• The AI ​​agent recreated real-world good contract exploits price $4.6 million in simulation worth.
• The mannequin recognized a brand new zero-day vulnerability in not too long ago launched blockchain contracts.
• The findings increase considerations in regards to the function of AI in future automated cyberattacks.

Anthropic reported that its superior AI agent efficiently exploited $4.6 million price of identified blockchain vulnerabilities in simulations. The agent additionally found new safety flaws within the not too long ago launched good contract code. All of those had been evaluated inside a neighborhood blockchain atmosphere.

The assessments had been performed utilizing managed benchmarks designed to measure how AI addresses real-world cyber dangers.

AI fashions reproduce real-world blockchain exploits

Anthropic and the Machine Studying Program for Alignment and Idea created SCONE-bench, a dataset of 405 good contracts hacked between 2020 and 2025.

Researchers examined 10 main AI fashions utilizing benchmarks and instructed every mannequin to investigate and assault susceptible contracts in a sandbox atmosphere.

The agent generated legitimate exploits for 207 contracts, representing about half of the dataset. When researchers remoted the 34 hacked contracts after the mannequin’s data was minimize off in March 2025, the AI ​​nonetheless generated working exploits for 19 of them. The simulated worth of those profitable assaults totaled $4.6 million.

Fashions with the strongest efficiency embrace Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5.

AI discovers new zero-day bug in current contracts

The researchers additionally examined whether or not the mannequin may determine new vulnerabilities within the code even within the absence of identified points. They used 2,849 not too long ago launched Binance Sensible Chain contracts and made them out there for Sonnet 4.5 and GPT-5 to evaluation.

The agent detected two beforehand undocumented weaknesses and generated roughly $3,694 in simulation income. This was barely greater than the $3,476 API value required to search out the weak point.

One flaw resulted from a public operate that was not restricted to read-only use, permitting unauthorized stability manipulation. The opposite needed to do with the withdrawal logic the place the deal with of the payment recipient couldn’t be verified.

All testing was accomplished on a neighborhood blockchain fork and no actual person funds had been leaked.

Rising considerations about blockchain safety

This outcome means that AI techniques can automate exploit detection at a scale that would problem present cybersecurity practices. Quicker vulnerability detection means attackers can assault contracts sooner after deployment, decreasing the time spent on handbook audits.

The findings additionally present that these strategies have the potential to be utilized past blockchain. As AI turns into extra succesful and cheaper to function, it has the potential to affect conventional software program techniques.

Specialists’ considerations

Former Apple engineer AI Nat warned that autonomous AI brokers at the moment pose a danger to blockchain safety, noting that they will rapidly detect vulnerabilities, carry out exploits, and apply patches in actual time.

Nate says this capability to scan contracts at scale, assault immediately, and refine new methods turns safety into an ongoing course of quite than a one-time audit, rising strain on builders to undertake AI-powered steady monitoring to maintain up with evolving threats.

One other engineer, Alex Havryleshko, mentioned the findings present a pointy rise in AI danger, noting that every step within the graph displays a 10x spike in simulated exploit income. He added that mannequin efficiency seems to be doubling each 1.3 months, highlighting how quickly AI is advancing in cyberattacks.

Associated: Virtuals AI agent integrates with Coinbase Retail DEX on Base, rising VIRTUAL by 30%

Alternatively, commenters added that the excessive value of AI brokers limits their capability to scan open supply contracts, noting that liquidity usually emerges late and the detection window is slim. He added that utilizing AI instruments to repair vulnerabilities throughout growth is the simplest protection, and mentioned easy-to-hack targets are quickly disappearing.