One of decentralized finance’s early security voices has warned that artificial intelligence is shifting the balance of power toward attackers, turning a bruising run of exploits into a broader exam of how DeFi can defend itself. On May 27, Manuel Aráoz, co-founder and former chief technology officer of OpenZeppelin, advised investors to exit DeFi positions, including exposure to established lending protocols such as Aave, MakerDAO, and Compound, arguing that autonomous coding agents now find vulnerabilities faster than human-led defenses can close them.

Market Impact

Aráoz’s call landed during a difficult stretch for the sector and quickly gained traction. Over the past year, decentralized finance protocols have recorded losses of more than $1.1 billion to exploits, with April alone accounting for $635 million across 28 reported incidents. Those setbacks coincided with steady outflows from the ecosystem: total value locked fell from roughly $172 billion in mid-April to about $148 billion as of press time, marking five consecutive weeks of declines. The pullback has also tracked broader market softness, even as Bitcoin approached $72,000 earlier today.

Against that backdrop, the warning has widened a technical debate into a strategic one. Rather than asking which single protocol failed, teams and traders are asking whether AI has lowered the cost of attacking open financial systems faster than the industry can strengthen its safeguards.

Technology Use Case

Aráoz’s concern centers on how AI reshapes the economics of offense and defense. Advanced models and agentic tools compress the time and resources needed to map smart contract weak points. In practice, that means faster identification of logic errors, misconfigured permissions, and faulty integrations, followed by near-costless testing and reconnaissance.

Research from venture capital firm a16z has underscored this dynamic by showing that AI agents repeatedly pinpoint core vulnerabilities seen in historical DeFi exploits. Even when those agents did not complete a full attack path, they often reached the stage that provides would-be attackers with a credible starting blueprint. In other words, simply lowering the expertise required to find a crack can expand the pool of viable threats.

Anthropic has drawn a similar line by restricting public access to its unreleased Claude Mythos model due to its ability to autonomously discover and potentially weaponize software flaws. For DeFi, where code, governance processes, and composable integrations are publicly visible and directly connected to liquid assets, that capability matters. The more open the system, the more surface there is for tools that can survey, simulate, and iterate at machine speed.

The result is greater pressure on teams whose defenses still lean on periodic audits, bug bounties, and manual reviews. If AI can reliably flag weak spots earlier and more cheaply, then the industry’s traditional safeguards must evolve to match that pace.

Industry Response

Not everyone agrees that AI has rendered DeFi broadly unsafe. Founders and security firms counter that the architecture of leading protocols has strengthened, and that many recent losses stem from operational breaks surrounding the code rather than from audited contracts themselves.

OpenZeppelin argued that a significant share of the largest incidents in recent months trace back to stolen private keys, bridge spoofing, social engineering, and access control lapses. That pattern suggests attackers frequently target the human and infrastructure layer—teams, permissions, and connected services—rather than exploiting new flaws in well-reviewed smart contracts.

Aave founder Stani Kulechov echoed that view, pointing to improvements across risk engines, lending market structures, formal verification, audits, bug bounties, cap management, oracle design, automated monitoring, and circuit breakers. In his assessment, the most exposed areas still resemble Web2-style weaknesses: internal controls and infrastructure processes that fail under pressure.

April’s exploit wave supports that framing, with several of the largest losses tied to compromised keys, social engineering, and bridge-related failures. For context, Drift Protocol’s $285 million incident has been linked to a six-month social engineering campaign involving North Korea’s Lazarus Group.

Uniswap founder Hayden Adams likewise pushed back on the idea that DeFi itself is inherently unsafe. He contends that well-designed contracts can deliver strong security properties, and that AI will primarily expose weak code, rushed deployments, and poor development practices more quickly.

Taken together, these responses shift the focus from a blanket retreat to a more discriminating assessment: which systems have layered controls capable of withstanding AI-assisted probing, and which are still vulnerable due to fragile operations, complex integrations, or limited monitoring.

AI Integration

Even as founders contest sweeping conclusions, many teams are quietly reshaping their defenses with AI. Nansen, an agentic AI trading platform, told CryptoSlate that major protocols are embracing AI on the defensive side rather than stepping back from open-source development. The logic is straightforward: if attackers can use agents to sift for bugs, defenders should use the same techniques to find and eliminate them first.

Recent product moves reflect that shift. OpenZeppelin has introduced tooling to help AI agents generate smart contracts using current, audited security libraries, aiming to reduce the risk that developers unknowingly rely on outdated training data or unsafe patterns. Uniswap has also launched an AI-integrated developer platform designed to make secure deployments easier from the outset. Both efforts point to an emerging reality: the next phase of DeFi security will likely be shaped by the tools that guide how code is written, reviewed, and monitored.

Operational Safeguards

The immediate priority, however, is containing damage quickly when something goes wrong. Deddy Lavid, chief executive officer of Cyvers, said static, point-in-time audits are no longer sufficient for protocols that steward large user balances. Instead, teams need continuous monitoring, live transaction simulation, and automated mechanisms that can slow or pause activity when suspicious patterns appear.

According to Lavid, more projects are adopting circuit breakers, transaction monitoring, multisig controls, and runtime protections. These measures can shrink potential losses by halting abnormal flows before assets leave a protocol or by buying time for a live response. The trade-off is clear: emergency pauses and tighter permissions can protect users, but they also introduce more human discretion into systems designed for automated execution and open access.

Risk Management Culture

Richard Liu, co-founder of Huma Finance, argues that the sector should aim to minimize the blast radius of failures rather than assume it can eliminate every failure mode. He compares the moment to the early evolution of digital commerce, where credit card networks continued to expand even as fraud persisted, relying on real-time detection, transaction limits, tokenization, insurance, and liability rules. By analogy, DeFi needs structures that prevent a single compromised key, configuration error, or coding bug from draining an entire liquidity pool.

That approach points to tighter limits on privileged roles, stronger key management, conservative exposure caps, better oracle design, transaction-level monitoring, and pre-execution blocking. Insurance, bug bounties, and live response teams could also play a larger role for platforms that hold substantial user capital.

User Behavior

For individual users, the practical takeaway may be selectivity rather than a wholesale exit. The pseudonymous Yearn Finance developer Banteg disagrees with leaving all DeFi positions but acknowledges the asymmetry between attackers and defenders. His guidance is to avoid new and exotic protocols and to focus on older, more battle-tested systems—an approach that could channel capital toward mature designs with simpler mechanics and clearer controls, while subjecting complex, high-yield experiments to greater scrutiny as AI accelerates the discovery of weak points.

Whether Aráoz’s stark warning becomes a turning point or a catalyst for stronger defenses, the industry’s next steps will be measured not only by how often incidents occur, but by how limited their impact can be when they do. In a world where AI compresses the timeline of attack, DeFi’s resilience will be defined by preparation, containment, and the speed of its response.