Audit log

Every state-changing event for OpenZeppelin AI Exploit Threat Vector: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-28 15:34:11Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 422,748,373

   sig

   5QTW2HEtCKdr…bn1VziZWcopyexplorer ↗

   hash

   ENBQrEjMjrC6…LHrdHJzPcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (32501 B) ▸

   {"actor":"system:backfill","investigation_id":"d1b74c35-3e74-4c78-a8a3-c1a76cb6637e","kind":"publish","page_slug":"openzeppelin-ai-exploit-threat-vector","published_at":"2026-05-28T15:34:11.862Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"OpenZeppelin AI Exploit Threat Vector","sections":[{"content":"Manuel Aráoz is a co-founder of OpenZeppelin, one of the most widely cited smart contract security firms in the cryptocurrency industry. Aráoz departed the firm in 2019 and is no longer operationally involved. OpenZeppelin, currently led by co-founder and CEO Demian Brener, has conducted security audits for major DeFi protocols including Aave, Compound, MakerDAO, Uniswap, and Coinbase. Its open-source smart contract libraries are embedded in a substantial portion of EVM-compatible protocol deployments globally. Because of OpenZeppelin's foundational role in DeFi security infrastructure, statements from its founders carry significant weight within the industry, even from individuals who have left the firm.","heading":"Background: Manuel Aráoz and OpenZeppelin","severity":"low","sources":[{"credibility":1,"name":"CoinDesk: DeFi isn't safe anymore because AI is becoming 'superhuman' at hacking","type":"news_article","url":"https://www.coindesk.com/tech/2026/05/27/openzeppelin-ceo-says-ai-makes-defi-unsafe-as-over-usd1-billion-hacked-from-defi-in-last-year"},{"credibility":1,"name":"The Block: OpenZeppelin founder says he now considers 'all of DeFi' unsafe","type":"news_article","url":"https://www.theblock.co/post/402687/openzeppelin-founder-all-defi-unsafe"}]},{"content":"On May 26, 2026, Aráoz posted a statement on X asserting that he 'now considers all of DeFi unsafe.' His central argument rested on a structural asymmetry in smart contract security: defenders must identify and remediate every vulnerability in a codebase, while attackers require only a single exploitable flaw to drain a protocol. Aráoz stated: 'Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.' He referenced Anthropic's Claude Mythos as a system capable of autonomously discovering and weaponizing software flaws at a speed that outpaces human defenders. Aráoz disclosed that he had privately advised friends and family to exit all DeFi positions, including holdings in major blue-chip protocols such as Aave, MakerDAO, and Compound. OpenZeppelin's current leadership distanced itself from the remarks, stating that Aráoz's views do not represent the company's current position, and reaffirmed its commitment to securing onchain finance through AI-augmented continuous security rather than recommending exit from DeFi.","heading":"The May 2026 Warning: Core Claims","severity":"critical","sources":[{"credibility":1,"name":"CoinDesk: DeFi isn't safe anymore because AI is becoming 'superhuman' at hacking","type":"news_article","url":"https://www.coindesk.com/tech/2026/05/27/openzeppelin-ceo-says-ai-makes-defi-unsafe-as-over-usd1-billion-hacked-from-defi-in-last-year"},{"credibility":2,"name":"CryptoTimes: All of DeFi Is Unsafe — OpenZeppelin Founder Sounds Alarm on AI Exploits","type":"news_article","url":"https://www.cryptotimes.io/2026/05/27/all-of-defi-is-unsafe-openzeppelin-founder-sounds-alarm-on-ai-exploits/"},{"credibility":2,"name":"BanklessTimes: All DeFi Is Unsafe as AI Attacks Rise, OpenZeppelin Co-Founder Says","type":"news_article","url":"https://www.banklesstimes.com/articles/2026/05/27/openzeppelin-co%E2%80%91founder-says-all-defi-is-insecure-as-attacks-outpace-defenses/"},{"credibility":2,"name":"BeInCrypto: Blockchain Security Expert Warns All DeFi Unsafe as AI Agents Outpace Auditors","type":"news_article","url":"https://beincrypto.com/expert-defi-unsafe-ai-attacks/"},{"credibility":2,"name":"PYMNTS: