Anthropic Study Confirms AI Agents Can Weaponize Smart Contract Exploits at Scale

• AI agents reproduced real-world smart-contract exploits worth $4.6 million in simulated value.
• Models identified new zero-day vulnerabilities in recently deployed blockchain contracts.
• Findings raise concerns about AI’s role in future automated cyberattacks.

Anthropic reported that advanced AI agents successfully exploited known blockchain vulnerabilities worth $4.6 million in simulations. The agents also uncovered new security flaws in recently deployed smart-contract code, all evaluated within local blockchain environments.

The tests were conducted using a controlled benchmark designed to measure how AI handles real-world cyber risks.

AI Models Recreate Real-World Blockchain Exploits

Anthropic and the Machine Learning for Alignment and Theory Scholars program created SCONE-bench, a dataset of 405 smart contracts that were hacked between 2020 and 2025. 

Researchers used the benchmark to test 10 leading AI models and instructed each model to analyze and attack vulnerable contracts in a sandboxed environment.

The agents generated working exploits for 207 contracts, representing roughly half of the dataset. When the researchers isolated 34 contracts hacked after the models’ knowledge cutoff in March 2025, the AI still produced functioning exploits for 19 of them. The simulated value of those successful attacks totaled $4.6 million.

Models that demonstrated the strongest performance included Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5.

AI Uncovers New Zero-Day Bugs in Recent Contracts

Researchers also tested whether the models could identify new vulnerabilities in code with no known issues. They used 2,849 recently deployed Binance Smart Chain contracts and allowed Sonnet 4.5 and GPT-5 to review them.

The agents detected two previously undocumented weaknesses and generated about $3,694 in simulated revenue—barely above the $3,476 API cost required to find them.

One flaw stemmed from a public function that was not restricted to read-only usage, allowing unauthorized balance manipulation. Another involved withdrawal logic that failed to verify fee-recipient addresses.

All tests took place on local blockchain forks, and no real user funds were exposed.

Growing Concerns for Blockchain Security

The results suggest that AI systems can automate exploit discovery at a scale that may challenge current cybersecurity practices. Faster vulnerability detection means attackers could strike sooner after contract deployment, reducing the time available for manual audits.

The findings also indicate that these methods could apply beyond blockchain. It could affect traditional software systems as AI becomes more capable and cheaper to operate.

Experts Voice Concerns 

An ex-Apple Engineer, AI Nat,  warns that autonomous AI agents now pose a risk to blockchain security, noting that they can rapidly detect vulnerabilities, execute exploits, and adjust to patches in real time. 

Nate says this ability to scan contracts at scale, attack immediately, and refine new strategies turns security into a continuous process rather than a one-time audit, increasing pressure on developers to adopt constant, AI-driven monitoring to keep up with evolving threats.

Another Engineer, Alex Havryleshko, said the findings show a steep rise in AI risk, noting that each step on the chart reflects a tenfold jump in simulated exploit revenue. He added that model performance appears to double every 1.3 months, underscoring how quickly AI is advancing in cyber-exploitation.

Related: Virtuals’ AI Agents Integrate with Coinbase Retail DEX on Base, VIRTUAL Up 30%

Meanwhile, a commentator added that high AI-agent costs limit the ability to scan for open-source contracts and noted that liquidity often appears later, creating tight detection windows. He added that fixing vulnerabilities during development with AI tools is the most effective defense and said easy hacking targets are quickly disappearing.