Opinion: If AI is "superhuman" at finding bugs, why is only DEFI panicking?

Manuel Aráoz, co-founder of blockchain security firm OpenZeppelin, made a stark declaration this week: he now considers all of DeFi unsafe. In a post on X, he said he had personally advised friends and family to exit every DeFi position they hold, including holdings in established blue-chip protocols such as Aave, MakerDAO, and Compound.

The catalyst is straightforward. Industry experts say AI-powered coding tools are lowering the technical barriers for attackers, enabling vulnerabilities to be identified and exploited faster than many protocols can defend against them. Aráoz's concern is that the asymmetry has become untenable: defenders must seal every flaw, while an attacker needs only one to drain a protocol instantly and irreversibly.

The same AI, a very different threat surface

The reasonable question is why DeFi carries a disproportionate share of that risk. AI models capable of reading Solidity can equally parse Java, C++, or the legacy COBOL still running inside major banks. The capability threat is universal. The exposure is not.

Two structural differences define the gap. First, smart contract code is fully public. Advanced AI coding agents can rapidly scan publicly available on-chain code, identify subtle flaws, and generate working exploits at speeds far beyond human capabilities. TradFi code is closed and proprietary, which slows attackers without eliminating the risk. Second, smart contract transactions are irreversible. Bank wire fraud can be clawed back, accounts frozen, and transactions reversed within hours. On-chain, there is no equivalent recovery mechanism.

The numbers behind Aráoz's warning are hard to dismiss. His comments come amid a sharp decline of more than $20 billion in DeFi's total value locked this year and over $1.1 billion lost to hacks in the past 12 months, including high-profile exploits at Kelp DAO and Step Finance. Nearly $630 million was stolen from DeFi protocols in April alone, the highest monthly loss level since the February 2025 Bybit hack.

Who gets access to the frontier model

The deeper issue is access to defensive AI. @AnthropicAI's Claude Mythos, the model at the centre of this debate, is not publicly available. Access to Mythos remains limited, as Anthropic initially released the model to 40 select companies as part of the Glasswing project, with JPMorgan Chase being the only bank included. Anthropic reportedly briefed senior officials at the Cybersecurity and Infrastructure Security Agency (CISA) and the Center for AI Standards and Innovation on Mythos. @AnthropicAI has opened access to a small cohort that includes Microsoft, AWS, and select financial institutions, and Mythos has already revealed severe vulnerabilities across major operating systems and browsers.

DeFi protocols, managing hundreds of billions in user funds, are not part of that cohort. The asymmetry Aráoz identifies is therefore not simply attacker versus defender. It is about who gets a seat at the table when frontier AI tools are being used for defensive red-teaming, and right now, DeFi is not in the room.

A clean audit report from six months ago no longer suffices when AI agents can discover new attack vectors in hours. DeFi's security model was designed for a world where human hackers manually reviewed code. That world no longer exists.

Sources
The Block: OpenZeppelin founder says he now considers 'all of DeFi' unsafe
S&P Global: Anthropic's new AI model pushes banks to shore up cyber defenses
CNBC: Anthropic's Mythos set off a cybersecurity 'hysteria.' Experts say the threat was already here