Have AI agents made the entire $148 billion DeFi sector unsafe?

An important story is making waves across the blockchain ecosystem. A warning from one of decentralized finance’s (DeFi) early security figures has turned a difficult stretch of hacks into a broader test of how the industry can defend itself against artificial intelligence (AI). On May 27, Manuel Aráoz, co-founder and former chief technology officer of OpenZeppelin, advised investors to exit DeFi positions, including exposure to established lending protocols such as Aave, MakerDAO, and Compound. According to Aráoz, autonomous AI coding agents have widened the gap between attackers and defenders by making it easier to find vulnerabilities at scale.

He wrote: “Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric. Defenders need to fix every bug while attackers need just one exploit to steal funds. ” The warning gained traction because it came during a period of pressure for the broader DeFi market.

Market Dynamics

Over the past year, the sector has lost more than $1. 1 billion to exploits, with April accounting for $635 million across 28 reported hacks. These security incidents resulted in the total value locked across decentralized finance falling from roughly $172 billion in mid-April to $148 billion as of press time, marking five consecutive weeks of outflows.

The decline can also be linked to broader market weakness, which saw Bitcoin approach $72,000 earlier today. Still, those figures have pushed the security debate beyond individual protocols and into a wider question of whether AI has lowered the cost of attacking DeFi faster than the industry can improve its defenses. AI makes the search for weakness cheaper Aráoz's warning is grounded in the fact that artificial intelligence fundamentally lowers the cost and effort required to map smart contract vulnerabilities.

Over the past years, advanced AI models have introduced immense pressure by accelerating vulnerability discovery, exploit testing, and operational reconnaissance at near-zero cost. Recent research from venture capital firm a16z validates this accelerating offensive capability by noting that AI agents have consistently identified core vulnerabilities in historical DeFi exploits. According to the firm, even when agents failed to complete an exploit, they often reached the stage that gives attackers a starting point.

Market Impact

A tool that reliably identifies weak points can reduce the expertise required to begin an attack. Anthropic has similarly restricted public access to its unreleased Claude Mythos model precisely because of its capacity to autonomously discover and weaponize software flaws. For DeFi, this development matters because the systems for many protocols are public, composable, and financially liquid.

Thus, the code, governance structures, and integrations surrounding a platform can be studied openly to identify any vulnerabilities. AI can make that process faster and cheaper, increasing pressure on teams whose defenses still depend heavily on audits, bug bounties and manual review. Protocol leaders point to stronger infrastructure However, concerns about AI have drawn pushback from founders and security firms, who say DeFi has become more resilient than in earlier cycles.

Blockchain security firm OpenZeppelin argued that many recent security incidents stemmed from operational failures instead of flaws in audited contract code. According to the firm, most large losses in recent months have involved stolen private keys, bridge spoofing, social engineering, and access control issues. That pattern suggests that attackers have often targeted the systems around protocols, including teams, permissions, and infrastructure.

Crypto markets are watching this development closely as investors weigh its potential impact on prices.