A custom-built AI security agent discovered vulnerabilities in 92% of exploited DeFi smart contracts in a new open source benchmark.
The study, released Thursday by AI security firm Ceuro, evaluated 90 real-world smart contracts exploited between October 2024 and early 2026, representing $228 million in verified losses. The specialized system flagged vulnerabilities associated with $96.8 million in exploit value, compared to only 34% detection and $7.5 million in coverage from a baseline GPT-5.1-based encryption agent.
Both systems ran on the same boundary model. The difference, according to the report, was the application layer: domain-specific methodology, structured review phases and DeFi-focused security heuristics layer on top of the model.
The findings come amid growing concerns that artificial intelligence is accelerating crypto-crime. Separate research by Anthropic and OpenAI has shown that AI agents can now perform end-to-end exploits on most known vulnerable smart contracts, with exploit capacity reportedly doubling around every 1.3 months. The average cost of an AI-powered exploitation attempt is around $1.22 per contract, which greatly lowers the barrier to large-scale scanning.
Previous CoinDesk coverage outlined how bad actors like North Korea have begun using artificial intelligence to scale hacking operations and automate parts of the exploitation process, underscoring the growing gap between offensive and defensive capabilities.
Ceuro argues that many teams rely on general-purpose AI tools or one-off audits for security, an approach that the benchmark suggests can miss complex, high-value vulnerabilities. Several contracts in the data set had previously undergone professional audits before being exploited.
The benchmark dataset, evaluation framework, and baseline agent have been open sourced on GitHub. The company said it has not released its full security agent due to concerns that similar tools could be repurposed for offensive use.