Security Chief Warns of AI's Outsized Threat to DeFi","type":"news_article","url":"https://www.pymnts.com/cybersecurity/2026/security-chief-warns-of-ais-outsized-threat-to-defi/"}]},{"content":"Aráoz's warning is supported by peer-reviewed and independently published research. In December 2025, researchers affiliated with MATS and Anthropic Fellows published findings from SCONE-bench, a benchmark comprising 405 real smart contracts exploited between 2020 and 2025. Across those contracts, frontier AI models achieved a 51.11% autonomous exploitation rate. On vulnerabilities discovered after model knowledge cutoffs — effectively zero-day conditions — the success rate reached 55.8%. Claude Opus 4.5 alone exploited 65% of post-June 2025 vulnerabilities, corresponding to $3.7 million in simulated stolen funds. Collectively, Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 generated exploits worth $4.6 million. Critically, when tested against 2,849 recently deployed contracts with no previously known vulnerabilities, both Claude Sonnet 4.5 and GPT-5 independently uncovered two novel zero-day exploits. The research found that simulated exploit revenue 'roughly doubled every 1.3 months' over the prior year, driven by improvements in agentic capabilities including tool use, error recovery, and long-horizon task execution. The average cost to identify and exploit a vulnerable contract was $1,738, establishing a stark economic asymmetry in favor of attackers. Separately, Anthropic's Claude Mythos Preview, released in April 2026 and restricted to a limited set of security partners via Project Glasswing, demonstrated the ability to autonomously discover zero-day vulnerabilities across major operating systems and web browsers, producing 181 working exploits versus 2 for its predecessor Opus 4.6 in identical test conditions. The UK's AI Security Institute documented that Mythos became the first AI model to complete a 32-step corporate network attack simulation from start to finish without human assistance. While the Mythos research focused on traditional cyberinfrastructure rather than DeFi contracts specifically, the documented capability trajectory corroborates the concern that AI-augmented offensive tooling is advancing substantially faster than defensive adoption.","heading":"AI Exploit Capabilities: Research Evidence","severity":"critical","sources":[{"credibility":1,"name":"Anthropic Red Team: AI agents find $4.6M in blockchain smart contract exploits","type":"research","url":"https://red.anthropic.com/2025/smart-contracts/"},{"credibility":1,"name":"The Block: AI agents pose immediate threat to smart contract security, Anthropic says","type":"news_article","url":"https://www.theblock.co/post/381035/ai-agent-smart-contract-anthropic"},{"credibility":1,"name":"Anthropic Red Team: Claude Mythos Preview","type":"research","url":"https://red.anthropic.com/2026/mythos-preview/"},{"credibility":2,"name":"Decrypt: Anthropic Claude Mythos — Serious Threat or Overhyped? AI Security Institute Weighs In","type":"news_article","url":"https://decrypt.co/364141/anthropic-claude-mythos-serious-threat-overhyped-ai-security-institute"},{"credibility":1,"name":"The Register: An AI for an AI — Anthropic says AI agents require AI defense","type":"news_article","url":"https://www.theregister.com/2025/12/05/an_ai_for_an_ai/"},{"credibility":2,"name":"OECD.AI: AI Agents Demonstrate Autonomous Exploitation of Blockchain Smart Contracts","type":"research","url":"https://oecd.ai/en/incidents/2025-12-02-e1e8"},{"credibility":2,"name":"Nextgov/FCW: Claude Mythos advances autonomous exploit development","type":"news_article","url":"https://www.nextgov.com/sponsors/2026/04/claude-mythos-advances-autonomous-exploit-development-what-agencies-can-do-prepare/413238/"}]},{"content":"The Aráoz warning emerged against a backdrop of accelerating losses in DeFi. More than $1.1 billion was lost to DeFi hacks in the 12 months preceding the May 2026 statement. In the first five months of 2026 alone, losses exceeded $840 million across dozens of