Anthropic's AI agents autonomously generate $4.6M in smart contract exploits, raising alarm

An AI for an AI: Anthropic says AI agents require AI defense

Automated software keeps getting better at pilfering cryptocurrency Anthropic could have scored an easy $4.6 million by using its Claude AI models to find and exploit vulnerabilities in blockchain smart contracts. The AI upstart didn't use the attack it found, which would have been an illegal act that would also undermine the company's we-try-harder image. Anthropic can probably also do without $4.6 million, a sum that would vanish as a rounding error amid the billions it's spending. But it could have done so, as described by the company's security scholars. And that's intended to be a warning to anyone who remains blasé about the security implications of increasingly capable AI models. Anthropic this week introduced SCONE-bench, a Smart CONtracts Exploitation benchmark for evaluating how effectively AI agents - models armed with tools - can find and finesse flaws in smart contracts, which consist of code running on a blockchain to automate transactions. It did so, company researchers say, because AI agents keep getting better at exploiting security flaws - at least as measured by benchmark testing. "Over the last year, exploit revenue from stolen simulated funds roughly doubled every 1.3 months," Anthropic's AI eggheads assert. They argue that SCONE-bench is needed because existing cybersecurity tests fail to assess the financial risks posed by AI agents. The SCONE-bench dataset consists of 405 smart contracts on three Ethereum-compatible blockchains (Ethereum, Binance Smart Chain, and Base). It's derived from the DefiHackLabs repository of smart contracts successfully exploited between 2020 and 2025. Anthropic's researchers found that for contracts exploited after March 1, 2025 - the training data cut-off date for Opus 4.5 - Claude Opus 4.5, Claude Sonnet 4.5, and OpenAI's GPT-5 emitted exploit code worth $4.6 million. The chart below illustrates how 10 frontier models did on the full set of 405 smart contracts. And when the researchers tested Sonnet 4.5 and GPT-5 in a simulation against 2,849 recently deployed contracts with no publicly disclosed vulnerabilities, the two AI agents identified two zero-day flaws and created exploits worth $3,694. Focusing on GPT-5 "because of its cheaper API costs," the researchers noted that having GPT-5 test all 2,849 candidate contracts cost a total of $3,476. The average cost per agent run, they said, came to $1.22; the average cost per vulnerable contract identified was $1,738; the average revenue per exploit was $1,847; and the average net profit was $109. "This demonstrates as a proof-of-concept that profitable, real-world autonomous exploitation is technically feasible, a finding that underscores the need for proactive adoption of AI for defense," the Anthropic bods said in a blog post. One might also argue that it underscores the dodginess of smart contracts. Other researchers have developed similar systems to steal cryptocurrency. As we reported in July, computer scientists at University College London and the University of Sydney created an automated exploitation framework called A1 that's said to have stolen $9.33 million in simulated funds. At the time, the academics involved said that the cost of identifying a vulnerable smart contract came to about $3,000. By Anthropic's measure, the cost has fallen to $1,738, underscoring warnings about how the declining cost of finding and exploiting security issues will make these sorts of attacks more financially appealing. Anthropic's AI bods conclude by arguing that AI can defend against the risks created by AI. ®

Frontier AI Models Demonstrate Human-Level Capability in Smart Contract Exploits - Decrypt

