A warning from one of the decentralized finance (DeFi) industry’s early security figures has turned a troublesome series of hacks into a broader test of how the sector can defend itself against artificial intelligence (AI).
On May 27, Manuel Aráoz, co-founder and former chief technology officer of OpenZeppelin, advised investors to exit DeFi positions, including exposure to established credit protocols such as Aave, MakerDAO and Compound.
According to Aráoz, autonomous AI coders have widened the gap between attackers and defenders by making it easier to find vulnerabilities at scale. He wrote:
“Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric. Defenders need to fix every bug, while attackers only need one exploit to steal money.”
The warning gained momentum because it came during a period of pressure on the broader DeFi market. Over the past year, the industry has lost more than $1.1 billion to exploits, with $635 million raised in April through 28 reported hacks.
These security incidents resulted in the total value of the decentralized finance sector falling from roughly $172 billion in mid-April to $148 billion at the time of writing, marking five consecutive weeks of outflows. The drop could also be linked to broader market weakness, with Bitcoin nearing $72,000 earlier today.
Still, these numbers have pushed the security debate beyond individual protocols and led to a broader question of whether AI has reduced the cost of attacking DeFi faster than the industry can improve its defenses.
AI cheapens the search for weakness
Aráoz’s warning is based on the fact that artificial intelligence fundamentally reduces the cost and effort required to identify the vulnerabilities of smart contracts.
In recent years, advanced AI models have made a huge push by accelerating vulnerability discovery, exploit testing, and operational reconnaissance at virtually no cost.
Recent research from venture capital firm a16z validates this accelerating offensive capability by noting that AI agents have consistently identified core vulnerabilities in historical DeFi exploits.
According to the company, even when agents failed to complete an exploit, they often reached the stage where attackers were given an entry point. A tool that reliably identifies weaknesses can reduce the expertise required to launch an attack.
Anthropic has similarly restricted public access to its unreleased Claude Mythos model precisely because of its ability to autonomously discover and weaponize software bugs.
This development is important for DeFi because the systems for many protocols are public, configurable and financially liquid. For example, the code, governance structures, and integrations surrounding a platform can be openly examined to identify any vulnerabilities.
AI can make that process faster and cheaper, increasing pressure on teams whose defenses still rely heavily on audits, bug bounties and manual reviews.
Protocol leaders point to a stronger infrastructure
However, concerns about AI have sparked resistance from founders and security companies, who say DeFi has become more resilient than in previous cycles.
Blockchain security company OpenZeppelin argued that many recent security incidents were the result of operational errors rather than errors in the audited contract code.
According to the company, the biggest losses in recent months related to stolen private keys, bridge spoofing, social engineering and access control issues. That pattern suggests that attackers have often targeted the systems surrounding protocols, including teams, permissions, and infrastructure.
Aave founder Stani Kulechov made a similar argument. He said DeFi infrastructure today benefits from better risk engines, lending market structures, formal verification, audits, bug bounties, cap management, oracle improvements, automated monitoring and circuit breakers.
Kulechov said much of the remaining attack surface consists of Web2-style operational flaws, including weak internal controls and infrastructure processes.
This view is particularly consistent with April’s exploit wave, where some of the biggest losses involved compromised keys, social engineering, and bridge-related failures. For context, Drift Protocol’s $285 million loss is tied to a six-month social engineering campaign by North Korea’s Lazarus Group.
Uniswap founder Hayden Adams also pushed back against the broader conclusion that DeFi itself has become unsafe.
He argued that well-constructed smart contracts can support applications with strong security properties, while AI is likely to more quickly uncover weak code, hasty launches and poor development practices.
That distinction has become critical to the industry’s response. The debate is increasingly about which systems have the controls in place to resist AI-enabled attacks, and which systems remain vulnerable due to weak operations, complex integrations, or limited monitoring.
DeFi teams are bringing AI into the defense stack
Meanwhile, founders’ reluctance hasn’t stopped teams from changing their approach to security.
Nansen, a agent AI trading platform, narrated CryptoSlate that major protocols are more likely to rely on the defensive side of AI tools withdraw from open source development.
This is confirmed by Deddy Lavid, CEO of Cyvers, who said the industry is moving towards an AI-versus-AI security environment.
In this area, crypto developers use the same AI tools to find and eradicate bugs before attackers do.
Notably, OpenZeppelin recently introduced tooling designed to help AI agents generate smart contracts using current, audited security libraries. The goal is to reduce reliance on outdated training data or unsafe code patterns when agents assist developers.
Uniswap has also launched an AI-integrated developer platform to make secure deployments easier from the start.
These efforts are key examples of how the space is preparing for AI agents that can detect and weaponize software bugs.
The quickest defense is to limit the extent to which failure can spread
The turn to AI-enabled defense means DeFi has a more immediate job of slowing down attacks before they become complete protocol losses.
Cyvers’ Lavid said static, point-in-time audits are no longer sufficient for protocols that manage large groups of user funds. Defenders need continuous monitoring, live transaction simulation, and automated systems that can slow or pause activity when suspicious behavior occurs.
Some of these safeguards are already being put in place. Lavid said some protocols have incorporated circuit breakers, transaction monitoring, multisig controls and runtime protections into their operations.
These systems can reduce losses by mitigating an attack before funds leave a protocol or by giving teams time to intervene when activity moves outside expected patterns.
That reaction involves a trade-off. Circuit breakers, multisig controls, and emergency pauses can protect users during an incident, but they also introduce more human discretion into systems built around open access and automated execution.
As AI increases the speed of attacks, DeFi may need to take more defensive measures to maintain user trust.
Meanwhile, Richard Liu, co-founder of Huma Finance, said said the industry should focus less on eliminating every possible disruption and more on limiting damage from disruptions.
He compared the current moment to the early development of digital commerce, where credit card networks continued to grow even as fraud remained part of the system.
These networks managed risk through real-time detection, transaction limits, tokenization, insurance, and liability rules. Liu said DeFi needs a similar approach, with systems designed so that a single compromised key, configuration error or bug cannot drain an entire liquidity pool.
That means the next phase of DeFi security can be judged based on the blast radius. Protocols will need stricter limits on privileged roles, stronger key management, conservative exposure limits, better oracle design, transaction-level monitoring, and pre-execution blocking. Insurance, bug bounties, and live response teams may also become more important for platforms that handle large amounts of user capital.
For users, the practical response may become more selective. Pseudonymous Yearn Finance developer Banteg said he doesn’t agree with exiting all DeFi positions, but he acknowledges that the asymmetry is real. His advice was to avoid new and exotic protocols and focus on older, more tested systems.
That caution could determine where the capital goes. Mature protocols with simpler designs, longer usage histories, and clearer controls may be better positioned to retain users. Protocols built around complex integrations or high yields may receive more attention as AI makes weaknesses easier to find.