- Trending
- Comments
- Latest
AI models from Anthropic and OpenAI successfully exploited over half of 405 previously hacked smart contracts in a new security benchmark, generating $550 million in simulated stolen value and demonstrating that frontier AI can now independently discover and execute complex DeFi attacks.
In collaboration with MATS and Anthropic Fellows, the company tested 10 leading AI models on a benchmark known as SCONE-bench is a dataset of 405 smart contracts previously hacked between 2020 and 2025. Full benchmark details are available in the SCONE-bench Research Repository, which documents the structure and evaluation criteria behind the test.
Across simulated environments, the AI agents managed to exploit more than half of the contracts, generating an estimated $550.1 million in simulated stolen value.
The experiments were performed using forked chains and sandboxed execution systems, following guidelines outlined in Anthropic’s public documentation at Anthropic Safety Research. Researchers designed the study to evaluate what current systems can accomplish not to interfere with live networks or endanger real funds.
To minimize the chances that the models were simply reconstructing known incidents, the team repeated the analysis on 34 contracts exploited after March 1, 2025, the latest common knowledge cutoff for most advanced models. This allowed the study to isolate genuine discovery from historical recall.
Even when tested exclusively on post-cutoff contracts, the results showed that advanced AI systems remain highly capable of finding vulnerabilities. On this clean dataset, Claude Opus 4.5, Claude Sonnet 4.5 and GPT-5 generated working AI-driven smart contract exploits on 19 of the 34 targets, worth a combined $4.6 million in simulated token value. Anthropic reports that Opus 4.5 alone accounted for $4.5 million of that amount.
In a follow-up test performed on Oct. 3, 2025, Anthropic evaluated whether agents could uncover brand new zero-day vulnerabilities rather than replicating known issues.
Claude Sonnet 4.5 and GPT-5 were run against 2,849 newly deployed Binance Smart Chain contracts with no previously documented weaknesses. Both models identified two novel bugs and executed AI-driven smart contract exploits worth a simulated $3,694. GPT-5 achieved this outcome at an API cost of roughly $3,476.
Independent researchers reviewing the work say the results highlight a shift in offensive capability.
“We are entering an era where AI systems can not only replicate known exploits but generate new ones at scale,” — Dr. Lena Hartmann, Cybersecurity Researcher, ETH Zurich. Her remarks reflect a broadening academic consensus that offensive automation will outpace defensive tools unless the industry takes urgent steps.
These findings echo early warnings issued in the OpenAI Cybersecurity Preparedness Report, which predicted that future agents could materially elevate the speed and efficiency of exploit discovery across blockchain and traditional software ecosystems.
Anthropic stresses that all tests involving AI-driven smart contract exploits were performed on controlled, simulated blockchain environments, with no real funds at risk.
The decision to use forked chains and offline execution tools aligns with ethical research practices and allows precise measurement of financial impact. Smart contracts are particularly attractive for this analysis because researchers can replay an exploit deterministically and calculate its value using historical price data.
SCONE-bench uses a financial metric not a binary pass/fail system to evaluate success. An exploit run only counts if the agent ends with at least 0.1 ETH or BNB increase in its simulated wallet, ensuring that trivial bugs or gas-related anomalies do not register as meaningful wins. The structure of the benchmark is detailed in the SCONE-bench Technical Overview, which explains how exploit validity and monetary outcomes are computed.
Anthropic’s researchers concluded that the cost efficiency of AI-driven smart contract exploits has dramatically improved. According to the study, potential revenue from 2025-class vulnerabilities doubled roughly every 1.3 months, while the computational cost of executing a successful attack dropped significantly. This trend suggests that offensive capabilities are scaling faster than defensive countermeasures.
The research indicates that as AI models improve, attackers could produce more successful exploits at lower operational cost. These economic dynamics have deep implications for the DeFi sector, which often relies on immutable smart contract deployments with limited patching pathways.
“Attack economics are shifting as AI lowers the barrier to entry for discovering high-impact vulnerabilities,” — Mira D’Souza, Blockchain Security Lead, Trail of Bits. She said decentralized platforms may face growing pressure to incorporate automated auditing before contracts go live.
Although the study focused on blockchain systems, Anthropic notes that the same analytical and exploit-generation skills behind AI-driven smart contract exploits can extend to traditional software, including public APIs, internal enterprise tools and legacy infrastructure. This suggests that the threat window is broader than DeFi alone.
Yet Anthropic emphasizes that the same AI capabilities used for AI-driven smart contract exploits can also strengthen defenses. The company argues that automated tools can proactively scan, stress-test and rewrite vulnerable code, helping teams fix issues pre-deployment. Similar approaches are documented in the Anthropic Safety Research Library, which outlines defensive AI applications.
In its concluding remarks, the company urged blockchain developers to treat AI not only as a threat, but also as a necessary component of future security practices. The message to crypto builders is clear: AI-driven smart contract exploits reveal how exposed DeFi can be but also demonstrate how AI could become its strongest shield.
