A new a16z research paper shows AI agents can exploit 70% of common DeFi vulnerabilities, signaling a new front in the blockchain security arms race.
Back
AI agents find 70% of DeFi exploits in new a16z test
A new study from a16z’s research division found that a powerful AI model could successfully exploit 70% of 20 historical DeFi vulnerabilities on Ethereum when given targeted guidance. The success rate, which jumped from just 10% without assistance, demonstrates the growing capability of AI to automate the discovery and execution of costly smart contract attacks.
The research, which used the Codex model based on GPT-5.4 architecture, suggests a significant shift in the security landscape for decentralized finance. “The study found that while the AI failed at complex multi-step attacks, its ability to identify price manipulation vulnerabilities rose dramatically when supplied with structured domain knowledge,” the paper’s summary notes. This highlights a brewing arms race where both attackers and defenders will increasingly use AI tools.
In the systematic test, a16z researchers pitted the AI agent against 20 known price manipulation vulnerabilities that have occurred on the Ethereum blockchain. On its own, the model could only find and exploit two of the 20 flaws, a 10% success rate. However, when researchers provided the agent with structured information about the target protocols—such as function names and code comments—its success rate climbed to 70%.
This finding comes as the stakes in DeFi security have never been higher. The research lands just weeks after a major exploit involving Kelp DAO and the Aave lending protocol resulted in a nearly $300 million theft, according to a report from NYDIG [1]. That attack, which created 116,500 unbacked rsETH tokens, underscores the systemic risks posed by the exact type of vulnerabilities that a16z’s research shows AI can now automate.
The Anatomy of an AI-Driven Exploit
The a16z experiment reveals that the effectiveness of an AI attacker is less about raw intelligence and more about context. The dramatic jump in success from 10% to 70% was not due to a more powerful model, but to providing the existing model with better information. This "structured domain knowledge" acts as a map, guiding the AI to the most vulnerable parts of a protocol’s code.
This aligns with analysis from cybersecurity experts, who note that AI is fundamentally compressing the attack path. Instead of an attacker needing to manually perform reconnaissance, escalate privileges, and move laterally through a network, an AI can potentially execute an attack from a single prompt [3]. The a16z test provides a practical demonstration of this theory within the DeFi context: given the right inputs, the AI could move directly from prompt to exploitation.
Where AI Still Falls Short
Despite the high success rate under guided conditions, the research also clearly defined the current limits of AI agents in cybersecurity. The model failed when faced with complex, multi-step attacks that required abstract reasoning or an understanding of intricate DeFi concepts like recursive lending.
This indicates that human expertise in designing complex exploits remains superior. The AI agent excelled at identifying and executing known patterns of vulnerabilities, particularly in price manipulation, but it could not innovate a novel multi-stage attack strategy. For now, the most sophisticated and dangerous threats are still likely to be human-driven.
The research paints a dual picture for the future. On one hand, the convergence of AI and crypto promises a new wave of autonomous economic agents that can transact and coordinate on-chain, creating novel efficiencies [2]. On the other, this a16z study serves as a sobering reminder that these same tools can be weaponized.
The findings are a clear signal that the future of blockchain security will be an AI-driven arms race. While malicious actors may use AI to find victims, protocol developers and audit firms can use the same technology to proactively identify and patch vulnerabilities before they are exploited. For the multi-billion dollar DeFi industry, adapting to this new reality is not optional.
This article is for informational purposes only and does not constitute investment advice.
[1] a16z Research: AI agents can identify DeFi price manipulation vulnerabilities, but their ability to execute complex attacks is still limited[2] Kelp DAO Cross-Chain Bridge Exploit and Spillover to DeFi Protocol Aave Analyzed in New Report[3] The New Power Players: How Crypto Companies Are Building The Next Generation Of AI Agents[4] How AI Is Changing The Attack Path And Shifting Risk To Data[5] A crypto coalition releases technical proposal to save Aave users from a massive token exploit
