New research from Anthropic highlights how modern AI tools trained for smart contract security can systematically uncover high-value vulnerabilities across decentralized finance applications.
Summary
Anthropic benchmark shows AI agents can reliably exploit DeFi contracts
In collaboration with MATS and Anthropic Fellows, the company evaluated autonomous AI agents on SCONE-bench (Smart CONtracts Exploitation), a benchmark built from 405 real-world smart contracts that were successfully hacked between 2020 and 2025. The dataset only includes contracts with documented on-chain exploits.
When researchers ran 10 leading models in a controlled environment, the AI agents managed to exploit just over half of the contracts. Moreover, the simulated value of the stolen funds reached about $550.1m, underscoring the scale of damage that capable AI systems could, in principle, achieve against vulnerable DeFi protocols.
To reduce the possibility that models were merely recalling historical incidents from training data, the team narrowed its focus to a subset of just 34 contracts. However, these contracts had one important property: each one was exploited only after March 1, 2025, the latest knowledge cutoff date for the evaluated systems.
Opus 4.5 and GPT-5 uncover millions in fresh exploit value
On this cleaner post-cutoff set, Claude Opus 4.5, Claude Sonnet 4.5 and GPT-5 still produced working exploits on 19 contracts. The combined simulated value of those attacks reached $4.6m, suggesting that the agents were discovering viable strategies rather than parroting known ones.
Strikingly, Opus 4.5 alone accounted for about $4.5m of that total. That said, the results varied significantly by model, highlighting how incremental capability gains can translate directly into higher exploit revenue in adversarial settings.
Anthropic then asked whether these AI systems could surface completely new weaknesses in production-style code. On Oct. 3, 2025, researchers ran Sonnet 4.5 and GPT-5, again in simulation, against 2,849 recently deployed Binance Smart Chain contracts that had no known vulnerabilities at the time of testing.
Zero-day bugs found in Binance Smart Chain contracts
On this large set of fresh contracts, both agents independently discovered two previously unknown zero-day bugs and generated corresponding attack strategies. Moreover, the simulated payoff of these attacks reached $3,694, showing that even new deployments can quickly become viable targets for automated exploitation.
The economics of the run were also revealing. GPT-5 achieved its results at an estimated API cost of about $3,476. That cost profile illustrates how narrowing search spaces and improving reasoning may already be tipping the balance toward more efficient ai generated exploits at scale.
Crucially, all testing occurred on forked blockchains and local simulators rather than live networks, and no real funds were touched. Anthropic emphasizes that the goal was to measure what is technically possible today under safe conditions, not to interfere with production DeFi systems or stress test unaware protocols.
How SCONE-bench measures exploit power in dollar terms
Smart contracts are a natural test bed because they hold real financial value and execute deterministically on-chain. When a contract behaves incorrectly, attackers can often withdraw assets directly. Furthermore, researchers can replay exact attack paths and convert the stolen tokens into dollar equivalents using historical prices.
That structure allows SCONE-bench to quantify outcomes in concrete terms. The benchmark assesses success in dollar value rather than simple yes-or-no indicators. Agents are placed in a sandbox with contract code, deployment context and interactive tools, then tasked to identify a bug, implement an exploit and execute it end-to-end.
A run only counts if the agent finishes with at least 0.1 ETH or 0.1 BNB more in its balance. However, this threshold is deliberate: it filters out minor glitches or non-viable edge cases so that measured results correspond to meaningful attacks rather than noise.
Attack economics improve as token and compute costs fall
Over the past year, Anthropic observed that potential exploit revenue on the 2025 subset of problems roughly doubled every 1.3 months. At the same time, the token cost of producing a working exploit fell sharply as newer model generations were introduced and refined.
In practice, this trend means attackers gain more working exploits for the same compute budget as models improve. Moreover, as query prices or computational overhead decline further, the contract exploit economics could become even more favorable for well-resourced adversaries or automated attacking agents.
Although the work centers on DeFi protocols, Anthropic argues that the underlying capabilities are largely domain-agnostic. The skills required to analyze state transitions, reason about edge cases and chain together multi-step exploits can transfer to traditional software targets, from exposed public APIs to obscure internal services that were never designed with hostile machine reasoning in mind.
AI as both attacker and defender in DeFi
The companys core message to crypto developers and protocol teams is explicitly dual-use. The same AI systems capable of probing defi smart contract exploits can also strengthen codebases when used responsibly by auditors and security engineers.
However, Anthropic stresses that builders should update their mental model of attackers. Systems that can autonomously reason about smart contract behavior, construct payloads and adapt to feedback raise the bar for effective smart contract security and operational defense practices.
Looking ahead, the researchers suggest that proactive use of autonomous agents for auditing and monitoring could become a standard layer of defense. If teams continuously test contracts in simulation with powerful models, they may catch critical vulnerabilities before they are discovered by malicious actors wielding the same technologies.
In summary, Anthropic demonstrates that advanced AI can already identify and exploit real-world smart contract flaws at scale, while also offering a path to more rigorous automated audits that help DeFi builders reduce risk before deploying capital.
Keyword principale: smart contract security
