OpenZeppelin Founder: AI Makes All DeFi Unsafe as Exploits Accelerate

On May 27, 2026, Manuel Aráoz, co-founder of OpenZeppelin – one of the most widely used blockchain security auditors – advised friends and family to exit all DeFi positions. He named Aave, MakerDAO, and Compound as protocols that are no longer safe, even as “blue-chip” holdings. The statement is extraordinary because OpenZeppelin audits many of the same protocols it now says investors should avoid.

Aráoz attributed the shift to AI-driven exploit techniques. Traditional smart-contract audits assume a fixed window of safety after deployment. AI agents can now probe for vulnerabilities at machine speed, generating thousands of synthetic attack vectors against live or forked protocol state. A single exploit can land in minutes, bypassing the window that human-led audits are designed to cover. That changes the fundamental security model of DeFi: no protocol, regardless of code quality, can guarantee a safe holding period.

Manuel Aráoz’s AI Warning Resets DeFi Security Assumptions

The core argument is that AI has outpaced the detection capability of even the best audit firms. OpenZeppelin has refined its methodology over years, yet Aráoz’s personal advice suggests that internal risk models have crossed a threshold where they can no longer recommend holding DeFi tokens. For any investor who uses audited smart contracts as a risk filter, that is a direct signal to reassess. The warning does not allege that Aave, MakerDAO, or Compound have been breached. It argues that the probability of a successful AI-targeted attack is now high enough to warrant an exit.

The shift is structural. Flash-loan attacks that exploit price-feed discrepancies between Aave and Compound become far easier when AI can simulate all possible price paths and select the optimal entry point. MakerDAO’s Collateralized Debt Positions face similar exposure if AI identifies a recursive loop in the liquidation auction system. The vectors are orthogonal to each protocol’s individual security track record.

Aave, MakerDAO, and Compound Face a Repricing of Exploit Risk

Sector Read-Through: TVL and Liquidity in Play

For the broader sector, the logical consequence is a higher risk premium. If the co-founder of the leading audit firm says the entire category is unsafe, the market must price in a elevated probability of catastrophic loss for every protocol. That changes the risk-reward calculation for token holders, regardless of which project they choose.

A skeptic might argue that Aráoz is being overly cautious or that his warning is a call for better AI-centric auditing rather than a permanent declaration. The specific advice to “exit all DeFi positions” leaves little room for nuance. The next decision point is whether other security firms – such as Trail of Bits or ConsenSys Diligence – issue similar warnings, or whether protocol teams announce AI-specific security upgrades that restore confidence. Until then, the sector-wide risk premium has likely risen.

For traders maintaining exposure to DeFi tokens, the immediate question is whether the market has fully priced in this security shift. If OpenZeppelin’s stance becomes industry consensus, the valuation floor for DeFi projects will need to account for a higher probability of exploit-driven loss. That calculation is now in play.

OpenZeppelin Founder: AI Makes All DeFi Unsafe as Exploits Accelerate

Manuel Aráoz’s AI Warning Resets DeFi Security Assumptions

Aave, MakerDAO, and Compound Face a Repricing of Exploit Risk

Sector Read-Through: TVL and Liquidity in Play

Explore More

More from AlphaScala

Trading Q&A

Related Tools & Research