A newly published Anthropic study reports that advanced AI agents identified $4.6M in simulated post‑March 2025 smart‑contract exploits, underscoring a measurable risk to decentralized finance (DeFi) code. The analysis situates this finding within a broader benchmark that reproduced $550.1M in historic exploit value and surfaced first proofs of autonomous zero‑day discovery, highlighting both replication of known attacks and the capability to uncover novel vulnerabilities.
The study by Anthropic evaluated Claude Opus 4.5, Sonnet 4.5 and GPT‑5 against a curated set of real‑world smart contracts, running agents on 405 contracts exploited between 2020 and 2025 and collectively reproducing an estimated $550.1M in exploit value to illustrate scale and capability. Focusing on contracts with exploits occurring after March 2025 to avoid training‑data contamination, the team reports approximately $4.6M in simulated agent‑attributable exploits, positioning this figure as a concrete indicator of current risk.
In a forward‑looking pass over 2,849 recently deployed Binance Smart Chain contracts with no known vulnerabilities, agents discovered two zero‑day bugs, including a GPT‑5 finding that yielded simulated profit of $3,694 at an API cost of roughly $3,476. A zero‑day vulnerability is a previously unknown software flaw that can be exploited before a fix is available, and the study presents these results as the first proofs that autonomous agents can discover previously unknown vulnerabilities.
The authors note a sharp pace of capability growth, with agent‑derived exploit revenues doubling roughly every 1.3 months during the observed period. They further observe that more than half of blockchain exploits in 2025 could plausibly have been executed autonomously by current agents, indicating a rapidly changing attacker profile.
Implications for traders, treasuries and security teams
Methodologically, the team excluded contracts exploited before March 2025 from certain analyses to reduce the risk of memorization, combining retrospective reproduction of known attacks with hands‑on probing of recent deployments to assess both replication and novel attack discovery. The $4.6M figure is framed as a conservative lower bound based on simulated, agent‑driven activity, and as the study states, “The benchmark results are not just a retrospective — profitable autonomous exploitation can happen today.”
For traders and institutional treasuries, the findings imply an elevated and accelerating risk of algorithmic exploitation against protocol code, with particular exposure in newly deployed contracts and complex derivative or yield‑generation logic. For security teams, the report functions as both a warning and a blueprint: the same agent capabilities that enable attack automation can be repurposed for continuous auditing, fuzzing and red‑team testing to detect emergent weaknesses more rapidly than manual processes.
The Anthropic study quantifies a present, reproducible risk: AI agents can re‑create historic exploits and find new vulnerabilities, producing at least $4.6M in simulated post‑March 2025 exploit value, and it signals an urgent need for defenders to adopt automated, AI‑driven testing to keep pace with autonomous attackers.