incidents, with April 2026 accounting for more than $600 million. The two largest exploits of 2026 were the Kelp DAO bridge exploit on April 18-19, 2026, which drained 116,500 rsETH worth approximately $292 million, and the Drift Protocol exploit on April 1, 2026, in which attackers drained $285 million from the Solana-based DEX. Both incidents were attributed by blockchain analytics firms to North Korean state-sponsored actors, specifically TraderTraitor, a subgroup of the Lazarus Group. The Kelp DAO attack was the product of a social engineering campaign that began on March 6 when an attacker compromised a LayerZero Labs developer and harvested session keys. The Drift attack was the culmination of a six-month infiltration campaign beginning in fall 2025. North Korea-linked actors accounted for an estimated 76% of global crypto hack losses through April 2026, up from 64% in 2025. Step Finance lost approximately $27.3 million in a treasury key compromise on January 31, 2026, and subsequently shut down operations. DeFi's total value locked declined by more than $20 billion from January to late May 2026. More than 40 DeFi protocols shut down in 2026 following exploits, according to contemporaneous reporting. The primary attack vectors documented across 2026 include bridge message spoofing, social engineering combined with privileged key compromise, and fake collateral schemes, rather than AI-assisted smart contract vulnerability discovery per se. However, researchers and the Aráoz statement argue that AI tooling will accelerate the discovery phase of attacks that then proceed via these traditional vectors.","heading":"2026 DeFi Loss Landscape","severity":"high","sources":[{"credibility":1,"name":"CoinDesk: The $292 million Kelp DAO exploit","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/19/2026-s-biggest-crypto-exploit-kelp-dao-hit-for-usd292-million-with-wrapped-ether-stranded-across-20-chains"},{"credibility":2,"name":"Chainalysis: Inside the KelpDAO Bridge Exploit","type":"research","url":"https://www.chainalysis.com/blog/kelpdao-bridge-exploit-april-2026/"},{"credibility":1,"name":"Bloomberg: Drift DeFi Project on Solana Suffers $285 Million Crypto Exploit","type":"news_article","url":"https://www.bloomberg.com/news/articles/2026-04-01/solana-based-defi-project-drift-hit-by-285-million-exploit"},{"credibility":2,"name":"TRM Labs: North Korean Hackers Attack Drift Protocol In $285 Million Heist","type":"research","url":"https://www.trmlabs.com/resources/blog/north-korean-hackers-attack-drift-protocol-in-285-million-heist"},{"credibility":1,"name":"CoinDesk: Step Finance shuts operations after $27 million January hack","type":"news_article","url":"https://www.coindesk.com/business/2026/02/24/step-finance-shuts-operations-after-usd27-million-january-hack"},{"credibility":2,"name":"CryptoTimes: 40+ DeFi Protocols Shut Down in 2026","type":"news_article","url":"https://www.cryptotimes.io/2026/05/09/40-defi-protocols-shut-down-in-2026-inside-the-770m-hack-crisis-reshaping-crypto/"},{"credibility":2,"name":"CCN: Biggest DeFi Hacks and Exploits of 2026: $1 Billion+ Lost and Counting","type":"news_article","url":"https://www.ccn.com/education/crypto/defi-hacks-exploits-causes-crypto-stolen-2026/"},{"credibility":2,"name":"Halborn: Explained — The Step Finance Hack (January 2026)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-step-finance-hack-january-2026"}]},{"content":"The Aráoz warning was contested by several prominent DeFi figures. Marc Zeller, founder of the Aave Chan Initiative, described the post as 'moronic' and argued that fewer than 10% of DeFi losses in the prior year stemmed from code-level vulnerabilities. Zeller's counter-analysis attributed the majority of failures to parameter misconfiguration, weak collateral management, and poor operational security, rather than AI-assisted code exploitation. Investor Jacob Franek noted that if Aráoz's thesis were accurate, high-TVL protocols would already have been drained, and argued that the same AI tools enabling offense will eventually strengthen defensive