AI agents pose immediate threat to smart contract security, Anthropic says

AI research company Anthropic said that advanced AI agents identified vulnerabilities in recent smart contracts that could have led to exploits worth millions of dollars, highlighting the growing threat AI poses to blockchain security.

The company said in its latest report that it tested models including Claude Opus 4.5 and Claude Sonnet 4.5 in a mock blockchain environment on previously exploited smart contracts deployed after March 2025. Anthropic said the AI agents successfully exploited 17 of 34 test contracts, stealing $4.5 million in simulated funds.

From its benchmark of 405 contracts deployed between 2020 and 2025 across Ethereum, BNB Smart Chain and Base, AI models successfully exploited 207 contracts and made off with $550 million in mock revenue, the report said.

Anthropic also tasked Sonnet 4.5 and GPT-5 with scanning 2,849 recently deployed contracts with no known vulnerabilities. Still, they uncovered two novel zero-day vulnerabilities with potential for exploits worth $3,694.

The vulnerabilities included authorization bugs allowing withdrawals of user funds, unprotected read-only functions that could allow AI agents to manipulate token supplies, and missing validations in fee withdrawal logic.

A Double-edged sword

"More than half of the blockchain exploits carried out in 2025 — presumably by skilled human attackers — could have been executed autonomously by current AI agents," the report stated. "Our proof-of-concept agent's further discovery of two novel zero-day vulnerabilities shows that these benchmark results are not just a retrospective — profitable autonomous exploitation can happen today."

Anthropic pointed out that with the rapid development of AI, exploit revenue from stolen simulated funds doubled every 1.3 months over the past year. 

"As costs continue to fall, attackers will deploy more AI agents to probe any code that is along the path to valuable assets, no matter how obscure: a forgotten authentication library, an obscure logging service, or a deprecated API endpoint," the report said.

However, Anthropic emphasized the potential of AI technology being used for the good, noting that the same agents could be deployed to patch vulnerabilities. The company said it plans to open-source the smart contracts exploitation benchmark (SCONE-bench) dataset to aid developers in testing and patching contracts.

"We hope that this post helps to update defenders' mental model of the risks to match reality — now is the time to adopt AI for defense," Anthropic said.