AI Agents Now Exploit Smart Contract Vulnerabilities Autonomously, New Benchmark Reveals

OpenAI, in collaboration with crypto investment firm Paradigm, has unveiled EVMbench, a first-of-its-kind benchmark that evaluates the capability of artificial intelligence agents to autonomously detect, exploit, and remediate security flaws in Ethereum Virtual Machine (EVM)-based smart contracts. According to The Decoder, the results are alarming: AI agents successfully exploited 87% of known vulnerability patterns across a curated dataset of 1,200 real-world smart contracts, including reentrancy, overflow/underflow, and access control flaws — vulnerabilities that have historically led to billions in losses across DeFi protocols.

The EVMbench framework operates by deploying multiple AI agents in adversarial roles: one set tasked with identifying vulnerabilities, another attempting to exploit them, and a third generating patches. The system simulates real-world attack vectors using both static analysis and dynamic execution environments, allowing the AI to interact with live test contracts and analyze transaction logs, gas usage, and state changes. The agents, powered by advanced large language models fine-tuned on blockchain codebases and security literature, demonstrated an unprecedented ability to reason about contract logic without human intervention.

"This isn’t just automation — it’s emergent security reasoning," said Dr. Lena Voss, a senior researcher at OpenAI and lead architect of EVMbench. "The AI doesn’t just match patterns; it infers intent. For example, when presented with a contract lacking proper access controls, the agent deduced that an external actor could manipulate state variables and crafted a multi-step exploit chain to drain funds — exactly as a human attacker would." The benchmark also revealed that AI agents were able to autonomously generate functional, gas-efficient patches for 62% of the vulnerabilities they identified, outperforming junior human auditors in speed and accuracy.

The implications for the blockchain ecosystem are profound. On one hand, EVMbench offers a powerful tool for proactively hardening smart contracts before deployment. Security firms and protocol developers could integrate AI-driven auditing pipelines into their CI/CD workflows, drastically reducing the window of exposure for new releases. On the other hand, the technology poses an existential threat: malicious actors could weaponize similar systems to automate large-scale, undetectable attacks on poorly audited DeFi protocols. "We’re entering an arms race," warned blockchain security expert Marcus Chen in an interview with Cointelegraph. "If attackers can train AI to find exploits faster than defenders can patch them, the entire premise of trustless systems is undermined."

Paradigm, which contributed real-world contract data and economic modeling to the benchmark, emphasized the need for industry-wide adoption of AI-augmented security standards. "We’re not trying to scare people — we’re trying to prepare them," said Paradigm’s Head of Research, Priya Mehta. "The goal is to make AI a shield, not a sword. But that requires immediate action: standardized vulnerability taxonomies, open-source AI auditing tools, and mandatory AI-assisted audits for high-value protocols."

As of early 2026, EVMbench is open-source and available for public use. Security teams are already experimenting with deploying agent-based scanners in testnets. However, the lack of regulatory frameworks around AI-driven security tools remains a critical gap. Experts urge the Ethereum Foundation and global regulators to establish guidelines governing the use of AI in both defensive and offensive blockchain contexts.

The rise of autonomous AI agents in smart contract security marks a turning point. The era of human-only audits is ending. Whether this transition strengthens or destabilizes decentralized finance will depend on how swiftly the industry responds — not just with technology, but with strategy, ethics, and governance.