Former OpenZeppelin CTO warns AI-powered hacking makes DeFi 'fatally vulnerable'
Manuel Aráoz, co-founder and former chief technology officer of OpenZeppelin, the company behind the most widely used smart contract auditing framework, has issued a stark warning: decentralized finance (DeFi) is no longer safe. Speaking in an interview published May 27, 2026, Aráoz argued that AI coding agents have become 'superhuman' at finding vulnerabilities in smart contracts, rendering traditional human-led security audits insufficient.
Aráoz, who left OpenZeppelin in 2019, stated that he now considers all of DeFi unsafe due to the rapid advancement of artificial intelligence. 'We've reached a point where AI can not only identify flaws faster than any human but also autonomously craft exploits that were previously unimaginable,' he said. 'The transparency of on-chain code, once a strength, has become a fatal weakness.'
The context: DeFi under siege
Aráoz's comments come amid a brutal period for the DeFi sector. Total value locked (TVL) across DeFi protocols has plunged by more than $20 billion this year alone, with the aggregate figure dropping from around $80 billion to under $60 billion. Meanwhile, the past 12 months have seen over $1.1 billion lost to hacks and exploits, according to data from blockchain security firms.
High-profile incidents include the exploitation of Kelp DAO, a liquid restaking protocol built on EigenLayer, which lost approximately $180 million in a sophisticated attack that leveraged a previously unknown vulnerability. Step Finance, a Solana-based portfolio tracker, was drained of $90 million after an exploit that targeted its yield aggregation contracts. Both attacks were attributed to AI-assisted hacking techniques.
The rise of superhuman AI coding agents
The threat Aráoz describes is not hypothetical. In early 2026, Anthropic released a restricted version of its Claude model, dubbed Claude Mythos, which was specifically designed to demonstrate the dangers of autonomous AI. In controlled tests, Claude Mythos was able to independently discover zero-day vulnerabilities in popular DeFi protocols and generate exploit code within minutes. Anthropic initially restricted the model but later allowed limited access to security researchers.
'Claude Mythos can process entire DeFi codebases, identify logical gaps, and assemble a multi-step attack vector that would take a human team weeks to conceive,' Aráoz explained. 'And it does this without fatigue, bias, or the need for coffee breaks.'
Other AI models, including OpenAI's GPT-5 and Google's Gemini Ultra, have similarly demonstrated advanced code analysis and vulnerability discovery capabilities. The open-source community has also produced several 'hacking agents' that combine large language models with formal verification tools to automate exploit generation.
OpenZeppelin's legacy and the shifting security landscape
OpenZeppelin, founded by Aráoz and Demian Brener in 2015, became the gold standard for smart contract security. Its library of audited, reusable contracts is used by thousands of DeFi projects, from Uniswap to Aave. The company's auditing arm has reviewed hundreds of protocols, but Aráoz now believes that such manual reviews are no longer adequate against AI-powered threats.
'When we started OpenZeppelin, we thought if we could just create secure building blocks and have humans review them, DeFi would be safe,' Aráoz recalled. 'But AI evolved faster than we anticipated. What was considered secure six months ago may now be a ticking time bomb.'
According to Aráoz, the fundamental issue lies in the nature of blockchain transparency. Unlike traditional software, which can be kept proprietary and only tested internally, DeFi contracts are fully visible on-chain. This transparency was intended to foster trust and composability, but it also provides AI systems with complete access to the attack surface.
Industry responses and the XRP Ledger advantage
Not all blockchain networks are equally vulnerable to these attacks. The XRP Ledger (XRPL) has a unique architectural feature that makes flash loan attacks — a favorite vector of AI hackers — 'structurally impossible,' according to a recent draft amendment proposal. Because XRPL transactions are atomic and cannot include composable intra-transaction calls, attackers cannot exploit the reentrancy or price manipulation that flash loans enable on EVM-compatible chains.
This has led to growing interest in alternative ledger designs. However, Aráoz noted that no system is completely safe. 'While XRPL may block flash loans, other attack vectors will inevitably emerge. AI can adapt faster than any human can patch.'
The broader implications for DeFi and regulation
The warnings from Aráoz and others are prompting regulatory scrutiny. The U.S. Securities and Exchange Commission (SEC) has recently filed charges against individuals using fake AI trading bots to defraud investors, but the larger concern is how AI-driven exploits could destabilize the financial system. In a speech last week, SEC Commissioner Hester Peirce acknowledged that 'the intersection of AI and DeFi presents existential challenges that our current regulatory frameworks are not designed to handle.'
Wall Street banks have also taken notice. A recent report from a consortium of major financial institutions noted that 'AI-powered hackers are keeping big banks off the blockchain,' citing security risks as the primary reason for their continued hesitation to adopt DeFi infrastructure. The report estimated that institutional DeFi adoption could be delayed by another five to seven years unless new security paradigms are developed.
Historical parallels: From code audits to AI-versus-AI
The history of software security is a cycle of attack and defense. In the early days of the internet, viruses and worms spread rapidly until antivirus software became commonplace. In DeFi, the same pattern is emerging. Smart contract audits were once considered sufficient, but as exploits grew more sophisticated, formal verification and bug bounties were introduced. Now, AI is forcing the industry to confront a new reality: only AI can defend against AI.
Several startups are already working on AI-powered security bots that can monitor DeFi protocols in real time and identify suspicious transactions before they execute. However, Aráoz remains skeptical. 'By the time your defensive AI identifies an attack, the offensive AI may have already drained the pool. We're in an arms race, and currently the attackers have the advantage.'
Manuel Aráoz: A voice from the past, a warning for the future
Manuel Aráoz left OpenZeppelin in 2019 to pursue other interests, including decentralized identity and blockchain interoperability. His departure was amicable, and he maintains no official ties to the company. Nevertheless, his warning carries weight given his foundational role in the industry. Many consider him a prophet of sorts for smart contract security.
'I'm not trying to scare people, I'm trying to save them,' Aráoz said. 'If DeFi is to survive, it needs to reinvent its entire approach to security. That might mean moving away from completely open, forkable code. It might mean adopting AI-driven defensive systems. It might mean accepting centralization of certain security functions. The old model is broken.'
As the crypto industry debates the future of DeFi, Aráoz's words echo louder than ever. With $20 billion in TVL wiped out and over a billion lost to hacks, the sector faces a crisis of confidence that technology — or regulation — may not be able to quickly fix.
Source: Coindesk News