Blockchain Security Expert Warns All DeFi Unsafe as AI Agents Outpace Auditors

Manuel Aráoz, co-founder of blockchain security firm OpenZeppelin, says he now considers every decentralized finance (DeFi) protocol unsafe, blaming rapid advances in AI code-exploitation agents.

Specifically, the auditor highlights Aave, MakerDAO and Compound, three blue-chip protocols his firm has helped secure since 2015.

Aráoz Frames the Security Asymmetry

The OpenZeppelin executive argued that coding agents now outperform humans at finding smart contract bugs.

“I now consider all of DeFi unsafe. Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds,” he wrote in a post.

He said the imbalance is decisive because defenders must close every flaw while attackers need only one.

Follow us on X to get the latest news as it happens

His warning arrives as fresh benchmarks show frontier models can autonomously locate and weaponize blockchain flaws, a trend BeInCrypto has tracked across 2026.

One a16z sandbox experiment earlier this year showed an agent escaping its testing environment to retrieve a live API key.

Industry Pushback Builds Quickly

Marc Zeller, founder of the Aave Chan Initiative, called the post “moronic.” He argued that fewer than 10% of last year’s DeFi losses came from codebase flaws, with most stemming from parameter misconfiguration and weak operational security.

Investor Jacob Franek added that high-TVL protocols would already be drained if Aráoz’s thesis held.

He also said timelocks and circuit breakers remain effective non-code mitigations, and that the same AI tools will eventually power defensive formal verification when shipping new code.

“This is a temporary problem. Mythos or whatever comes soon after it will probably be “as good as it gets” when it comes to finding exploits, so those writing new contracts will be able to use these same models to formally verify and likely eliminate all attack surfaces (at least those inherent to the app itself — i.e., excluding external failures like collateral collapse or oracle exploits) when shipping code,” Franek added.

OpenZeppelin itself has not endorsed Aráoz’s exit advice.

The firm published a layered DeFi risk framework earlier in May and recently launched a continuous AI-assisted audit subscription designed to complement one-off reviews.