A specially designed AI security agent detected vulnerabilities in 92% of exploited DeFi smart contracts in a new open source benchmark.
The study, published Thursday by AI security firm Cecuro, evaluated 90 real-world smart contracts exploited between October 2024 and early 2026, representing $228 million in verified losses. The specialized system detected vulnerabilities linked to $96.8 million in exploit value, compared to just 34% detection and $7.5 million in coverage for a basic GPT-5.1-based encryption agent.
Both systems were based on the same border model. The difference, according to the report, was the application layer: domain-specific methodology, structured review phases, and DeFi-focused security heuristics overlaid on the model.
The findings come amid growing concern that AI is accelerating cryptocrimes. Separate research from Anthropic and OpenAI has shown that AI agents can now execute end-to-end exploits on most known vulnerable smart contracts, with exploit capacity said to double approximately every 1.3 months. The average cost of an AI-powered exploitation attempt is approximately $1.22 per contract, dramatically lowering the barrier to large-scale scanning.
Previous CoinDesk coverage described how bad actors, such as North Korea, have begun using AI to escalate hacking operations and automate parts of the exploitation process, underscoring the widening gap between offensive and defensive capabilities.
Cecuro maintains that many teams rely on general-purpose AI tools or one-off audits for security, an approach that the benchmark suggests can miss complex, high-value vulnerabilities. Several contracts in the data set had previously undergone professional audits before being exploited.
The reference dataset, evaluation framework, and reference agent are open source on GitHub. The company said it has not released its full security agent due to concerns that similar tools could be repurposed for offensive use.
