As hacking incidents rise and the total value locked in DeFi drops sharply, a prominent security executive claims that AI coding tools have made smart contracts extremely vulnerable.
By Sam Reynolds|Edited by Jamie Crawley May 27, 2026, 8:51 a.m. 1 min readMake preferred onKey Points:
- Manuel Aráoz, CEO of OpenZeppelin, expressed that he now views all of DeFi as unsafe, stating that AI coding agents have become “superhuman” in detecting vulnerabilities within smart contracts.
- This warning coincides with a significant decline of over $20 billion in DeFi's total value locked this year, along with more than $1.1 billion lost to hacks over the past year, including notable breaches at Kelp DAO and Step Finance.
- The emergence of advanced AI models like Anthropic’s limited Claude Mythos raises concerns that DeFi’s transparent, on-chain code may become increasingly hard to protect against faster, automated attacks.
Manuel Araoz, CEO of OpenZeppelin, has declared that he now regards "all" decentralized finance (DeFi) platforms as unsafe due to the ability of AI coding agents to identify vulnerabilities, as stated in a post on X on Wednesday.
His caution comes at a time when DeFi has seen its total value locked plummet by more than $20 billion since this year began, according to data from DeFiLlama. While some of this decline can be attributed to overall weaknesses in the crypto market, the sector has also faced a continuous wave of hacking incidents that challenge the trust in on-chain finance.
PSA: I now consider *all* of DeFi unsafe.
— Manuel Aráoz (@maraoz) May 26, 2026
Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.
Data from DeFiLlama indicates that over $1.1 billion has been lost to hacks in the DeFi space over the last year, including the notable $292 million exploit of Kelp DAO in April, which highlighted how vulnerabilities in cross-chain systems can quickly impact the entire ecosystem. Additionally, Solana-based Step Finance ceased operations after a $27 million hacking incident earlier this year left the project unable to recover.
Araoz's remarks come in light of warnings from Anthropic about its Claude Mythos AI model's capability to autonomously identify software vulnerabilities and create effective exploits, which the company claims surpasses current automated tools.
This situation raises serious concerns for DeFi, which has been designed around the premise of human attackers acting at a human pace.
The transparency of DeFi, once seen as a strength, could turn into a disadvantage if machine systems can rapidly scan publicly accessible smart contract code, pinpoint weaknesses, and exploit them faster than human defenders can address them.