Agents also discovered two new zero-day vulnerabilities in recent Binance Smart Chain contracts. AI agents matched the performance of skilled human attackers in more than half of the smart contract exploits recorded on major blockchains over the last five years, according to new data released Monday by Anthropic. Anthropic evaluated ten frontier models, including Llama 3, Sonnet 3.7, Opus 4, GPT-5, and DeepSeek V3, on a dataset of 405 historical smart contract exploits. The agents produced working attacks against 207 of them, totaling $550 million in simulated stolen funds. The findings showed how quickly automated systems can weaponize vulnerabilities and identify new ones that developers have not addressed. The new disclosure is the latest from the developer of Claude AI. Last month, Anthropic detailed how Chinese hackers used Claude Code to launch what it called the first AI-driven cyberattack. Security experts said the results confirmed how accessible many of these flaws already are. "AI is already being used in ASPM tools like Wiz Code and Apiiro, and in standard SAST and DAST scanners," David Schwed, COO of SovereignAI, told Decrypt. "That means bad actors will use the same technology to identify vulnerabilities." Schwed said the model-driven attacks described in the report would be straightforward to scale because many vulnerabilities are already publicly disclosed through Common Vulnerabilities and Exposures or audit reports, making them learnable by AI systems and easy to attempt against existing smart contracts. "Even easier would be to find a disclosed vulnerability, find projects that forked that project, and just attempt that vulnerability, which may not have been patched," he said. "This can all be done now 24/7, against all projects. Even those now with smaller TVLs are targets because why not? It's agentic." To measure current capabilities, Anthropic plotted each model's total exploit revenue against its release date using only the 34 contracts exploited after March 2025. "Although total exploit revenue is an imperfect metric -- since a few outlier exploits dominate the total revenue -- we highlight it over attack success rate because attackers care about how much money AI agents can extract, not the number or difficulty of the bugs they find," the company wrote. Anthropic did not immediately respond to requests for comment by Decrypt. Anthropic said it tested the agents on a zero-day dataset of 2,849 contracts drawn from more than 9.4 million on Binance Smart Chain. The company said Claude Sonnet 4.5 and GPT-5 each uncovered two undisclosed flaws that produced $3,694 in simulated value, with GPT-5 achieving its result at an API cost of $3,476. Anthropic noted that all tests ran in sandboxed environments that replicated blockchains and not real networks. Its strongest model, Claude Opus 4.5, exploited 17 of the post-March 2025 vulnerabilities and accounted for $4.5 million of the total simulated value. The company linked improvements across models to advances in tool use, error recovery, and long-horizon task execution. Across four generations of Claude models, token costs fell by 70.2%. One of the newly discovered flaws involved a token contract with a public calculator function that lacked a view modifier, which allowed the agent to repeatedly alter internal state variables and sell inflated balances on decentralized exchanges. The simulated exploit generated about $2,500. Schwed said the issues highlighted in the experiment were "really just business logic flaws," adding that AI systems can identify these weaknesses when given structure and context. "AI can also discover them given an understanding of how a smart contract should function and with detailed prompts on how to attempt to circumvent logic checks in the process," he said. Anthropic said the capabilities that enabled agents to exploit smart contracts also apply to other types of software, and that falling costs will shrink the window between deployment and exploitation. The company urged developers to adopt automated tools in their security workflows so defensive use advances as quickly as offensive use. Despite Anthropic's warning, Schwed said the outlook is not solely negative. "I always push back on the doom and gloom and say with proper controls, rigorous internal testing, along with real-time monitoring and circuit breakers, most of these are avoidable," he said. "The Good actors have the same access to the same agents. So if the bad actors can find it, so can the good actors. We have to think and act differently."

Anthropic study says AI agents developed $4.6M in smart contract bugs

Commercial AI models were able to autonomously generate real-world smart contract exploits worth millions and found the costs of attack are falling rapidly. Recent research by major artificial intelligence company Antropic and AI security organization Machine Learning Alignment & Theory Scholars (MATS) showed that AI agents collectively developed smart contract exploits worth $4.6 million. Research released by Anthropic's red team (a team dedicated to acting like a bad actor to discover potential for abuse) on Monday found that currently available commercial AI models are significantly capable of exploiting smart contracts. Anthropic's Claude Opus 4.5, Claude Sonnet 4.5, and OpenAI's GPT-5 collectively developed exploits worth $4.6 million when tested on contracts, exploiting them after their most recent training data was gathered. Researchers also tested both Sonnet 4.5 and GPT-5 on 2,849 recently deployed contracts without any known vulnerabilities, and both "uncovered two novel zero-day vulnerabilities and produced exploits worth $3,694." GPT-5's API cost for this was $3,476, meaning the exploits would have covered the cost. "This demonstrates as a proof-of-concept that profitable, real-world autonomous exploitation is technically feasible, a finding that underscores the need for proactive adoption of AI for defense," the team wrote. Related: UXLink hack turns ironic as attacker gets phished mid-exploit Researchers also developed the Smart Contracts Exploitation (SCONE) benchmark, comprising 405 contracts that were actually exploited between 2020 and 2025. When tested with 10 models, they collectively produced exploits for 207 contracts, leading to a simulated loss of $550.1 million. Researchers also suggested that the output required (measured in tokens in the AI industry) for an AI agent to develop an exploit will decrease over time, thereby reducing the cost of this operation. "Analyzing four generations of Claude models, the median number of tokens required to produce a successful exploit declined by 70.2%," the research found. Related: Coinbase's preferred AI coding tool can be hijacked by new virus The study argues that AI capabilities in this area are improving at a rapid pace. "In just one year, AI agents have gone from exploiting 2% of vulnerabilities in the post-March 2025 portion of our benchmark to 55.88% -- a leap from $5,000 to $4.6 million in total exploit revenue," the team claims. Furthermore, most of the smart contract exploits of this year "could have been executed autonomously by current AI agents." The research also showed that the average cost to scan a contract for vulnerabilities is $1.22. Researchers believe that with falling costs and rising capabilities, "the window between vulnerable contract deployment and exploitation will continue to shrink." Such a situation would leave developers less time to detect and patch vulnerabilities before they are exploited.

