
OpenZeppelin co-founder Manuel Aráoz warns that AI code-exploitation agents can now outpace human auditors, making every DeFi protocol unsafe.
Manuel Aráoz, co-founder of blockchain security firm OpenZeppelin, said he now considers every decentralized finance (DeFi) protocol unsafe. The reason is not a new vulnerability class or a single exploit – it is the accelerating capability of AI-driven code-exploitation agents that can find and weaponize flaws faster than human auditors can review them.
The statement is striking because OpenZeppelin wrote the contracts that underpin much of DeFi. Its ERC-20, ERC-721, and proxy-pattern libraries are the standard infrastructure for projects from Uniswap to Aave. Aráoz is effectively warning that the same code his firm helped secure is now being outpaced by autonomous attack tools.
Traditional smart-contract security relies on manual review and automated static analysis. Auditors find bugs, developers patch them, and the protocol deploys with a clean report. Aráoz argues that AI exploitation agents have collapsed the time window between a vulnerability's disclosure and its exploitation. An agent that can read Solidity, reason about state transitions, and simulate transaction sequences can latch onto a bug within hours – sometimes minutes – after the contract is deployed.
That speed matters because DeFi protocols hold liquidity pools and bridged assets that attackers can drain in a single atomic transaction. A protocol that passed a human audit last quarter may contain a logical flaw that an AI agent can identify and exploit before the auditor's second pass.
Aráoz's warning applies across the entire DeFi stack, including blue-chip protocols that trade at billions in total value locked (TVL). The risk is not limited to obscure tokens or unaudited projects. Any contract that executes user-provided calldata, relies on complex external calls, or uses reentrancy guards that an agent can learn to bypass is exposed.
For traders and allocators, this shifts the decision framework. A protocol with a six-month-old audit is not safer than one that launched yesterday if an AI agent can model both on the same blockchain state. The relevant signal is not the audit date but whether the team has a continuous monitoring layer and a bounty program large enough to reward automated hunting.
The conversation also ties into broader shifts in crypto market analysis. AI agents are not hypothetical – live exploits show the pattern. The South Korea DEX rug pull case and the SoFiUSD stablecoin incident both involved automated or semi-automated extraction of funds. AI-driven scripts are already in production; Aráoz is saying the software available to attackers now exceeds what most security firms deploy defensively.
For developers, the next step is not to abandon DeFi but to redesign the security pipeline. Formal verification, fuzz testing, and runtime monitoring become table stakes. Audit reports alone are no longer sufficient. Teams must assume that any bug an auditor can find, an AI agent can find faster, and any bug an auditor missed, an agent can still find.
For investors allocating to DeFi tokens or providing liquidity, the takeaway is concrete: position sizing must account for a higher frequency of zero-day exploits. A protocol may be solvent at launch and empty by lunch. The best crypto brokers that offer DeFi exposure now face a reputational risk if they do not require their listed projects to prove continuous security testing.
Aráoz's warning does not mean DeFi collapses tomorrow. It means the cost of security just went up, and the shelf life of every audit just shrank. The next major exploit that confirms this thesis will likely involve a contract that passed multiple reviews but was attacked by an AI agent within the same block it was funded.
Prepared with AlphaScala editorial tooling from the source reporting linked above. Indexable analysis may include a cited Alpha Score value. Publishing checks screen each story before release. Educational coverage, not personalized advice.