Share this article
DeFi isn’t safe anymore because AI is becoming ‘superhuman’ at hacking, security chief warns
As hacks pile up and DeFi TVL falls fast, one of crypto’s top security executives says AI coding agents have made smart contracts fatally vulnerable.
May 27, 2026, 8:51 a.m. 1 min read
What to know:
- OpenZeppelin CEO Manuel Aráoz warned that he now considers all of DeFi unsafe, arguing that AI coding agents have become “superhuman” at finding vulnerabilities in smart contracts.
- His comments come amid a sharp decline of more than $20 billion in DeFi’s total value locked this year and over $1.1 billion lost to hacks in the past 12 months, including high-profile exploits at Kelp DAO and Step Finance.
- The rise of powerful AI models like Anthropic’s restricted Claude Mythos, which can autonomously discover and weaponize software flaws, is raising new concerns that DeFi’s transparent, on-chain code may be increasingly difficult to defend at human speed.
PSA: I now consider *all* of DeFi unsafe.
Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.
— Manuel Aráoz (@maraoz) May 26, 2026
DefiLlama data shows that more than $1.1 billion has been lost to DeFi hacks over the past 365 days, including April’s $292 million Kelp DAO exploit, which exposed how vulnerabilities in cross-chain infrastructure can quickly spill into the broader ecosystem. Solana-based Step Finance, meanwhile, shut down earlier this year after a $27 million exploit left the project unable to recover.