Could AI Agents Exploit Ethereum, XRP, Solana? Anthropic Says It's Possible

AI firm Anthropic says its latest tests showed AI agents autonomously hacking top blockchains and draining simulated funds, signaling that automated exploits may now threaten blockchains like Ethereum (CRYPTO: ETH), XRP (CRYPTO: XRP) and Solana (CRYPTO: SOL) at scale. AI Agents Execute Realistic Exploits Across Ethereum, BNB Chain And Base A test environment showed AI models, including Claude Opus 4.5 and Claude Sonnet 4.5, exploiting 17 of 34 smart contracts deployed after March 2025. The models drained $4.5 million in simulated funds, according to Anthropic. The company expanded the experiment to 405 previously exploited contracts across Ethereum, BNB Smart Chain (CRYPTO: BNB), and Base. The result: AI agents executed 207 profitable attacks, generating $550 million in simulated revenue. The report said these models replicated real-world attacker behavior by identifying bugs, generating full exploit scripts and sequencing transactions to drain liquidity pools. Anthropic noted that the tests demonstrate how AI agents now automate tasks historically performed by skilled human hackers. GPT-5 And Sonnet Models Discover Zero-Day Bugs In New Contracts Researchers from the ML Alignment & Theory Scholars Program and the Anthropic Fellows Program also tasked GPT-5 and Sonnet 4.5 with scanning 2,849 recently deployed contracts that showed no signs of compromise, according to CoinDesk. The models uncovered two previously unknown vulnerabilities that allowed unauthorized withdrawals and balance manipulation. The exploits produced $3,694 in simulated gains at a total compute cost of $3,476 -- the average cost of a single exploit run was $1.22. According to Anthropic, declining model costs will make automated scanning and exploitation more economically attractive for attackers. Exploitation Capability Growing Faster Than Defenses More than half of the blockchain attacks recorded in 2025 could have been executed autonomously by current-generation AI agents. The company warned that exploit revenue doubled every 1.3 months last year as models improved and operational costs declined. The firm said attackers can now probe any contract interacting with valuable assets, including authentication libraries, logging tools, or long-neglected API endpoints. It added that the same reasoning used to exploit decentralized finance protocols could apply to traditional software and infrastructure supporting digital asset markets. AI Could Also Strengthen Smart Contract Security Despite the risks, Anthropic said the same agents capable of identifying and exploiting flaws can be adapted to detect and patch vulnerabilities before deployment. The company plans to open-source its SCONE-bench dataset to help developers benchmark and harden smart contracts. The findings should shift expectations among blockchain builders, noting that "now is the time to adopt AI for defense," Anthropic concluded. Read Next: Federal Reserve Ends Quantitative Tightening: A New Era For Crypto Liquidity Begins Image: Shutterstock $ETHEthereum - United States dollar$2858.701.95%Overview$BNBBNBNot Available-%$SOLSolana - United States dollar$131.183.52%$XRPRipple - United States dollar$2.051.23%Market News and Data brought to you by Benzinga APIs