verification. OpenZeppelin itself, while acknowledging the reality of AI-driven security risks, has positioned its response as embracing AI-augmented continuous security rather than retreat from DeFi. The firm launched an AI-assisted Continuous Security Program to provide always-on coverage beyond point-in-time audits. The current leadership under CEO Demian Brener explicitly stated that Aráoz's views do not represent the company's position. Separately, analysis of the two largest 2026 exploits — Kelp DAO and Drift Protocol — indicates both were executed through social engineering and infrastructure compromise rather than autonomous AI vulnerability discovery in smart contract code. This distinction supports Zeller's argument that operational security failures, not AI-powered code analysis, have driven the bulk of 2026 losses. Nonetheless, the published Anthropic research on SCONE-bench demonstrates that AI-assisted smart contract exploitation is technically feasible at a meaningful success rate and at very low cost, even if it has not yet been the documented primary vector in the largest 2026 incidents.","heading":"Industry Counterarguments and Dissenting Views","severity":"medium","sources":[{"credibility":2,"name":"BeInCrypto: Blockchain Security Expert Warns All DeFi Unsafe as AI Agents Outpace Auditors","type":"news_article","url":"https://beincrypto.com/expert-defi-unsafe-ai-attacks/"},{"credibility":2,"name":"CryptoPotato: AI Coding Agents Have Made All DeFi Unsafe, Security Expert Says","type":"news_article","url":"https://cryptopotato.com/ai-coding-agents-have-made-all-defi-unsafe-security-expert-says/"},{"credibility":1,"name":"OpenZeppelin: AI-Powered Security at the Speed of Development — Introducing the Continuous Security Program","type":"official","url":"https://www.openzeppelin.com/news/introducing-continuous-security-program"}]},{"content":"The core analytical claim advanced by Aráoz — and partially corroborated by Anthropic's published research — is that AI tooling has qualitatively shifted the cost-benefit calculus for DeFi attacks. Traditional audit-based security models presuppose that code review is the primary mechanism for finding vulnerabilities before deployment. If frontier AI agents can achieve a greater than 50% autonomous exploitation rate against known vulnerable contracts, and can discover novel zero-day vulnerabilities in recently deployed contracts, the window between deployment and exploitation narrows substantially. The Anthropic SCONE-bench research documented that exploit revenue from AI agents doubled every 1.3 months over the year preceding publication. The average cost per identified vulnerable contract — $1,738 — is trivially low relative to the potential upside from exploiting a protocol with hundreds of millions in TVL. CryptoBriefing reported that six-month-old audit reports 'cannot address vulnerabilities discovered by AI agents within hours,' a concern echoed by OpenZeppelin's own pivot to continuous monitoring. For protocol risk assessment purposes, the threat vector identified by Aráoz is most directly applicable to: protocols with large TVL and infrequent audit cycles; protocols relying on complex cross-chain bridges or messaging layers; protocols with publicly accessible codebases that can be analyzed at scale by AI agents; and protocols that have not adopted continuous monitoring, formal verification, or on-chain circuit breakers. The documented attacks in 2026 predominantly targeted off-chain infrastructure and operational security, not on-chain code. However, the Anthropic research and Claude Mythos capability assessments establish that the on-chain code attack surface is increasingly accessible to automated offensive tooling at production scale.","heading":"Structural Security Asymmetry and Protocol Risk Implications","severity":"high","sources":[{"credibility":1,"name":"Anthropic Red Team: AI agents find $4.6M in blockchain smart contract exploits","type":"research","url":"https://red.anthropic.com/2025/smart-contracts/"},{"credibility":2,"name":"CryptoBriefing: