- Advanced AI models can identify and exploit vulnerabilities in smart contracts automatically.
- Testing on real exploited contracts showed AI generated about $4.6 million in simulated thefts.
- AI found new zero-day flaws in audited contracts, producing executable exploits for profit.
- The low cost of running these AI scans means automated attacks could increase rapidly.
- These AI capabilities are not limited to decentralized finance and could apply to other software systems.
Research by the ML Alignment & Theory Scholars Program (MATS) and the Anthropic Fellows program demonstrates that cutting-edge AI agents can autonomously locate and exploit security flaws in smart contracts. The study tested models including GPT-5, Claude Opus 4.5, and Sonnet 4.5 against SCONE-bench, a collection of 405 previously exploited contracts. These AI systems produced simulated attacks totaling approximately $4.6 million, targeting contracts hacked after the AI models’ knowledge cutoffs, indicating real-world exploit potential.
The AI not only identified bugs but also created full exploit scripts and performed attack sequences that mimicked actual breaches on Ethereum and BNB Chain blockchains. Further tests applied AI agents to 2,849 recently deployed BNB Chain contracts with no known compromises. In this set, GPT-5 and Sonnet 4.5 uncovered two zero-day vulnerabilities worth an estimated $3,700 in simulated gains. One flaw involved a missing view modifier in a public function, enabling token balance inflation. The other permitted the redirection of fee withdrawals to arbitrary addresses. Both AI-generated exploits successfully converted these flaws into profit.
The reported dollar amounts were modest, but the study signals that profitable automated exploitation of smart contracts is achievable. Running the AI on the entire contract set incurred a total cost around $3,500, with an average spend of $1.22 per contract scan. As AI tools become cheaper and more adept, the feasibility of automated attacks will increase, potentially shortening the time between contract deployment and exploitation. The researchers caution that these techniques could extend beyond decentralized finance (DeFi) systems to conventional software and infrastructure linked to digital assets.
The study highlights an urgent need for improved defensive measures against AI-enabled attacks, emphasizing that autonomous exploitation is now a practical reality rather than a theoretical concern. The question moving forward is how quickly security can adapt to counter this evolving threat landscape.
For more details, see the original research and information on IBM.com/think/topics/zero-day”>zero-day vulnerabilities.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Shiba Inu Sell Pressure Signals Major 2026 Rebound Ahead
- FDIC to Propose Stablecoin Implementation Rules This Month
- Indonesia Commits $1B to BRICS Bank Boosting De-Dollarization Efforts
- XRP Dips Below $2 Amid Heavy Volume, Eyes Key Resistance Zone
- Bitcoin Dips Below $84K Amid Central Bank Rate Hike Fears
