Reading time: ≈ 8 min • Last updated: • Based on Anthropic's Official Report
December 2025 Breaking Research: In a landmark study, AI company Anthropic has demonstrated that autonomous AI agents can find and exploit vulnerabilities in live smart contracts, generating simulated exploits worth $4.6 million. Even more alarming, these agents discovered previously unknown "zero-day" vulnerabilities.
1. The $4.6M Anthropic Report Explained
Anthropic's researchers built a first-of-its-kind benchmark called SCONE-bench (Smart CONtracts Exploitation) to measure the economic impact of AI's cyber capabilities, not just its technical skills.
Core Finding: When tested on 34 smart contracts that were exploited after the AI models' training data cutoff (post-March 2025), the agents successfully developed exploits for 19 of them, simulating the theft of $4.6 million.
Key Results from the SCONE-bench Study
| Test Scope | Contracts | Success Rate | Simulated Value | Key Takeaway |
|---|---|---|---|---|
| Full Retrospective (2020-2025) | 405 exploited contracts | 51.1% (207 contracts) | $550.1 Million | AI can replicate most past hacks. |
| Post-Cutoff Exploits (2025) | 34 recent contracts | 55.8% (19 contracts) | $4.6 Million | AI isn't just memorizing; it's reasoning on new data. |
| Zero-Day Discovery | 2,849 unknown contracts | 2 novel vulns found | $3,694 | Proof: AI can find new profitable bugs. |
Important: All testing was done in sandboxed simulators; no real funds were at risk.
2. How AI Agents Hack: Tools & Autonomy
This isn't about pasting code into ChatGPT. The agents in the study operated autonomously using a framework that gave them tools, a goal, and a sandbox to experiment in.
The Agentic Hacking Workflow
- Tool Access: The AI (like Claude Sonnet 4.5 or GPT-5) is given access to tools via the Model Context Protocol (MCP), allowing it to interact with a simulated blockchain environment.
- Analysis & Planning: It reads the smart contract's public code and transaction history to understand its purpose and state.
- Exploit Development: The agent hypothesizes a vulnerability, writes an exploit script, and tests it in the sandbox.
- Iteration & Monetization: If the exploit works, it doesn't stop. The study found top models like Opus 4.5 were exceptional at maximizing revenue, systematically draining all vulnerable liquidity pools instead of just one.
Beyond Smart Contracts: Anthropic notes the skills used here—code reasoning, logic flaws, tool use—directly translate to exploiting traditional software, from public APIs to internal services. This is a general cyber capability demonstration.
3. Zero-Day Discovery: The Real Game-Changer
The most significant part of the study wasn't the $4.6M figure. It was when researchers pointed the AI at 2,849 recently deployed contracts with no known vulnerabilities. The agents found two.
The Discovered Zero-Day Vulnerabilities
| Vulnerability Type | Mechanism | Potential Impact |
|---|---|---|
| Unprotected "Read-Only" Function | A function meant for calculations lacked the `view` modifier, allowing anyone to call it and manipulate internal contract state (like token supply). | Token inflation, fund theft. |
| Authorization Bug / Missing Validation | Improper access controls or missing checks in withdrawal logic allowed unauthorized fund access. | Direct draining of user funds. |
The Bottom Line: GPT-5 carried out this zero-day discovery and exploit creation at an API cost of $3,476 for a potential gain of $3,694. This proves, as a proof-of-concept, that profitable, fully autonomous exploitation is technically feasible today.
4. Economic Shift: Falling Cost, Rising Threat
The study tracked a terrifying trend: over the past year, the potential "exploit revenue" from AI agents on new problems doubled every 1.3 months. Meanwhile, the cost to run these agents is in freefall.
The New Math for Attackers: "As costs continue to fall, attackers will deploy more AI agents to probe any code that is along the path to valuable assets." The barrier to large-scale, automated vulnerability hunting is disappearing.
AI Hacking Economics: 2024 vs 2025
| Metric | 2024 | 2025 | Change |
|---|---|---|---|
| Cost per Exploit Discovery | $8,500+ | $3,476 | -59% |
| Agent Success Rate | 32% | 55.8% | +74% |
| Zero-Day Discovery Time | 72+ hours | 4-12 hours | -83% |
| ROI Potential | 2-3x | 10-100x | +900% |
5. Implications for DeFi & Blockchain Security
"More than half of the blockchain exploits carried out in 2025... could have been executed autonomously by current AI agents." The implications are profound.
