AI Agents Can Now Detect 92% of DeFi Exploits — But They Can Also Create Them

A purpose-built AI agent just detected vulnerabilities behind $96.8 million in DeFi losses — catching exploits that a general-purpose GPT-5.1 agent missed in 58 out of 90 contracts. Meanwhile, OpenAI and Paradigm's EVMbench benchmark shows frontier models can now generate working exploits for 71% of known smart contract flaws. The same technology that protects DeFi protocols can also attack them, and the arms race is accelerating faster than most teams realize.

The $3.4 Billion Problem That Auditors Keep Missing

Cryptocurrency theft hit $3.4 billion in 2025 according to Chainalysis — and the uncomfortable truth is that many exploited contracts had already passed professional audits. The Bybit hack alone accounted for $1.4 billion, while protocols like Cetus ($223 million) and Balancer ($128 million) suffered breaches despite established security practices.

The problem isn't that auditors are incompetent. It's that human reviewers face an impossible scaling challenge: DeFi's total value locked has surged past $119 billion, code complexity is increasing, and the attack surface expands every time a new protocol deploys. A single auditor reviewing a complex protocol might spend weeks analyzing interactions between dozens of contracts, and still miss the one edge case that a determined attacker finds.

This is precisely the gap that AI security agents are now filling — and the results from early benchmarks suggest a fundamental shift in how smart contract security works.

Cecuro's 92% Detection Rate: What the Numbers Actually Mean

In February 2026, AI security firm Cecuro released an open-source benchmark that tested its purpose-built security agent against 90 real-world DeFi contracts exploited between October 2024 and early 2026. The results were striking.

Cecuro's specialized agent flagged vulnerabilities in 92% of the exploited contracts, identifying flaws linked to $96.8 million in verified losses. By comparison, a baseline coding agent powered by GPT-5.1 detected only 34% of vulnerabilities, covering just $7.5 million in losses.

The 2.7x performance gap isn't just a numbers game. It reveals three critical failure modes in general-purpose AI when applied to smart contract security:

1. Lack of Verifiable Feedback. General-purpose models produce plausible-sounding analysis but have no mechanism to verify whether a detected "vulnerability" is actually exploitable. Cecuro's agent integrates domain-specific testing frameworks that validate findings against real execution environments.

2. Insufficient Systematic Coverage. A GPT-5.1 agent analyzing a contract often stops after identifying the first significant issue. Cecuro's agent implements structured review phases — access control analysis, state manipulation checks, cross-contract interaction review — ensuring comprehensive coverage.

3. Context Saturation. Complex DeFi protocols involve multiple interconnected contracts, external oracle dependencies, and governance mechanisms. General-purpose models hit context limitations and begin making premature conclusions. Purpose-built agents use DeFi-specific heuristics to prioritize which interactions matter most.

Cecuro open-sourced the dataset and evaluation framework on GitHub while withholding the full security agent to prevent offensive misuse — a responsible disclosure approach that lets the industry verify claims without weaponizing the tool.

EVMbench: OpenAI and Paradigm Quantify the AI Security Frontier

Cecuro's benchmark wasn't the only major evaluation to drop in early 2026. In February, OpenAI and Paradigm jointly released EVMbench, a benchmark evaluating AI agents across three dimensions of smart contract security: detecting vulnerabilities, patching flawed code, and exploiting known weaknesses.

EVMbench draws on 117 curated vulnerabilities from 40 audits, primarily sourced from open code audit competitions. The results paint a nuanced picture:

• Exploit generation: GPT-5.3-Codex running via Codex CLI achieves 71.0% — producing working exploits for nearly three-quarters of known vulnerabilities. This represents a dramatic improvement over GPT-5's 33.3% and suggests exploit capability is scaling rapidly with each model generation.
• Detection: Agents frequently stop after identifying a single issue rather than exhaustively auditing the entire codebase, leaving critical vulnerabilities undiscovered.
• Patching: Maintaining full contract functionality while removing subtle vulnerabilities proves challenging — agents often introduce new bugs while fixing old ones.

The asymmetry is revealing: it's easier for AI to break things than to fix them. This mirrors a fundamental dynamic in cybersecurity, but with AI agents, the gap is widening at unprecedented speed.

The Offense-Defense Arms Race Is Already Here

Anthropic's research team published findings showing that frontier AI models can now autonomously discover and exploit novel zero-day vulnerabilities in smart contracts. When tested against contracts exploited after the models' March 2025 knowledge cutoff, models like Claude Opus 4.5 and GPT-5 collectively generated exploits worth $4.6 million in simulated losses.

