AI Agents Match Human Hackers in Smart Contract Exploits, Generate $4.6M in Simulated Attacks

Frontier AI Models Demonstrate Human-Level Capability in Smart Contract Exploits - Decrypt

Agents also discovered two new zero-day vulnerabilities in recent Binance Smart Chain contracts. AI agents matched the performance of skilled human attackers in more than half of the smart contract exploits recorded on major blockchains over the last five years, according to new data released Monday by Anthropic. Anthropic evaluated ten frontier models, including Llama 3, Sonnet 3.7, Opus 4, GPT-5, and DeepSeek V3, on a dataset of 405 historical smart contract exploits. The agents produced working attacks against 207 of them, totaling $550 million in simulated stolen funds. The findings showed how quickly automated systems can weaponize vulnerabilities and identify new ones that developers have not addressed. The new disclosure is the latest from the developer of Claude AI. Last month, Anthropic detailed how Chinese hackers used Claude Code to launch what it called the first AI-driven cyberattack. Security experts said the results confirmed how accessible many of these flaws already are. "AI is already being used in ASPM tools like Wiz Code and Apiiro, and in standard SAST and DAST scanners," David Schwed, COO of SovereignAI, told Decrypt. "That means bad actors will use the same technology to identify vulnerabilities." Schwed said the model-driven attacks described in the report would be straightforward to scale because many vulnerabilities are already publicly disclosed through Common Vulnerabilities and Exposures or audit reports, making them learnable by AI systems and easy to attempt against existing smart contracts. "Even easier would be to find a disclosed vulnerability, find projects that forked that project, and just attempt that vulnerability, which may not have been patched," he said. "This can all be done now 24/7, against all projects. Even those now with smaller TVLs are targets because why not? It's agentic." To measure current capabilities, Anthropic plotted each model's total exploit revenue against its release date using only the 34 contracts exploited after March 2025. "Although total exploit revenue is an imperfect metric -- since a few outlier exploits dominate the total revenue -- we highlight it over attack success rate because attackers care about how much money AI agents can extract, not the number or difficulty of the bugs they find," the company wrote. Anthropic did not immediately respond to requests for comment by Decrypt. Anthropic said it tested the agents on a zero-day dataset of 2,849 contracts drawn from more than 9.4 million on Binance Smart Chain. The company said Claude Sonnet 4.5 and GPT-5 each uncovered two undisclosed flaws that produced $3,694 in simulated value, with GPT-5 achieving its result at an API cost of $3,476. Anthropic noted that all tests ran in sandboxed environments that replicated blockchains and not real networks. Its strongest model, Claude Opus 4.5, exploited 17 of the post-March 2025 vulnerabilities and accounted for $4.5 million of the total simulated value. The company linked improvements across models to advances in tool use, error recovery, and long-horizon task execution. Across four generations of Claude models, token costs fell by 70.2%. One of the newly discovered flaws involved a token contract with a public calculator function that lacked a view modifier, which allowed the agent to repeatedly alter internal state variables and sell inflated balances on decentralized exchanges. The simulated exploit generated about $2,500. Schwed said the issues highlighted in the experiment were "really just business logic flaws," adding that AI systems can identify these weaknesses when given structure and context. "AI can also discover them given an understanding of how a smart contract should function and with detailed prompts on how to attempt to circumvent logic checks in the process," he said. Anthropic said the capabilities that enabled agents to exploit smart contracts also apply to other types of software, and that falling costs will shrink the window between deployment and exploitation. The company urged developers to adopt automated tools in their security workflows so defensive use advances as quickly as offensive use. Despite Anthropic's warning, Schwed said the outlook is not solely negative. "I always push back on the doom and gloom and say with proper controls, rigorous internal testing, along with real-time monitoring and circuit breakers, most of these are avoidable," he said. "The Good actors have the same access to the same agents. So if the bad actors can find it, so can the good actors. We have to think and act differently."

