Manuel Aráoz, co-founder of cybersecurity firm OpenZeppelin, has declared the entire DeFi sector unsafe. He argues that the rapid development of AI agents has created a critical asymmetry between defenders and attackers.
PSA: I now consider *all* of DeFi unsafe.
— Manuel Aráoz (@maraoz) May 26, 2026
Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.
Aráoz has personally advised friends and family to close all positions in DeFi protocols. This warning extends even to well-known platforms like Aave, MakerDAO, and Compound.
The expert explained his stance by noting that modern neural networks already surpass humans in identifying vulnerabilities in code. In this context, ensuring the security of smart contracts becomes a losing battle: developers must eliminate every single error, while an attacker only needs to find one using AI.
This statement comes amid growing concerns about the use of artificial intelligence in Web3. In March, OpenZeppelin launched OpenZeppelin Skills, a tool designed to train AI agents for safe interactions with smart contracts. At that time, the company warned about the risks of misconfiguring toolchains and errors that complicate auditing and code verification.
The increasing risks are also reflected in market metrics. The total value locked in the DeFi sector has decreased by 14% since mid-April, dropping from $172 billion to $148 billion.
Additionally, in May, Anthropic released its first report on Project Glasswing, a program for identifying vulnerabilities using the Claude Mythos model.