OpenZeppelin founder warns all of DeFi is unsafe amid security breaches","type":"news_article","url":"https://cryptobriefing.com/openzeppelin-founder-defi-unsafe-warning/"},{"credibility":2,"name":"Decrypt: Why DeFi Keeps Losing Millions to Exploits","type":"news_article","url":"https://decrypt.co/368591/why-defi-keeps-losing-millions-to-exploits"},{"credibility":2,"name":"Phemex: Every Major DeFi Hack in 2026 So Far — Bridge Exploits Dominate","type":"news_article","url":"https://phemex.com/blogs/defi-hacks-2026-bridge-exploits-explained"}]},{"content":"Aráoz specifically referenced Anthropic's Claude Mythos as a system capable of autonomously developing working exploits. Anthropic released Claude Mythos Preview in April 2026, initially restricted to a limited set of security research partners through Project Glasswing. According to Anthropic's own published assessment and evaluation by the UK's AI Security Institute, Mythos achieved a 73% success rate on expert-level capture-the-flag security challenges and became the first AI model to complete a 32-step corporate network attack simulation autonomously. In comparative testing, Mythos produced 181 working exploit scripts against Firefox where its predecessor Opus 4.6 produced only 2. Mythos demonstrated the ability to chain multiple vulnerabilities together in multi-stage attacks. Regarding smart contracts specifically, the Claude Mythos Preview disclosure documentation focused primarily on traditional cyberinfrastructure rather than blockchain-specific exploitation. The broader smart contract research was conducted with earlier Anthropic models (Opus 4.5, Sonnet 4.5) and demonstrated $4.6 million in simulated exploit revenue from post-knowledge-cutoff contracts. Separately, a real-world incident reported via Wu Blockchain on X documented that Claude Opus 4.6 wrote vulnerable code used in a live smart contract deployment, resulting in approximately $1.78 million in losses when a cbETH price was incorrectly set to $1.12 instead of approximately $2,200 — illustrating that AI-generated code defects, even absent deliberate exploitation, represent an additional risk vector. The Cloud Security Alliance characterized Claude Mythos as crossing an 'autonomous offensive threshold,' and the Nextgov assessment noted that open-weight models could reach comparable capability levels within 6 to 18 months.","heading":"Claude Mythos and Specific AI System Capabilities","severity":"critical","sources":[{"credibility":1,"name":"Anthropic Red Team: Claude Mythos Preview","type":"research","url":"https://red.anthropic.com/2026/mythos-preview/"},{"credibility":2,"name":"Decrypt: Anthropic Claude Mythos — Serious Threat or Overhyped? AI Security Institute Weighs In","type":"news_article","url":"https://decrypt.co/364141/anthropic-claude-mythos-serious-threat-overhyped-ai-security-institute"},{"credibility":2,"name":"Cloud Security Alliance: Claude Mythos and the AI Autonomous Offensive Threshold","type":"research","url":"https://labs.cloudsecurityalliance.org/research/csa-research-note-claude-mythos-autonomous-offensive-thresho/"},{"credibility":2,"name":"The Decoder: New benchmark shows Claude Mythos and GPT-5.5 can develop real browser exploits autonomously","type":"news_article","url":"https://the-decoder.com/new-benchmark-shows-claude-mythos-and-gpt-5-5-can-develop-real-browser-exploits-autonomously/"},{"credibility":3,"name":"Wu Blockchain on X: Claude Opus 4.6 wrote vulnerable code leading to $1.78 million exploit","type":"social_media","url":"https://x.com/WuBlockchain/status/2023937502613299291"},{"credibility":2,"name":"Nextgov/FCW: Claude Mythos advances autonomous exploit development","type":"news_article","url":"https://www.nextgov.com/sponsors/2026/04/claude-mythos-advances-autonomous-exploit-development-what-agencies-can-do-prepare/413238/"}]},{"content":"OpenZeppelin responded to the period's heightened threat environment by launching an AI-assisted Continuous Security Program, a subscription model designed to provide ongoing coverage beyond point-in-time audits. The