Anthropic study says AI agents developed $4.6M in smart contract bugs

Commercial AI models were able to autonomously generate real-world smart contract exploits worth millions and found the costs of attack are falling rapidly. Recent research by major artificial intelligence company Antropic and AI security organization Machine Learning Alignment & Theory Scholars (MATS) showed that AI agents collectively developed smart contract exploits worth $4.6 million. Research released by Anthropic's red team (a team dedicated to acting like a bad actor to discover potential for abuse) on Monday found that currently available commercial AI models are significantly capable of exploiting smart contracts. Anthropic's Claude Opus 4.5, Claude Sonnet 4.5, and OpenAI's GPT-5 collectively developed exploits worth $4.6 million when tested on contracts, exploiting them after their most recent training data was gathered. Researchers also tested both Sonnet 4.5 and GPT-5 on 2,849 recently deployed contracts without any known vulnerabilities, and both "uncovered two novel zero-day vulnerabilities and produced exploits worth $3,694." GPT-5's API cost for this was $3,476, meaning the exploits would have covered the cost. "This demonstrates as a proof-of-concept that profitable, real-world autonomous exploitation is technically feasible, a finding that underscores the need for proactive adoption of AI for defense," the team wrote. Related: UXLink hack turns ironic as attacker gets phished mid-exploit Researchers also developed the Smart Contracts Exploitation (SCONE) benchmark, comprising 405 contracts that were actually exploited between 2020 and 2025. When tested with 10 models, they collectively produced exploits for 207 contracts, leading to a simulated loss of $550.1 million. Researchers also suggested that the output required (measured in tokens in the AI industry) for an AI agent to develop an exploit will decrease over time, thereby reducing the cost of this operation. "Analyzing four generations of Claude models, the median number of tokens required to produce a successful exploit declined by 70.2%," the research found. Related: Coinbase's preferred AI coding tool can be hijacked by new virus The study argues that AI capabilities in this area are improving at a rapid pace. "In just one year, AI agents have gone from exploiting 2% of vulnerabilities in the post-March 2025 portion of our benchmark to 55.88% -- a leap from $5,000 to $4.6 million in total exploit revenue," the team claims. Furthermore, most of the smart contract exploits of this year "could have been executed autonomously by current AI agents." The research also showed that the average cost to scan a contract for vulnerabilities is $1.22. Researchers believe that with falling costs and rising capabilities, "the window between vulnerable contract deployment and exploitation will continue to shrink." Such a situation would leave developers less time to detect and patch vulnerabilities before they are exploited.

Could AI Agents Exploit Ethereum, XRP, Solana? Anthropic Says It's Possible

AI firm Anthropic says its latest tests showed AI agents autonomously hacking top blockchains and draining simulated funds, signaling that automated exploits may now threaten blockchains like Ethereum (CRYPTO: ETH), XRP (CRYPTO: XRP) and Solana (CRYPTO: SOL) at scale. AI Agents Execute Realistic Exploits Across Ethereum, BNB Chain And Base A test environment showed AI models, including Claude Opus 4.5 and Claude Sonnet 4.5, exploiting 17 of 34 smart contracts deployed after March 2025. The models drained $4.5 million in simulated funds, according to Anthropic. The company expanded the experiment to 405 previously exploited contracts across Ethereum, BNB Smart Chain (CRYPTO: BNB), and Base. The result: AI agents executed 207 profitable attacks, generating $550 million in simulated revenue. The report said these models replicated real-world attacker behavior by identifying bugs, generating full exploit scripts and sequencing transactions to drain liquidity pools. Anthropic noted that the tests demonstrate how AI agents now automate tasks historically performed by skilled human hackers. GPT-5 And Sonnet Models Discover Zero-Day Bugs In New Contracts Researchers from the ML Alignment & Theory Scholars Program and the Anthropic Fellows Program also tasked GPT-5 and Sonnet 4.5 with scanning 2,849 recently deployed contracts that showed no signs of compromise, according to CoinDesk. The models uncovered two previously unknown vulnerabilities that allowed unauthorized withdrawals and balance manipulation. The exploits produced $3,694 in simulated gains at a total compute cost of $3,476 -- the average cost of a single exploit run was $1.22. According to Anthropic, declining model costs will make automated scanning and exploitation more economically attractive for attackers. Exploitation Capability Growing Faster Than Defenses More than half of the blockchain attacks recorded in 2025 could have been executed autonomously by current-generation AI agents. The company warned that exploit revenue doubled every 1.3 months last year as models improved and operational costs declined. The firm said attackers can now probe any contract interacting with valuable assets, including authentication libraries, logging tools, or long-neglected API endpoints. It added that the same reasoning used to exploit decentralized finance protocols could apply to traditional software and infrastructure supporting digital asset markets. AI Could Also Strengthen Smart Contract Security Despite the risks, Anthropic said the same agents capable of identifying and exploiting flaws can be adapted to detect and patch vulnerabilities before deployment. The company plans to open-source its SCONE-bench dataset to help developers benchmark and harden smart contracts. The findings should shift expectations among blockchain builders, noting that "now is the time to adopt AI for defense," Anthropic concluded. Read Next: Federal Reserve Ends Quantitative Tightening: A New Era For Crypto Liquidity Begins Image: Shutterstock $ETHEthereum - United States dollar$2858.701.95%Overview$BNBBNBNot Available-%$SOLSolana - United States dollar$131.183.52%$XRPRipple - United States dollar$2.051.23%Market News and Data brought to you by Benzinga APIs