OpenZeppelin co-founder Manuel Aráoz warns AI now makes DeFi unsafe by helping attackers find smart contract bugs faster.
Manuel Aráoz, co-founder of OpenZeppelin, the smart contract security firm whose tools became widely used across DeFi, warned that he now considers “all” decentralized finance unsafe.
In an X post on May 26, Aráoz argued that smart contract security has become too one-sided since protocols need to find and fix every serious bug before funds are drained, while an attacker needs only one working exploit. Aráoz wrote:
“Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.”
Aráoz later said he had been privately advising friends and family to exit all DeFi positions, including lower-risk “blue chips” such as Aave, MakerDAO and Compound.
Read also: ZERϴ Network and Everclear Shut Down: Wave of DeFi Project Closures in May 2026
How AI Threatens DeFi
Aráoz tied that risk to fast-advancing AI security tools. Anthropic, the AI company behind Claude, said in April that its Claude Mythos Preview could identify and exploit zero-day vulnerabilities in every major operating system and browser when directed by a user. The company said some of the bugs it found were subtle, hard to detect and in old codebases.
Anthropic noted later on that it used an early version of Claude Mythos Preview to detect vulnerabilities in open-source software and collaborated with external security companies to validate and report critical or high-severity vulnerabilities.
Aráoz didn’t link Mythos to any DeFi hack. However, Aráoz didn’t tie Mythos to any DeFi hack. Still, blockchain security firm BlockSec has reported notable smart contract incidents since Mythos launched, including a $1.8 million Transit Finance hack and a $2.8 million TAC bridge hack tied to missing contract checks.
Read more: Bitcoin DeFi Protocol Echo Loses $816K After Admin Key Hack