program is structured around four layers of DeFi risk, covering continuous monitoring, bug bounties, formal verification, and insurance coverage. This represents a pivot from historical dependence on periodic audit reports, which the firm acknowledged cannot fully address rapidly evolving automated threat discovery. OpenZeppelin had separately announced the sunset of its Defender SaaS platform, with new signups disabled from June 30, 2025, and a final shutdown scheduled for July 1, 2026, in favor of open-source tooling for relayers and monitoring. Within the broader industry, CryptoBriefing reported that institutional DeFi allocation increasingly requires evidence of ongoing security measures, and that historically obtained audit reports are no longer considered adequate signals of current protocol safety. The Aave Chan Initiative's Marc Zeller issued a counter-recommendation, arguing that the appropriate response to AI-augmented threats is improved parameter governance and operational security rather than DeFi exit.","heading":"OpenZeppelin's Defensive Position and Industry Response","severity":"medium","sources":[{"credibility":1,"name":"OpenZeppelin: AI-Powered Security at the Speed of Development — Introducing the Continuous Security Program","type":"official","url":"https://www.openzeppelin.com/news/introducing-continuous-security-program"},{"credibility":1,"name":"OpenZeppelin: Defender Sunset FAQ","type":"official","url":"https://www.openzeppelin.com/news/defender-sunset-faq"},{"credibility":2,"name":"CryptoBriefing: OpenZeppelin founder warns all of DeFi is unsafe amid security breaches","type":"news_article","url":"https://cryptobriefing.com/openzeppelin-founder-defi-unsafe-warning/"}]}],"sources_used":[{"credibility":1,"name":"CoinDesk: DeFi isn't safe anymore because AI is becoming 'superhuman' at hacking","type":"news_article","url":"https://www.coindesk.com/tech/2026/05/27/openzeppelin-ceo-says-ai-makes-defi-unsafe-as-over-usd1-billion-hacked-from-defi-in-last-year"},{"credibility":1,"name":"The Block: OpenZeppelin founder says he now considers 'all of DeFi' unsafe","type":"news_article","url":"https://www.theblock.co/post/402687/openzeppelin-founder-all-defi-unsafe"},{"credibility":2,"name":"CryptoTimes: All of DeFi Is Unsafe — OpenZeppelin Founder Sounds Alarm on AI Exploits","type":"news_article","url":"https://www.cryptotimes.io/2026/05/27/all-of-defi-is-unsafe-openzeppelin-founder-sounds-alarm-on-ai-exploits/"},{"credibility":2,"name":"BanklessTimes: All DeFi Is Unsafe as AI Attacks Rise, OpenZeppelin Co-Founder Says","type":"news_article","url":"https://www.banklesstimes.com/articles/2026/05/27/openzeppelin-co%E2%80%91founder-says-all-defi-is-insecure-as-attacks-outpace-defenses/"},{"credibility":2,"name":"BitcoinWorld: OpenZeppelin Co-Founder Warning — Withdraw DeFi Funds","type":"news_article","url":"https://bitcoinworld.co.in/openzeppelin-co-founder-warning-withdraw-defi-funds/"},{"credibility":2,"name":"BeInCrypto: Blockchain Security Expert Warns All DeFi Unsafe as AI Agents Outpace Auditors","type":"news_article","url":"https://beincrypto.com/expert-defi-unsafe-ai-attacks/"},{"credibility":2,"name":"CryptoBriefing: OpenZeppelin founder warns all of DeFi is unsafe amid security breaches","type":"news_article","url":"https://cryptobriefing.com/openzeppelin-founder-defi-unsafe-warning/"},{"credibility":2,"name":"PYMNTS: Security Chief Warns of AI's Outsized Threat to DeFi","type":"news_article","url":"https://www.pymnts.com/cybersecurity/2026/security-chief-warns-of-ais-outsized-threat-to-defi/"},{"credibility":1,"name":"Anthropic Red Team: AI agents find $4.6M in blockchain smart contract exploits","type":"research","url":"https://red.anthropic.com/2025/smart-contracts/"},{"credibility":1,"name":"Anthropic Red Team: Claude Mythos Preview","type":"research","url":"https://red.anthropic.com/2026/mythos-preview/"},{"credibility":1,"name":"The Register: An AI for an AI — Anthropic says AI agents require AI defense","type":"news_article","url":"https://www.theregister.com/2025/12/05/an_ai_for_an_ai/"},{"credibility":2,"name":"Decrypt: