OpenAI and Paradigm Launch EVMbench to Test AI Agents on Ethereum Smart Contract Security

Can AI Agents Boost Ethereum Security? OpenAI and Paradigm Created a Testing Ground - Decrypt

ChatGPT maker OpenAI and crypto-focused investment firm Paradigm have introduced EVMbench, a tool to help improve Ethereum Virtual Machine smart contract security. EVMbench is designed to evaluate AI agents' ability to detect, patch, and exploit high-severity vulnerabilities in Ethereum Virtual Machine (EVM) smart contracts. Smart contracts are the heart of the Ethereum network, holding the code that powers everything from decentralized finance protocols to token launches. The weekly number of smart contracts deployed on Ethereum reached an all-time high of 1.7 million in November 2025, with 669,500 deployed last week alone, according to Token Terminal. EVMbench draws on 120 curated vulnerabilities from 40 audits, most sourced from open audit competitions such as Code4rena, according to an OpenAI blog post. It also includes scenarios from the security auditing process for Tempo, Stripe's purpose-built layer-1 blockchain focused on high-throughput, low-cost stablecoin payments. Payments giant Stripe launched the public testnet for Tempo in December, saying at the time that it was being built with input from Visa, Shopify, and OpenAI, among others. The goal is to ground testing in economically meaningful, real-world code -- particularly as AI-driven stablecoin payments expand, the firm added. EVMbench is meant to evaluate AI models across three modes: Detect, patch, and exploit. In "detect," agents audit repositories and are scored on their recall of ground-truth vulnerabilities. In "patch," agents must eliminate vulnerabilities without breaking intended functionality. Finally, in the "exploit" phase, agents attempt end-to-end fund-draining attacks in a sandboxed blockchain environment, with grading performed via deterministic transaction replay. In exploit mode, GPT-5.3-Codex running via OpenAI's Codex CLI achieved a score of 72.2%, compared to 31.9% for GPT-5, which was released six months earlier. Performance was weaker in the detect and patch tasks, where agents sometimes failed to audit exhaustively or struggled to preserve full contract functionality. The ChatGPT makers' researchers cautioned that EVMbench does not fully capture real-world security complexity. Still, they added that measuring AI performance in economically relevant environments is critical as models become powerful tools for both attackers and defenders. Sam Altman's OpenAI and Ethereum co-founder Vitalik Buterin have previously been at odds over the pace of AI development. In January 2025, Altman said that his firm was "confident we know how to build AGI as we have traditionally understood it." But Buterin advocated that AI systems should include a "soft pause" capability that could temporarily restrict industrial-scale AI operations if warning signs emerge.

OpenAI Researches AI Agents Detecting Smart Contract Flaws

OpenAI said it is becoming increasingly important to evaluate the performance of AI agents in "economically meaningful environments" as their adoption grows. OpenAI has launched a new benchmark that evaluates how well different AI models detect, patch, and even exploit security vulnerabilities found in crypto smart contracts. OpenAI released the "EVMbench: Evaluating AI Agents on Smart Contract Security" paper on Wednesday, in collaboration with crypto investment firm Paradigm and crypto security firm OtterSec, to evaluate how much the AI agents could theoretically exploit from 120 smart contract vulnerabilities. Anthropic's Claude Opus 4.6 came out on top with an average "detect award" of $37,824, followed by OpenAI's OC-GPT-5.2 and Google's Gemini 3 Pro at $31,623 and $25,112, respectively. While AI agents are becoming increasingly efficient at handling basic tasks, OpenAI said it is becoming more important to evaluate their performance in "economically meaningful environments." "Smart contracts secure billions of dollars in assets, and AI agents are likely to be transformative for both attackers and defenders." "We expect agentic stablecoin payments to grow, and help ground it in a domain of emerging practical importance," OpenAI added. Circle CEO Jeremy Allaire predicted on Jan. 22 that billions of AI agents will be transacting with stablecoins for everyday payments on behalf of users within five years, while former Binance boss Changpeng "CZ" Zhao also recently tipped that crypto would end up being the "native currency for AI agents." The need to test agentic AI performance in spotting security vulnerabilities comes as attackers stole $3.4 billion worth of crypto funds in 2025, a marginal increase from 2024. Related: China's AI lead will shape crypto's future EVMbench drew on 120 curated vulnerabilities from 40 smart contract audits, with most of them sourced from open-source audit competitions. OpenAI said it hopes the benchmark will help track AI progress in spotting and mitigating smart contract vulnerabilities at scale. In a post to X on Wednesday, Dragonfly's managing partner Haseeb Qureshi said crypto's promise of replacing property rights and legal contracts never materialized, not because the technology failed, but because it was never designed for human intuition. Qureshi said it still feels "terrifying" to sign large transactions, particularly with drainer wallets and other threats always present, whereas bank transfers rarely provoke the same fear. Instead, Qureshi believes the future of crypto transactions will be facilitated by AI-intermediated, self-driving wallets, which will take care of those threats and manage complex operations on behalf of users: "A technology often snaps into place once its complement finally arrives. GPS had to wait for the smartphone, TCP/IP had to wait for the browser. For crypto, we might just have found it in AI agents."

