AI Security Agent Detects 92% of Exploited DeFi Smart Contract Vulnerabilities in New Benchmark

A purpose-built AI security agent has identified vulnerabilities in 92% of exploited DeFi smart contracts, according to a new open-source benchmark released by AI security firm Cecuro. The study analyzed 90 real-world smart contracts that were exploited between October 2024 and early 2026, accounting for $228 million in verified losses across the decentralized finance (DeFi) sector.

Cecuro’s specialized AI system flagged vulnerabilities linked to $96.8 million in exploit value. In comparison, a baseline coding agent powered by GPT-5.1 detected only 34% of the vulnerabilities, covering just $7.5 million in losses. Notably, both systems operated on the same frontier AI model. The key difference lay in the application layer: Cecuro integrated domain-specific methodologies, structured review phases, and DeFi-focused security heuristics tailored specifically for smart contract auditing.

The findings come at a time of rising concern over AI-driven crypto crime. Separate research from Anthropic and OpenAI suggests that advanced AI agents can now execute end-to-end exploits on most known vulnerable smart contracts. Exploit capabilities are reportedly doubling every 1.3 months, while the average cost of launching an AI-powered exploit attempt has dropped to around $1.22 per contract. This dramatic reduction in cost lowers the barrier for large-scale vulnerability scanning and automated attacks.

Earlier reports have also highlighted how sophisticated threat actors, including North Korean hacking groups, are leveraging artificial intelligence to scale crypto hacking operations and automate exploit workflows. This trend is widening the gap between offensive and defensive cybersecurity capabilities in the blockchain ecosystem.

Cecuro argues that many crypto teams still depend on general-purpose AI tools or single-instance smart contract audits, which may overlook complex, high-value vulnerabilities. Several contracts in the benchmark had previously passed professional audits before being exploited. To promote transparency and research, Cecuro has open-sourced the dataset, evaluation framework, and baseline agent on GitHub, while withholding its full security agent to prevent potential misuse for offensive cyberattacks.