Anthropic Claude Mythos — Serious Threat or Overhyped? AI Security Institute Weighs In","type":"news_article","url":"https://decrypt.co/364141/anthropic-claude-mythos-serious-threat-overhyped-ai-security-institute"},{"credibility":2,"name":"OECD.AI: AI Agents Demonstrate Autonomous Exploitation of Blockchain Smart Contracts","type":"research","url":"https://oecd.ai/en/incidents/2025-12-02-e1e8"},{"credibility":2,"name":"Cloud Security Alliance: Claude Mythos and the AI Autonomous Offensive Threshold","type":"research","url":"https://labs.cloudsecurityalliance.org/research/csa-research-note-claude-mythos-autonomous-offensive-thresho/"},{"credibility":2,"name":"Nextgov/FCW: Claude Mythos advances autonomous exploit development","type":"news_article","url":"https://www.nextgov.com/sponsors/2026/04/claude-mythos-advances-autonomous-exploit-development-what-agencies-can-do-prepare/413238/"},{"credibility":2,"name":"The Decoder: New benchmark shows Claude Mythos and GPT-5.5 can develop real browser exploits autonomously","type":"news_article","url":"https://the-decoder.com/new-benchmark-shows-claude-mythos-and-gpt-5-5-can-develop-real-browser-exploits-autonomously/"},{"credibility":1,"name":"CoinDesk: The $292 million Kelp DAO exploit","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/19/2026-s-biggest-crypto-exploit-kelp-dao-hit-for-usd292-million-with-wrapped-ether-stranded-across-20-chains"},{"credibility":2,"name":"Chainalysis: Inside the KelpDAO Bridge Exploit","type":"research","url":"https://www.chainalysis.com/blog/kelpdao-bridge-exploit-april-2026/"},{"credibility":1,"name":"Bloomberg: Drift DeFi Project on Solana Suffers $285 Million Crypto Exploit","type":"news_article","url":"https://www.bloomberg.com/news/articles/2026-04-01/solana-based-defi-project-drift-hit-by-285-million-exploit"},{"credibility":2,"name":"TRM Labs: North Korean Hackers Attack Drift Protocol In $285 Million Heist","type":"research","url":"https://www.trmlabs.com/resources/blog/north-korean-hackers-attack-drift-protocol-in-285-million-heist"},{"credibility":1,"name":"CoinDesk: Step Finance shuts operations after $27 million January hack","type":"news_article","url":"https://www.coindesk.com/business/2026/02/24/step-finance-shuts-operations-after-usd27-million-january-hack"},{"credibility":2,"name":"Halborn: Explained — The Step Finance Hack (January 2026)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-step-finance-hack-january-2026"},{"credibility":2,"name":"Elliptic: Drift Protocol exploited for $286 million in suspected DPRK-linked attack","type":"research","url":"https://www.elliptic.co/blog/drift-protocol-exploited-for-286-million-in-suspected-dprk-linked-attack"},{"credibility":1,"name":"OpenZeppelin: AI-Powered Security at the Speed of Development — Introducing the Continuous Security Program","type":"official","url":"https://www.openzeppelin.com/news/introducing-continuous-security-program"},{"credibility":1,"name":"OpenZeppelin: Defender Sunset FAQ","type":"official","url":"https://www.openzeppelin.com/news/defender-sunset-faq"},{"credibility":2,"name":"CryptoPotato: AI Coding Agents Have Made All DeFi Unsafe, Security Expert Says","type":"news_article","url":"https://cryptopotato.com/ai-coding-agents-have-made-all-defi-unsafe-security-expert-says/"},{"credibility":2,"name":"Decrypt: Why DeFi Keeps Losing Millions to Exploits","type":"news_article","url":"https://decrypt.co/368591/why-defi-keeps-losing-millions-to-exploits"},{"credibility":2,"name":"Phemex: Every Major DeFi Hack in 2026 So Far — Bridge Exploits Dominate","type":"news_article","url":"https://phemex.com/blogs/defi-hacks-2026-bridge-exploits-explained"},{"credibility":2,"name":"CCN: 400M+ Lost to DeFi Exploits in 2026 — Drift Protocol, Rhea Finance, Step Finance Among Biggest Hacks","type":"news_article","url":"https://www.ccn.com/education/crypto/defi-hacks-2026-137m-lost-step-finance-truebit-resolv-exploits/"},{"credibility":3,"name":"Wu Blockchain on X: Claude Opus 4.6 wrote vulnerable code leading to $1.78 million