More alarming: both Claude Sonnet 4.5 and GPT-5 uncovered two novel zero-day vulnerabilities with exploits worth $3,694 — proof that profitable autonomous exploitation is technically feasible. The cost? Just $1.22 per contract scan, with a net profit of $109 per successful zero-day identified.

Over the past year, frontier models' exploit revenue on benchmark problems has doubled roughly every 1.3 months. A cybercriminal with a few hundred dollars of computing budget can now point an AI agent at thousands of contracts, let it scan for vulnerabilities, and generate working exploits without writing a single line of code.

This creates an urgent imperative: if AI-powered attackers can scan the entire DeFi ecosystem cheaply and autonomously, defenders need equally capable AI tools running continuously. The traditional model of one-time audits before deployment is no longer sufficient.

Purpose-Built vs. General-Purpose: Why Specialization Wins

The Cecuro benchmark highlights a pattern emerging across AI security: domain-specific optimization delivers 2-3x performance gains over general-purpose models. This isn't unique to smart contracts — similar dynamics play out in medical imaging, legal analysis, and code review — but the stakes in DeFi make the difference existential.

Several factors explain why purpose-built security agents outperform general models:

Training Data Curation. Cecuro's agent was trained on verified exploit datasets, not just code completion tasks. It understands the specific patterns that lead to reentrancy attacks, oracle manipulation, flash loan exploits, and privilege escalation — not as abstract concepts but as concrete code patterns with known exploitation paths.

Structured Review Methodology. Rather than free-form analysis, purpose-built agents implement systematic audit methodologies similar to those used by firms like Trail of Bits, OpenZeppelin, and Certora. Each review phase covers specific vulnerability categories with appropriate depth.

Execution Environment Integration. Purpose-built agents can fork mainnet state, deploy test contracts, and validate exploits in simulated environments. General-purpose models reason about code statically, missing dynamic interactions that only emerge at runtime.

The competitive landscape is rapidly evolving. Nethermind's AuditAgent has been deployed in case studies with UBS and LUKSO. Consensys Diligence launched Chonky, combining AI agents with human expert guidance. Sherlock and Veritas Protocol offer automated screening tools. The consensus emerging across the industry: hybrid approaches combining AI screening with human expertise catch 95%+ of vulnerabilities, compared to 60-70% for manual-only or 70-85% for AI-only audits.

What This Means for DeFi Protocol Teams

The implications for any team deploying or maintaining DeFi smart contracts are significant:

Continuous monitoring becomes mandatory. One-time pre-deployment audits are necessary but insufficient. AI agents scanning for vulnerabilities 24/7, integrated with monitoring systems that can pause contracts when threats are detected, will become standard infrastructure.

Audit costs are compressing. AI-assisted audits are already 10x faster than purely manual reviews. As purpose-built tools mature, comprehensive security screening will become accessible to smaller protocols that previously couldn't afford top-tier auditors.

The defender's advantage is real — but time-limited. Purpose-built security agents currently outperform general-purpose AI in defense. But the rapid improvement in frontier model exploit capabilities (doubling every 1.3 months) means the window for establishing defensive infrastructure is closing.

Open benchmarks accelerate the entire field. Both Cecuro's open-source dataset and OpenAI/Paradigm's EVMbench enable any team to evaluate and improve their security tooling against real-world exploits. Protocols that aren't testing their defenses against these benchmarks are falling behind.

The Road Ahead: AI Auditors as Infrastructure

Smart contracts routinely secure over $100 billion in open-source crypto assets. The convergence of AI attack capabilities and AI defense capabilities is reshaping the security landscape from a periodic consulting engagement into a continuous infrastructure requirement.

The data from Cecuro's benchmark, EVMbench, and Anthropic's offensive research all point to the same conclusion: the future of smart contract security isn't human or AI — it's human-guided AI systems running purpose-built security agents that understand DeFi at a domain-specific level.

Teams that treat AI auditing as a nice-to-have will increasingly find themselves defending against attackers who treat it as standard operating procedure. In DeFi security, the asymmetry has always favored attackers. Purpose-built AI agents are the first technology with the potential to flip that equation — but only if the industry adopts them before the offense side fully matures.

BlockEden.xyz provides robust blockchain API infrastructure that DeFi protocols and security teams rely on for real-time on-chain data access — essential for the continuous monitoring and threat detection that AI-powered security demands. Explore our API marketplace to build on infrastructure designed for the speed and reliability DeFi security requires.