OpenAI Introduces Smart Contract Benchmark for AI Agents as AI and Crypto Converge

EVMbench uses 120 real flaws from 40 audits, including Code4rena and Tempo work. OpenAI has introduced a new smart contract security benchmark as AI agents gain stronger coding abilities in the crypto sector. Together with Paradigm, OpenAI said the benchmark, called EVMbench, tests how AI systems detect, patch, and exploit serious Ethereum contract bugs. Their effort responds to the growing financial risk, since smart contracts routinely secure over $100 billion in open-source crypto assets. OpenAI Smart Contract Benchmark Targets Real Audit Vulnerabilities In their release, OpenAI said EVMbench draws on 120 curated vulnerabilities collected from 40 professional smart contract audits. Notably, most of the issues came from open audit competitions, including Code4rena. OpenAI said the benchmark also includes vulnerability scenarios tied to security auditing work for the Tempo blockchain. Tempo is described as a purpose-built Layer-1 network designed for high-throughput, low-cost stablecoin payments. Because of that, these scenarios extend the benchmark into payment-focused contract code. The company also said it expects agent-based stablecoin payment activity to grow. To build the benchmark environments, OpenAI said it adapted existing exploit proof-of-concept tests and deployment scripts when available. However, it said engineers manually wrote missing components when no scripts existed. OpenAI added that it ensured patch tasks remained exploitable while still fixable without breaking compilation. Detect, Patch, Exploit Modes Test AI Agents Under Pressure OpenAI said EVMbench evaluates artificial intelligence agents in three modes. That is detect, patch, and exploit. In detect mode, agents audit smart contract repositories and get scored on recall of confirmed vulnerabilities and audit rewards. In patch mode, agents must modify vulnerable contracts while keeping intended functionality intact. Exploit mode, however, focuses on full end-to-end fund draining attacks in a sandbox blockchain environment. The company said graders verify results using transaction replay and on-chain checks. To support reproducible evaluation, the company said it developed a Rust-based harness to deploy contracts and replay transactions deterministically. Notably, the exploit tasks run in an isolated local Anvil environment instead of live crypto networks. It also said vulnerabilities used in the benchmark are historical and publicly documented. OpenAI added that the harness restricts unsafe RPC methods to limit abuse. In exploit testing, OpenAI said GPT-5.3-Codex running via Codex CLI scored 72.2%. However, it said the earlier GPT-5 model scored 31.9%, despite being released just over six months earlier. OpenAI also noted that detect recall and patch success remain below full coverage. OpenAI Adds New Talent with Agent Hire While OpenAI pushed EVMbench into public view, it also expanded its agent development team. Notably, they hired Peter Steinberger, founder of the viral open-source AI agent project OpenClaw, previously known as Clawdbot. Sam Altman confirmed on X that Steinberger will join OpenAI to lead work on the "next generation of personal agents." Meanwhile, Altman said OpenClaw will transition into a foundation model project supported by OpenAI. The open-source project will continue under that structure, according to the announcement. The hiring drew wide attention as OpenAI increases its focus on autonomous and personal AI agents.