hints, no scaffolding. Just a running blockchain and a description of the target. This is closest to what an actual attacker would face, minus the need to acquire ETH or worry about front-running.
## The Detection Problem
Here's the finding that should concern people most: the biggest bottleneck isn't exploitation. It's detection.
When researchers told agents which contract contained the vulnerability, exploit success rates nearly doubled. Fix rates jumped from 39% to 94%. The agents are perfectly capable of crafting sophisticated attacks and writing patches. They just can't reliably find the needle in the haystack of a large codebase.
That might sound reassuring — if AI can't find the bugs, we're safe, right? Wrong. Narrowing down which contract to attack isn't hard for a motivated human attacker. Newly deployed contracts, protocols handling large TVL (total value locked), contracts with recent code changes — these are obvious targets. An attacker doesn't need AI to pick the target. They need AI to analyze and exploit it fast, before anyone else notices.
And 72% exploit success on identified vulnerabilities is more than enough to make that strategy profitable.
## The Defensive Case
There's a version of this story that's optimistic. If AI agents can exploit 72% of smart contract vulnerabilities, they can presumably also help find and fix them before deployment.
The fix rates in EVMbench support this. With location hints, AI agents fixed 94% of the vulnerabilities they found. That's remarkably high. A future where every smart contract goes through an AI-powered audit before deployment — catching bugs that human auditors miss — is plausible and genuinely valuable.
Several companies are already building in this direction. Trail of Bits has been experimenting with LLM-assisted fuzzing. Consensys's Diligence team has integrated AI analysis into their audit pipeline. OpenZeppelin recently published research on using GPT-based models to flag common vulnerability patterns.
But here's the catch: defense is always harder than offense. An attacker only needs to find one exploitable vulnerability. A defender needs to find them all. And while 94% fix rate sounds impressive, the 6% that slip through on contracts managing billions of dollars is still catastrophic.
## What This Means for DeFi
The practical implications are immediate and uncomfortable.
First, audit costs are going up. If AI agents can exploit most known vulnerability patterns, human auditors need to focus on the novel, complex bugs that AI can't yet handle. That's more specialized work, and specialized work costs more.
Second, the window between vulnerability discovery and exploitation is shrinking. Right now, when a new attack vector is published, there's typically a race between protocols patching their code and attackers exploiting it. AI agents compress that timeline from days to hours, maybe minutes.
Third, insurance pricing for DeFi protocols is going to shift. If the risk profile of smart contracts just got materially worse — or at least more quantifiable — the actuarial math changes. Protocols that can prove they've been AI-audited might get better rates. Those that can't will pay more.
## The Regulatory Shadow
This research also has implications beyond crypto. Regulators have been watching DeFi closely, and a benchmark demonstrating that AI agents can exploit most smart contracts independently is exactly the kind of evidence that fuels calls for more oversight.
The SEC's ongoing position that most DeFi tokens are securities already creates friction. Add "AI can autonomously drain your liquidity pool" to the conversation, and the argument for mandatory code audits and disclosure requirements gets a lot stronger.
Whether that's good or bad depends on your perspective. But the political reality is that EVMbench gave regulators a data point they didn't have before: a quantified measure of how vulnerable smart contracts are to automated attack.
## The Bigger Picture
EVMbench is about smart contracts, but the implications extend to any system where security depends on code correctness. APIs, authentication systems, payment processors — anywhere that a software vulnerability translates to financial loss.
AI agents that can exploit 72% of known vulnerabilities today will be better tomorrow. The models are improving quarterly. The tooling is getting more sophisticated. The cost per attack is dropping.
The question isn't whether AI-powered cyberattacks become a serious threat. It's whether AI-powered defense scales fast enough to keep pace. EVMbench suggests we're not there yet — and the gap is wider than most people realize.
For now, if you're building or maintaining smart contracts, the message is clear: assume AI is reading your code. Because it probably is.