Share this article
Anthropic Research Shows AI Agents Are Closing In on Real DeFi Attack Capability
Models tested by MATS and the Anthropic Fellows program generated turnkey exploit scripts and identified fresh vulnerabilities, suggesting automated exploitation is becoming technically and economically viable.
Dec 2, 2025, 9:11 a.m.
Make us preferred on Google
What to know:
- AI agents are now capable of finding and exploiting vulnerabilities in smart contracts, posing a potential threat as demonstrated by recent research.
- Models like GPT-5 and Sonnet 4.5 have successfully simulated exploits, revealing the feasibility of autonomous attacks in decentralized finance (DeFi).
- Researchers warn that as AI models become cheaper and more advanced, the risk of automated exploitation extends beyond DeFi to broader software and infrastructure vulnerabilities.
AI agents are getting good enough at finding attack vectors in smart contracts that they can already be weaponized by bad actors, according to new research published by the Anthropic Fellows program.
A study by the ML Alignment & Theory Scholars Program (MATS) and the Anthropic Fellows program tested frontier models against SCONE-bench, a dataset of 405 exploited contracts. GPT-5, Claude Opus 4.5 and Sonnet 4.5 collectively produced $4.6 million in simulated exploits on contracts hacked after their knowledge cutoffs, offering a lower bound on what this generation of AI could have stolen in the wild.
STORY CONTINUES BELOW
The team found that frontier models did not just identify bugs. They were able to synthesize full exploit scripts, sequence transactions and drain simulated liquidity in ways that closely mirror real attacks on the Ethereum and BNB Chain blockchains.
The paper also tested whether current models could find vulnerabilities that had not yet been exploited.
GPT-5 and Sonnet 4.5 scanned 2,849 recently deployed BNB Chain contracts that showed no signs of prior compromise. Both models uncovered two zero-day flaws worth $3,694 in simulated profit. One stemmed from a missing view modifier in a public function that allowed the agent to inflate its token balance.
Another allowed a caller to redirect fee withdrawals by supplying an arbitrary beneficiary address. In both cases, the agents generated executable scripts that converted the flaw into profit.
Although the dollar amounts were small, the discovery matters because it shows that profitable autonomous exploitation is technically feasible.
The cost to run the agent on the entire set of contracts was only $3,476, and the average cost per run was $1.22. As models become cheaper and more capable, the economics tilt further toward automation.
Researchers argue that this trend will shorten the window between contract deployment and attack, especially in DeFi environments where capital is publicly visible and exploitable bugs can be monetized instantly.
While the findings focus on DeFi, the authors warn that the underlying capabilities are not domain-specific.
The same reasoning steps that let an agent inflate a token balance or redirect fees can apply to conventional software, closed-source codebases, and infrastructure that supports crypto markets.
As model costs fall and tool use improves, automated scanning is likely to expand beyond public smart contracts to any service along the path to valuable assets.
The authors frame the work as a warning rather than a forecast. AI models can now perform tasks that historically required highly skilled human attackers, and the research suggests that autonomous exploitation in DeFi is no longer hypothetical.
The question now for crypto builders is how quickly defense can catch up.
More For You
KuCoin captured a record share of centralised exchange volume in 2025, with more than $1.25tn traded as its volumes grew faster than the wider crypto market.
What to know:
- KuCoin recorded over $1.25 trillion in total trading volume in 2025, equivalent to an average of roughly $114 billion per month, marking its strongest year on record.
- This performance translated into an all-time high share of centralised exchange volume, as KuCoin’s activity expanded faster than aggregate CEX volumes, which slowed during periods of lower market volatility.
- Spot and derivatives volumes were evenly split, each exceeding $500 billion for the year, signalling broad-based usage rather than reliance on a single product line.
- Altcoins accounted for the majority of trading activity, reinforcing KuCoin’s role as a primary liquidity venue beyond BTC and ETH at a time when majors saw more muted turnover.
- Even as overall crypto volumes softened mid-year, KuCoin maintained elevated baseline activity, indicating structurally higher user engagement rather than short-lived volume spikes.
More For You
Solana’s new phase is ‘much more about finance,’ says Backpack CEO Armani Ferrante
The Solana ecosystem has spent the past year doubling down on a financial infrastructure, Backpack CEO Armani Ferrante told CoinDesk.
What to know:
- Solana’s latest phase looks a lot less flashy than its memecoin-fueled highs, and that may be the goal.
- Armani Ferrante, CEO of crypto exchange Backpack, told CoinDesk in an interview the Solana ecosystem has spent the past year doubling down on a more sober focus: financial infrastructure. A
- fter years of experimentation as the wider crypto industry focused on NFTs, games and social tokens, attention is now shifting back toward decentralized finance, trading and payments.
Top Stories
