Anthropic Study: GPT-5 and Claude Models Autonomously Exploit Smart Contracts, Raising DeFi Risk

Published: 2025-12-02 14:01:54 |

A joint study by Anthropic’s red team and the MATS program shows modern commercial AI models (Claude Opus 4.5, Claude Sonnet 4.5 and OpenAI’s GPT-5) can autonomously find and exploit smart-contract vulnerabilities. Using the SCONE benchmark of 405 real-world contracts (2020–2025), 10 major models produced working exploits for 207 contracts, simulating $550.1 million in compromised value. For contracts deployed after model training cutoffs, the top systems exploited 19 of 34 contracts, simulating $4.6 million. Targeting recently deployed, ostensibly clean code, Sonnet 4.5 and GPT-5 analyzed 2,849 recent contracts and discovered two previously unknown zero-day vulnerabilities with simulated gains of $3,694; that run cost $3,476 in GPT-5 API spend. The study documents sharp efficiency gains: the Claude family reduced median token cost per successful exploit by ~70% across generations, enabling roughly 3.4× more attacks for the same compute budget over six months. Overall, 207 of 405 SCONE contracts were exploitable across models, and the benchmark’s aggregated simulated loss equaled $550.1 million. Experiments ran in isolated simulated blockchains to avoid real-world harm. Key implications for traders: AI is materially lowering the cost and scaling of automated smart-contract exploits, compressing the time between deployment and potential exploitation. Traders should prefer audited, well-tested protocols, monitor exploit reports and on-chain flows closely, and tighten position sizing and risk limits for exposure to newly deployed or unaudited DeFi contracts. Primary keywords: smart contract exploits, AI security, DeFi risk, Anthropic, GPT-5. Secondary/semantic keywords: SCONE benchmark, zero-day, automated exploits, token cost, audit, on-chain flows.

Bearish

The study increases short-term and structural downside risk for DeFi markets. Short-term: demonstrated AI-driven exploits raise the probability of successful attacks on newly deployed or unaudited contracts, which can trigger rapid outflows, liquidations and price drops for tokens tied to vulnerable protocols. The reported efficiency gains (≈70% token-cost reduction and ~3.4× more attacks per compute budget) and successful exploitation of contracts published after model cutoffs show attackers can scale quickly and target fresh deployments. That favors risk-off behavior from traders — shifting funds into audited, liquidity-rich protocols or fiat — and increases volatility for affected tokens. Long-term: as AI lowers the cost of discovering exploits, the security premium for protocols (audits, formal verification, insurance) will rise; poorly secured projects may see sustained discounting or difficulty attracting liquidity. While the story does not directly affect base-layer asset fundamentals (e.g., ETH) in isolation, it materially raises idiosyncratic and systemic risk in DeFi, making the near-term price outlook for tokens associated with vulnerable or unaudited protocols bearish. Recommended trader actions: reduce exposure to new/un audited launches, monitor on-chain flows and exploit alerts, prefer protocols with formal audits or insurance, and tighten position sizing and stop-losses.