AI models uncover millions in smart contract vulnerabilities
Anthropic’s Frontier Red Team has released one of the most significant studies to date on AI-driven security testing for blockchain. Using advanced AI agents across the SCONE-bench dataset, researchers evaluated 405 real smart contracts that had been exploited between 2020 and 2025.
When tested on contracts that were hacked after the models’ knowledge cutoff of March 2025, three leading AI systems — Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 — collectively identified exploits amounting to approximately 4.6 million dollars.
This demonstrates that modern AI is not only capable of detecting known vulnerabilities but can also reconstruct exploit paths that resemble real-world attacks.
AI agents discovered two zero-day bugs in newly deployed contracts
Anthropic also evaluated nearly 2,850 recently deployed smart contracts that had no publicly reported vulnerabilities. During sandbox simulations, AI agents uncovered two previously unknown zero-day flaws.
No tests were carried out on live blockchains. All exploit simulations occurred in controlled environments, but the implications are substantial: if AI can autonomously discover real vulnerabilities, malicious actors could eventually attempt the same.
What this means for DeFi and smart contract security
The findings highlight a rapidly changing threat landscape:
• under-audited protocols face increased systemic risk
• basic static analysis is no longer sufficient
• attackers may soon adopt AI-driven exploit frameworks
• developers will need layered security and continuous monitoring
Even well-established platforms may be more vulnerable than expected if their code paths, liquidity mechanisms, or governance modules have not been tested under adversarial AI stress.
The industry may need to transition from occasional audits to permanent AI-augmented defensive monitoring.
Recommendations from Anthropic’s researchers
The report suggests that smart contract teams should incorporate AI-based testing into their standard development and deployment workflows. Recommended practices include:
• running AI agents in sandbox environments during audits
• using SCONE-bench or similar benchmarks before deployment
• monitoring deployed contracts continuously for evolving threats
• combining traditional manual audits with automated AI stress testing
• maintaining liquidity reserves or insurance buffers for unforeseen failures
Anthropic emphasizes that AI-driven tools are not replacements for human auditors — but they can extend attack-surface coverage far beyond what manual reviews typically achieve.
Why this research is a wake-up call for the crypto ecosystem
The study demonstrates that exploit discovery is becoming:
• faster
• cheaper
• more automated
• less reliant on human expertise
As AI improves, both defenders and attackers may gain asymmetric capabilities. DeFi protocols must assume that adversaries will soon have access to the same scanning and exploitation frameworks used in this research.
Regulators, custodians, and insurance providers will also need to treat code as a dynamic, risk-bearing asset rather than a static component.
What BTCUSA will monitor next
The implications of Anthropic’s research extend far beyond smart contract testing. BTCUSA will track:
• how quickly DeFi protocols adopt AI-driven security tools
• early signs of AI-enabled exploits in the wild
• whether zero-day vulnerabilities become more common
• the emergence of new industry security standards
• the reaction from auditors, exchanges, and institutional players
This research marks a turning point in the evolution of blockchain security. AI has entered the battlefield — and both sides of the attack-defense equation will need to adapt.
