Manuel Araoz, CEO of the prominent blockchain security firm OpenZeppelin, has sounded a significant alarm over the safety of the decentralized finance (DeFi) sector. Sharing his remarks on X, Araoz declared that he currently finds “all” DeFi applications untrustworthy due to new risks posed by AI agents now capable of analyzing code at a “superhuman” level and exploiting system vulnerabilities.
Major losses and trust crisis in DeFi
According to data from DeFiLlama, the total value locked in DeFi platforms has dropped by $20 billion since the beginning of the year. While a portion of this decline is tied to overall market downturns, a succession of protocol breaches and growing concerns over security flaws have contributed heavily to investor anxiety.
Records show that over $1.1 billion in assets have been lost to various security incidents within the DeFi ecosystem in the past year. Notably, the April 2024 Kelp DAO hack, which resulted in a $292 million loss, exposed the serious vulnerabilities faced by cross-chain protocols. Likewise, the Solana-based Step Finance platform was forced to shut down entirely after a $27 million hack earlier this year.
| Protocol / Platform | Attack Value (USD) | Date | Outcome |
|---|---|---|---|
| Kelp DAO | 292 million | April 2024 | Cross-chain vulnerability |
| Step Finance | 27 million | Early 2024 | Closure |
Artificial intelligence as a security threat
A core risk highlighted by Araoz is that attacks are no longer solely conducted by humans; sophisticated AI agents are now entering the scene. One key development is Anthropic’s launch of Claude Mythos, an AI model with the ability to independently locate software vulnerabilities and instantly generate working exploit code. According to Anthropic, this model vastly outperforms today’s automated security tools.
Mini glossary: Anthropic is an American technology company specializing in artificial intelligence and language model research. Claude Mythos is its advanced AI model designed to autonomously detect software vulnerabilities and write automated exploit code.
Users are warning that the transparency DeFi once boasted is fast becoming a liability, as advanced machine-driven systems can now exploit it. Because smart contract code is publicly visible, AI is able to detect flaws faster than humans and instantly launch attacks.
Transformation of DeFi security models
Experts are emphasizing that the foundation of DeFi’s current security models was built to counter threats from human actors—not ultra-fast AI. With the arrival of advanced AI agents, both risk assessments and defense mechanisms must be radically reimagined. These emerging technologies can often outpace human-led response teams, leaving traditional systems unable to keep up.