exploit","type":"social_media","url":"https://x.com/WuBlockchain/status/2023937502613299291"},{"credibility":2,"name":"CryptoTimes: 40+ DeFi Protocols Shut Down in 2026","type":"news_article","url":"https://www.cryptotimes.io/2026/05/09/40-defi-protocols-shut-down-in-2026-inside-the-770m-hack-crisis-reshaping-crypto/"}],"summary":"On May 26, 2026, Manuel Aráoz, co-founder of smart contract security firm OpenZeppelin, issued a public warning on X declaring that he considers 'all of DeFi unsafe,' citing the emergence of AI coding agents that are 'superhuman' at discovering and weaponizing smart contract vulnerabilities. The warning coincided with more than $1.1 billion lost to DeFi hacks in the prior 12 months and was substantiated by Anthropic research published in late 2025 demonstrating that frontier AI models can autonomously exploit known smart contract vulnerabilities at scale. This entry tracks the AI-assisted DeFi exploit surface as a forward-looking threat category, documenting the evidence base, industry response, and structural security asymmetry that Aráoz and corroborating researchers describe.","timeline":[{"date":"2025-12-02","event":"MATS/Anthropic Fellows researchers publish SCONE-bench findings showing frontier AI models achieve greater than 51% autonomous exploitation rate on real-world smart contracts, with simulated exploit revenue doubling every 1.3 months.","source":"OECD.AI / Anthropic Red Team","source_url":"https://oecd.ai/en/incidents/2025-12-02-e1e8"},{"date":"2026-01-31","event":"Step Finance confirms $27.3 million treasury theft via compromised executive device and private key exposure. Protocol subsequently shuts down operations.","source":"CoinDesk","source_url":"https://www.coindesk.com/business/2026/02/24/step-finance-shuts-operations-after-usd27-million-january-hack"},{"date":"2026-04-01","event":"Drift Protocol suffers $285 million exploit on Solana, attributed to a six-month DPRK social engineering campaign. Attackers obtained pre-signed transactions from Security Council members to gain admin control.","source":"Bloomberg / TRM Labs","source_url":"https://www.bloomberg.com/news/articles/2026-04-01/solana-based-defi-project-drift-hit-by-285-million-exploit"},{"date":"2026-04-08","event":"Anthropic releases Claude Mythos Preview to a restricted set of security partners via Project Glasswing. Internal and UK AI Security Institute evaluations document 181 working exploit scripts produced autonomously versus 2 for predecessor model.","source":"Anthropic Red Team","source_url":"https://red.anthropic.com/2026/mythos-preview/"},{"date":"2026-04-18","event":"KelpDAO bridge exploit drains 116,500 rsETH (approximately $292 million) via LayerZero message spoofing, traceable to a social engineering compromise of a developer that began March 6, 2026. Attributed to Lazarus Group / TraderTraitor.","source":"CoinDesk / Chainalysis","source_url":"https://www.coindesk.com/tech/2026/04/19/2026-s-biggest-crypto-exploit-kelp-dao-hit-for-usd292-million-with-wrapped-ether-stranded-across-20-chains"},{"date":"2026-05-26","event":"Manuel Aráoz posts on X declaring 'all of DeFi unsafe,' citing AI coding agents as 'superhuman' at finding smart contract vulnerabilities and referencing Anthropic's Claude Mythos. Advises friends and family to exit all DeFi positions including Aave, MakerDAO, and Compound.","source":"CoinDesk / The Block","source_url":"https://www.coindesk.com/tech/2026/05/27/openzeppelin-ceo-says-ai-makes-defi-unsafe-as-over-usd1-billion-hacked-from-defi-in-last-year"},{"date":"2026-05-27","event":"OpenZeppelin current leadership under CEO Demian Brener distances company from Aráoz's remarks, stating his views do not represent OpenZeppelin's position. Marc Zeller of Aave Chan Initiative publicly disputes the thesis, arguing fewer than 10% of 2025-2026 DeFi losses stemmed from code-level vulnerabilities.","source":"CoinDesk / BeInCrypto","source_url":"https://beincrypto.com/expert-defi-unsafe-ai-attacks/"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 6dcd8d85-e70f-468e-9df4-9a25d71f8073copy