Have AI agents made the entire $148 billion DeFi sector unsafe?
A warning from one of decentralized finance’s (DeFi) early security figures has turned a difficult stretch of hacks into a broader test of how the industry can defend itself against artificial intelligence (AI).
On May 27, Manuel Aráoz, co-founder and former chief technology officer of OpenZeppelin, advised investors to exit DeFi positions, including exposure to established lending protocols such as Aave, MakerDAO, and Compound.
According to Aráoz, autonomous AI coding agents have widened the gap between attackers and defenders by making it easier to find vulnerabilities at scale. He wrote:
“Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric. Defenders need to fix every bug while attackers need just one exploit to steal funds.”
The warning gained traction because it came during a period of pressure for the broader DeFi market. Over the past year, the sector has lost more than $1.1 billion to exploits, with April accounting for $635 million across 28 reported hacks.
These security incidents resulted in the total value locked across decentralized finance falling from roughly $172 billion in mid-April to $148 billion as of press time, marking five consecutive weeks of outflows. The decline can also be linked to broader market weakness, which saw Bitcoin approach $72,000 earlier today.
Still, those figures have pushed the security debate beyond individual protocols and into a wider question of whether AI has lowered the cost of attacking DeFi faster than the industry can improve its defenses.
AI makes the search for weakness cheaper
Aráoz’s warning is grounded in the fact that artificial intelligence fundamentally lowers the cost and effort required to map smart contract vulnerabilities.
Over the past years, advanced AI models have introduced immense pressure by accelerating vulnerability discovery, exploit testing, and operational reconnaissance at near-zero cost.
Recent research from venture capital firm a16z validates this accelerating offensive capability by noting that AI agents have consistently identified core vulnerabilities in historical DeFi exploits.
According to the firm, even when agents failed to complete an exploit, they often reached the stage that gives attackers a starting point. A tool that reliably identifies weak points can reduce the expertise required to begin an attack.
Anthropic has similarly restricted public access to its unreleased Claude Mythos model precisely because of its capacity to autonomously discover and weaponize software flaws.
For DeFi, this development matters because the systems for many protocols are public, composable, and financially liquid. Thus, the code, governance structures, and integrations surrounding a platform can be studied openly to identify any vulnerabilities.
AI can make that process faster and cheaper, increasing pressure on teams whose defenses still depend heavily on audits, bug bounties and manual review.
Protocol leaders point to stronger infrastructure
However, concerns about AI have drawn pushback from founders and security firms, who say DeFi has become more resilient than in earlier cycles.
Blockchain security firm OpenZeppelin argued that many recent security incidents stemmed from operational failures instead of flaws in audited contract code.
According to the firm, most large losses in recent months have involved stolen private keys, bridge spoofing, social engineering, and access control issues. That pattern suggests that attackers have often targeted the systems around protocols, including teams, permissions, and infrastructure.
Aave founder Stani Kulechov made a similar argument. He said DeFi infrastructure today benefits from better risk engines, lending market structures, formal verification, audits, bug bounties, cap management, oracle improvements, automated monitoring, and circuit breakers.
Kulechov said much of the remaining attack surface involves Web2-style operational lapses, including weak internal controls and infrastructure processes.
Notably, that view aligns with April’s exploit wave, where several of the largest losses were tied to compromised keys, social engineering, and bridge-related failures. For context, Drift Protocol’s $285 million loss is tied to a six-month social engineering campaign from North Korea’s Lazarus Group.
Uniswap founder Hayden Adams also pushed back against the broader conclusion that DeFi itself has become unsafe.
He argued that well-built smart contracts can support applications with strong security properties, while AI is likely to expose weak code, rushed launches, and poor development practices more quickly.
That distinction has become central to the industry’s response. The debate is increasingly about which systems have the controls in place to withstand AI-assisted attacks, and which remain exposed due to weak operations, complex integrations, or limited monitoring.
DeFi teams bring AI into the defense stack
Meanwhile, the pushback from founders has not stopped teams from changing their approach to security.
Nansen, an agentic AI trading platform, told CryptoSlate that major protocols are leaning into AI tools on the defensive side rather than pulling away from open-source development.
This is corroborated by Deddy Lavid, chief executive officer of Cyvers, who said the industry is moving toward an AI-versus-AI security environment.
In this field, crypto developers are using the same AI tools to find and eradicate bugs before attackers do.
Notably, OpenZeppelin recently introduced tooling designed to help AI agents generate smart contracts using current, audited security libraries. The goal is to reduce reliance on stale training data or unsafe code patterns when agents assist developers.
Uniswap has also launched an AI-integrated developer platform to make secure deployments easier from the start.
Those efforts are significant examples of how the space is preparing for AI agents capable of discovering and weaponizing software flaws.
The quickest defense is limiting how far one failure can spread
The turn toward AI-assisted defense leaves DeFi with a more immediate task of slowing attacks before they become full protocol losses.
Cyvers’ Lavid said static, point-in-time audits are no longer enough for protocols that manage large pools of user funds. Defenders need continuous monitoring, live transaction simulation, and automated systems that can slow or pause activity when suspicious behavior appears.
Some of those safeguards are already being adopted. Lavid said some protocols have been including circuit breakers, transaction monitoring, multisig controls, and runtime protections into their operations.
These systems can reduce losses by limiting an attack before funds leave a protocol or by giving teams time to intervene when activity moves outside expected patterns.
That response carries a trade-off. Circuit breakers, multisig controls, and emergency pauses can protect users during an incident, but they also introduce more human discretion into systems built around open access and automated execution.
As AI increases the speed of attacks, DeFi may have to adopt more defensive measures to preserve user confidence.
Meanwhile, Richard Liu, co-founder of Huma Finance, said the sector should focus less on eliminating every possible failure and more on reducing the damage when failures occur.
He compared the current moment to the early development of digital commerce, where credit card networks continued to grow even as fraud remained part of the system.
Those networks managed the risk through real-time detection, transaction limits, tokenization, insurance, and liability rules. Liu said DeFi needs a similar approach, with systems designed so that a single compromised key, a configuration error, or a bug cannot drain an entire liquidity pool.
That means the next phase of DeFi security may be judged by blast radius. Protocols will need tighter limits on privileged roles, stronger key management, conservative exposure caps, better oracle design, transaction-level monitoring, and pre-execution blocking. Insurance, bug bounties, and live response teams could also become more important for platforms handling large amounts of user capital.
For users, the practical response may become more selective. Pseudonymous Yearn Finance developer Banteg said he disagrees with exiting all DeFi positions, but he acknowledges the asymmetry is real. His advice was to avoid new and exotic protocols and focus on older, more tested systems.
That caution could shape where capital goes next. Mature protocols with simpler designs, longer operating histories, and clearer controls may be better positioned to retain users. Protocols built around complex integrations or high yields may face more scrutiny as AI makes weak points easier to find.
Post Comment