On December 1, 2025, Anthropic’s security research team published findings that sent ripples through both the AI and cryptocurrency communities: AI agents built on frontier models including Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 had successfully developed exploits for smart contract vulnerabilities collectively worth $4.6 million — all discovered autonomously, without human guidance beyond the initial prompt. The research, conducted through the MATS program and Anthropic Fellows initiative, establishes a concrete lower bound for the economic impact of AI cyber capabilities and raises profound questions about the future of blockchain security in an AI-driven world.
The Synergy
The intersection of artificial intelligence and blockchain security has long been theoretical. We have discussed AI-powered auditing tools and machine learning models that detect anomalous transaction patterns. But Anthropic’s SCONE-bench (Smart CONtracts Exploitation benchmark) research transforms this from speculation into measurable reality. The benchmark comprises 405 smart contracts that were actually exploited between 2020 and 2025, providing a rigorous testing ground for evaluating how effectively AI agents can identify and exploit real-world vulnerabilities.
The results are striking. When tested against contracts exploited after the latest knowledge cutoff dates — June 2025 for Opus 4.5 and March 2025 for other models — the AI agents collectively identified vulnerabilities worth $4.6 million. More remarkably, the research found that exploit revenue from simulated stolen funds has been roughly doubling every 1.3 months over the past year, indicating an exponential improvement in AI exploitation capabilities.
AI Use Cases in Web3
The findings reveal that AI agents can perform sophisticated smart contract analysis including control-flow reasoning, boundary analysis, and programming fluency — skills directly transferable from general software exploitation to blockchain-specific attacks. The agents did not simply match known exploit patterns; they developed novel exploitation strategies tailored to each contract’s specific vulnerabilities.
Going beyond retrospective analysis, the researchers evaluated both Sonnet 4.5 and GPT-5 against 2,849 recently deployed contracts with no known vulnerabilities. Both agents uncovered two novel zero-day vulnerabilities and produced working exploits worth $3,694. GPT-5 accomplished this at an API cost of $3,476 — nearly breaking even in a pure cost-benefit analysis. This proof-of-concept demonstrates that profitable, real-world autonomous exploitation is technically feasible today.
The implications for the Web3 ecosystem are significant. If AI agents can autonomously find and exploit vulnerabilities for profit, the same capabilities can and should be redirected toward defense. Protocols that adopt AI-powered auditing proactively can identify and patch vulnerabilities before malicious actors — whether human or AI — discover them.
Data Privacy Implications
The dual-use nature of this research raises important questions about responsible disclosure and data access. Smart contracts are inherently public — all code and transaction logic exists on-chain for anyone to examine. This transparency, which is fundamental to blockchain’s trust model, also means that AI agents have unrestricted access to the attack surface. Unlike traditional software vulnerabilities that might require source code access or insider knowledge, smart contract exploits can be developed purely from publicly available data.
The research team’s responsible approach — testing only in blockchain simulators, never on live networks — sets an important precedent. But as these capabilities become more widely accessible, the question of how to govern their use becomes increasingly urgent. Open-source AI models with similar capabilities could be deployed by malicious actors without the ethical constraints that guided this research.
The Innovation Frontier
The most promising path forward lies in the defensive application of these same AI capabilities. If AI agents can find exploits worth millions, they can also be deployed in continuous auditing modes, monitoring deployed contracts for vulnerabilities in real-time. This represents a fundamental shift in how we approach blockchain security — from periodic manual audits to constant AI-powered surveillance.
Projects like Bittensor, which underwent its first halving in December 2025, are building decentralized AI networks that could potentially distribute this defensive capability across the ecosystem. The convergence of decentralized compute (DePIN), AI agents, and blockchain security creates an opportunity to build a more resilient infrastructure where attack and defense capabilities evolve in tandem.
Concluding Thoughts
Anthropic’s research marks a watershed moment in the AI-crypto convergence. The question is no longer whether AI can find and exploit blockchain vulnerabilities — it demonstrably can. The question is whether the ecosystem will adopt AI-powered defense as rapidly as offensive capabilities are advancing. With AI exploit effectiveness doubling roughly every six weeks, the window for proactive adoption of defensive AI is narrowing. The protocols and platforms that integrate AI auditing into their development and deployment pipelines will be best positioned to survive in this new landscape where autonomous exploitation is not a future threat, but a present reality.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. The views expressed are those of the author and do not necessarily reflect the positions of any mentioned organizations.
AI agents finding $4.6M in exploits autonomously and exploit revenue doubling every 1.3 months. the arms race between attackers and auditors just shifted to machines vs machines
SCONE-bench testing against 405 real exploited contracts is actually a solid methodology. at least the benchmark is grounded in reality not theoretical vulnerability models
This is exactly what I’ve been worried about. We’re entering an era where AI agents can find and exploit bugs faster than any human auditor can blink. It’s a literal arms race now between the devs and the bots. If your protocol isn’t using AI-driven defense, you’re basically leaving the front door unlocked.
While the tech is impressive, I’m still not sold on letting AI handle the entire security lifecycle. We’ve seen how “hallucinations” work in LLMs—what happens when an AI auditor misses a logic flaw that a human would catch in five minutes? Relying too much on autonomous tools might just create a false sense of security while the attackers get more sophisticated.
Interesting perspective on the “attack-audit” duality. The same heuristics used to patch a contract can be inverted to weaponize the exploit in milliseconds. We need to move toward “proof-of-security” standards where contracts are mathematically verified by AI before deployment. Otherwise, the sheer speed of autonomous exploits will make manual remediation obsolete.
ChainAnalyst_Pro proof-of-security primitives are the right direction but who verifies the verifier. if AI audits the contract and AI exploits the contract, you need a third AI to break the tie
lmao we really living in the matrix now. imagine getting rugged by a bot that realized your code had a tiny overflow error before you even finished the cup of coffee you bought with the gas fees. security is getting wild in 2026. definitely gonna be more careful with which degen pools i jump into from now on.