Immediate Consequences for the Industry
- The End of "Security Through Obscurity": Minor, forgotten contracts or obscure protocol integrations are now viable targets for low-cost, automated AI probes.
- Compressed Attack Timelines: The "window of opportunity" between a contract's deployment and its exploitation could shrink from days or hours to minutes.
- Asymmetric Warfare: A single individual with API credits can now wield the probing power equivalent to a team of expert auditors, 24/7.
- Audit Crisis: A one-time pre-launch audit is no longer sufficient. It provides a snapshot of security at a single point in time, before autonomous agents begin their perpetual scan.
6. Defense Strategies: Using AI for Security
Anthropic's core message is clear: "Now is the time to adopt AI for defense." The same agentic principles used for attack must be turned into automated defense systems.
A Defensive AI Security Stack
- AI-Powered Auditing & Static Analysis: Use agents to continuously review code pre- and post-deployment, not just once. Anthropic is open-sourcing SCONE-bench to help developers test their own contracts.
- Runtime Monitoring & Anomaly Detection: Deploy AI monitors that learn normal contract behavior and flag anomalous transaction patterns in real-time.
- Automated Patching & Response: Develop systems where an AI defender can not only find a bug but also propose, test, and (with governance) deploy a fix.
- Stress Testing with Adversarial AI: Regularly pit defensive AI agents against offensive ones in simulation to find weaknesses before attackers do.
The Double-Edged Sword: "The same agents could be deployed to patch vulnerabilities." The technology itself is neutral. The race is between defenders and attackers to implement it more effectively.
7. FAQ – Is Autonomous AI Hacking Here?
Quick answers to critical questions about the state of AI and smart contract security.
A: Not necessarily, but the capability is proven. The study was a controlled simulation. However, it provides a blueprint, and the economic incentives are clear. It's a matter of "when," not "if," this capability is weaponized.
A: No. Complexity doesn't correlate with exploit revenue in this study. The AI successfully exploited contracts across Ethereum, BSC, and Base. The primary factor was the value held by the contract, not its complexity. A simple bug in a wealthy contract is the prime target.
A: Integrate AI into their security lifecycle immediately. Move beyond human-only audits. Use AI tools for continuous code review, fork your mainnet and run autonomous AI stress tests before deployment, and implement real-time monitoring.
A: No. Blockchain is just the perfect measuring stick. Smart contracts provide a clear, monetary measure of success. The underlying capabilities—code comprehension, logical flaw discovery, tool use—apply directly to web servers, APIs, and traditional software. This is a general cybersecurity inflection point.
A: According to the study, about $3,476 for GPT-5 to find and exploit a zero-day. But costs are falling rapidly. With cheaper models (Claude Haiku, GPT-4o mini) and optimization, this could drop to under $1,000 soon, making it economically viable to probe thousands of contracts.
A: Absolutely, and this is the critical takeaway. The same AI agent technology can be used for continuous auditing, real-time monitoring, and automated patching. The race is between attackers and defenders to implement AI security systems first.
8. Verdict: The New Security Reality
Anthropic's research is not a prediction; it's a demonstration. The genie is out of the bottle.
The strategic landscape has shifted in three fundamental ways:
- Economics Favor the Attacker: The cost of launching sophisticated, scalable attacks is plummeting while potential rewards remain astronomical. This creates an unsustainable imbalance.
- Defense Must Become Autonomous & Continuous: Human-scale security practices are obsolete against machine-scale threats. Defenders must use AI to match the speed, scale, and persistence of AI attackers.
- Everyone is a Target: The automation removes the "is it worth my time?" calculation for human hackers. Every contract with value, no matter how small or obscure, will be probed.
Final Warning: This research should be the ultimate wake-up call for the Web3 industry and cybersecurity professionals everywhere. The tools for building both offensive and defensive AI agents are available now. The race is on. The question is no longer about theoretical risk, but about who implements effective AI defense first.
Bottom line: The time for incremental improvement in security is over. A paradigm shift is required. The organizations that survive and thrive will be those that build their security posture around the central, new reality: You are now defending against intelligent, autonomous software. You must respond in kind.
Actionable takeaway: Audit your contracts with AI tools this week. Implement continuous monitoring. Start planning for AI-powered defense systems. The attackers aren't waiting.