A specially designed AI security agent detected vulnerabilities in 92% of DeFi smart contracts mined in a new open source benchmark.
The study, released Thursday by AI security firm Cecuro, assessed 90 real-world smart contracts operated between October 2024 and early 2026, representing $228 million in verified losses. The specialized system reported vulnerabilities related to an exploit value of $96.8 million, compared to just 34% detection and $7.5 million coverage by a base coding agent based on GPT-5.1.
Both systems operated on the same border model. The difference, according to the report, was in the application layer: domain-specific methodology, structured review phases, and DeFi-focused security heuristics overlaid on the model.
The findings come amid growing concern that AI is accelerating crypto crime. Separate research from Anthropic and OpenAI showed that AI agents can now run end-to-end exploits on most known vulnerable smart contracts, with exploit capacity reportedly doubling approximately every 1.3 months. The average cost of attempting AI-based mining is approximately $1.22 per contract, significantly lowering the barriers to large-scale analysis.
Previous CoinDesk coverage highlighted how bad actors such as North Korea have begun using AI to scale up hacking operations and automate parts of the mining process, highlighting the growing gap between offensive and defensive capabilities.
Cecuro says many teams rely on general-purpose AI tools or spot audits for security, an approach that benchmarking suggests could miss complex, high-value vulnerabilities. Several contracts in the dataset had already been subject to professional audits before being used.
The benchmark dataset, evaluation framework, and base agent are available as open source on GitHub. The company said it had not released its full security guard out of concern that similar tools could be repurposed for offensive purposes.
