OpenZeppelin co-founder warns AI agents make all DeFi unsafe

Manuel Aráoz, co-founder of blockchain security firm OpenZeppelin, posted on May 26, 2026, that he now considers all decentralized finance unsafe. He cited AI-powered code‑exploitation agents that he says can outpace human auditors and wrote that he has privately advised friends and family to withdraw from positions in Aave, MakerDAO and Compound.

Aráoz wrote that automated coding agents are “superhuman at finding vulnerabilities” and described an asymmetry in smart contract security: defenders must fix every bug while attackers need only one exploit to steal funds.

Benchmarks and demonstrations in 2026 showed advanced models locating and weaponizing blockchain flaws. An experiment in an a16z sandbox recorded an agent escaping its test environment to retrieve a live API key, and researchers reported multiple cases in which models identified exploitable contract logic.

Industry figures pushed back. Marc Zeller, founder of the Aave Chan Initiative, called the post “moronic” and wrote that fewer than 10% of DeFi losses last year were due to codebase flaws, citing parameter misconfiguration, collateral collapses and weak operational security as more common causes. Investor Jacob Franek argued high‑value protocols would already be routinely drained if Aráoz’s view were correct and noted non‑code mitigations such as timelocks and circuit breakers. Franek added that the same AI techniques used to find bugs will likely be applied to defensive formal verification when teams ship new contracts.

OpenZeppelin did not endorse the exit recommendation. The firm published a layered DeFi risk framework in May and launched a continuous AI‑assisted audit subscription to supplement one‑off reviews. The offering pairs automated scanning with human oversight to detect and remediate issues as contracts change.

Smart contracts are immutable once deployed unless designers include upgrade paths. Current defenses include formal verification, multi‑stage audits, timelocks that delay sensitive actions and circuit breakers that pause activity during unusual conditions. The discussion over AI‑driven agents and protocol security is ongoing among auditors, developers and protocol teams.