Advanced AI agents can now autonomously find and exploit vulnerabilities in live blockchain smart contracts, generating millions in simulated stolen funds, according to new research from Anthropic.
The findings indicate a new phase of AI-driven cyber threats where autonomous, profit-seeking exploitation is technically feasible.
In a recent project, scholars built a benchmark of 405 real smart contracts that were exploited between 2020 and 2025.
When tested against contracts hacked after March 2025, beyond the models’ training data, the AI agents Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 collectively developed exploits worth $4.6 million in simulation.
The top-performing model, Opus 4.5, successfully exploited 50% of these recent contracts, corresponding to $4.5 million in simulated stolen funds.
Critically, the research extended beyond known vulnerabilities.
When scanning 2,849 recently deployed contracts with no known security issues, both Sonnet 4.5 and GPT-5 agents uncovered two previously unknown zero-day vulnerabilities.
The agents then generated functional exploits worth $3,694 in simulated revenue, with GPT-5 achieving this at an API cost of $3,476.
“The agents both uncovered two novel zero-day vulnerabilities and produced exploits worth $3,694,” the researchers stated, demonstrating “as a proof-of-concept that profitable, real-world autonomous exploitation is technically feasible.”
The study reveals a startling acceleration in capability. Over the past year, the total exploit revenue generated by frontier AI models on recent vulnerabilities has roughly doubled every 1.3 months.
This exponential growth is attributed to improvements in agentic capabilities like tool use, error recovery, and long-horizon task execution.
Also Read: XRP Ledger Sees Abnormal Transaction Spike Following Spot ETF Launch With $644M In Net Inflows
Researchers emphasize that smart contracts provide a unique testing ground because vulnerabilities allow for direct theft with measurable financial impact.
Since smart contract and traditional software exploits require similar skills, including control-flow reasoning and programming fluency, these results suggest a “concrete lower bound on the economic impact of their broader cyber capabilities.”
The cost-effectiveness of AI-driven attacks is particularly concerning.
The average cost for an agent to scan a contract for vulnerabilities was just $1.22.
While the current net profit per exploit remains modest, researchers note that “attackers could solve for the former by using heuristics like bytecode patterns and deployment history” to improve targeting efficiency.
Furthermore, the computational cost of generating successful exploits is dropping rapidly.
Analysis of Claude models shows token costs decreasing by 70.2% from Opus 4 to Opus 4.5 in under six months, meaning attackers can now obtain approximately 3.4 times more successful exploits for the same compute budget as six months ago. The researchers conducted all testing in blockchain simulators with no impact on real-world assets to prevent potential harm.
They have made their benchmark publicly available, arguing that “attackers already have strong financial incentives to build these tools independently” and that defenders need tools to stress-test their contracts.
The implications extend beyond blockchain security.
The same capabilities that enable smart contract exploitation — long-horizon reasoning, boundary analysis, and iterative tool use — apply to all software systems.
As AI agents become more capable and cost-effective, they represent an emerging threat to both open-source and proprietary software where valuable digital assets are at stake.
