A series of difficult hacks has turned into a broader test of how the industry can protect itself from artificial intelligence (AI), following a warning from one of decentralized finance’s (DeFi) early security leaders.
On May 27, Manuel Aráoz, co-founder and former chief technology officer of OpenZeppelin, advised investors to exit DeFi positions, including exposure to established lending protocols such as Aave, MakerDAO, and Compound.
According to Aráoz, autonomous AI coding agents have made it easier to discover vulnerabilities at scale, widening the gap between attackers and defenders. He wrote:
“Coding agents are superhuman at finding vulnerabilities, but smart contract security is too asymmetric. Defenders need to fix every bug, but attackers only need one exploit to steal funds.”
The warning gained attention because it came at a time of pressure on the broader DeFi market. Over the past year, the sector has lost more than $1.1 billion to exploits, accounting for $635 million across 28 reported hacks in April.
As a result of these security incidents, the total amount locked up across decentralized finance decreased from approximately $172 billion in mid-April to $148 billion at the time of writing, marking the fifth consecutive week of outflows. This decline could also be related to broader market weakness that saw Bitcoin near $72,000 earlier today.
Still, these numbers push the security debate beyond individual protocols to the broader question of whether AI has lowered the cost of DeFi attacks faster than the industry has improved defenses.
AI makes finding weak spots cheaper
Aráoz’s warning is based on the fact that artificial intelligence will radically reduce the cost and effort required to map vulnerabilities in smart contracts.
Over the past few years, advanced AI models have brought tremendous pressure by accelerating vulnerability discovery, exploit testing, and operational reconnaissance at near-zero cost.
A recent study by venture capital firm a16z examines this accelerating attack capability, noting that AI agents consistently identify vulnerabilities at the core of historic DeFi exploits.
The company said that even if the agent was unable to complete the exploit, it often reached a stage that gave the attacker a starting point. Tools that reliably identify weaknesses can reduce the expertise required to launch an attack.
Anthropic similarly restricted public access to its unreleased Claude Mythos model due to its ability to autonomously discover and weaponize software flaws.
For DeFi, this development is important. This is because many protocols’ systems are public, configurable, and financially liquid. Therefore, the code, governance structures, and integrations surrounding the platform can be openly examined to identify vulnerabilities.
AI can make that process faster and cheaper, increasing pressure on teams whose defenses still rely heavily on audits, bug bounties, and manual reviews.
Protocol leaders point to strengthening infrastructure
However, concerns about AI have led to pushback from founders and security firms, who argue that DeFi is more resilient than in earlier cycles.
Blockchain security company OpenZeppelin has claimed that many of its recent security incidents have been caused by operational failures rather than flaws in its audited contract code.
The company said most of its large losses in recent months were related to private key theft, bridge spoofing, social engineering, and access control issues. This pattern suggests that attackers often target systems related to protocols such as teams, permissions, and infrastructure.
Aave founder Stani Krechov made a similar argument. He said that today’s DeFi infrastructure benefits from better risk engines, lending market structures, formal verification, audits, bug bounties, cap controls, oracle improvements, automated monitoring, and circuit breakers.
Kulechov said much of the remaining attack surface involves Web2-style operational failures, such as weak internal controls and infrastructure processes.
Notably, this observation is consistent with April’s wave of exploits, where some of the biggest losses were related to compromised keys, social engineering, and bridge-related failures. For context, Drift Protocol’s $285 million loss is related to a six-month social engineering campaign by North Korea’s Lazarus Group.
Uniswap founder Hayden Adams also disputed the widespread conclusion that DeFi itself is no longer secure.
He argued that while properly constructed smart contracts can support applications with strong security properties, AI is likely to more quickly expose vulnerable code, hasty startup, and poor development practices.
This difference is central to the industry’s response. There is increasing debate about which systems have controls that can withstand AI-assisted attacks, and which remain at risk due to weak operations, complex integrations, or monitoring limitations.
DeFi teams bring AI to their defense stack
Meanwhile, the backlash from the founders hasn’t stopped the team from changing its approach to security.
Nansen Agent-based AI trading platform CryptoSlate told that the leading protocols are leaning towards defensive AI tools. Withdrawal from open source development.
This is backed up by Cyvers CEO Deddy Lavid, who said the industry is moving towards an AI-versus-AI security environment.
In this space, cryptocurrency developers are using the same AI tools to find and eradicate bugs before attackers do.
In particular, OpenZeppelin recently introduced tools designed to enable AI agents to generate smart contracts using the latest audited security libraries. The goal is to reduce reliance on outdated training data and unsafe code patterns when agents assist developers.
Uniswap also launched an AI-integrated developer platform to facilitate secure deployment from the start.
These efforts are important examples of how the field is preparing AI agents that can discover and weaponize flaws in software.
The quickest defense is to limit the spread of a single failure.
With the shift to AI-assisted defense, DeFi has a more immediate challenge of slowing down attacks before total protocol loss.
Cyvers’ Lavid said static point-in-time audits are no longer sufficient for protocols that manage large pools of user funds. Defenders need continuous monitoring, live transaction simulation, and automated systems that can slow or pause activity when suspicious behavior appears.
Some of these safety measures have already been adopted. Ravid said some protocols have circuit breakers, transaction monitoring, multisig controls and runtime protection built into their operations.
These systems can mitigate losses by limiting attacks before funds leave the protocol or by giving teams time to intervene if activity deviates from expected patterns.
This response comes with a trade-off. Circuit breakers, multisig controls, and emergency suspensions can protect users in the event of an incident, but they also introduce human discretion to a system built around open access and automated execution.
As AI increases the speed of attacks, DeFi may need to adopt more defensive measures to protect user trust.
Meanwhile, Huma Finance co-founder Richard Liu said the sector should focus on mitigating damage when failures occur, rather than eliminating all possible failures.
He compared today to the early days of digital commerce, when credit card networks continued to grow, even though fraud remained part of the system.
These networks managed risk through real-time detection, transaction limits, tokenization, insurance, and liability rules. Liu said DeFi needs a similar approach, with systems designed to ensure that a single key leak, configuration error, or bug doesn’t deplete the entire liquidity pool.
This means that the next step in DeFi security could be determined by the scope of the explosion. Protocols will require tighter restrictions on privileged roles, stronger key management, conservative exposure limits, better oracle design, transaction-level monitoring, and pre-execution blocking. Insurance, bug bounties, and live response teams can also become more important for platforms that handle large amounts of user capital.
For users, the actual response may be more selective. Banteg, a developer under the pseudonym Yearn Finance, said he doesn’t agree with giving up all his DeFi positions, but acknowledges that asymmetry is real. His advice was to avoid new and unusual protocols and focus on older, more tested systems.
This caution could shape capital’s next direction. Mature protocols with simple designs, longer operating histories, and clearer controls may be better suited to retain users. Protocols built around complex integrations or high yields may be exposed to greater scrutiny as AI makes it easier to spot weaknesses.
