AI Agents Are Making DeFi Impossible to Defend, Security Veteran Warns

Benzinga reported Saturday that a prominent voice in blockchain security has declared the entire decentralized finance sector fundamentally unsafe, citing the rising power of AI-driven coding tools. The warning has reignited a long-running debate over DeFi security and who, if anyone, can realistically protect users at scale.

A Veteran’s Stark Assessment of DeFi Security

Manuel Aráoz, co-founder of blockchain security firm OpenZeppelin and its former chief technology officer, posted the warning on X in late May. He argued that AI coding agents have become superhuman at detecting weaknesses inside smart contract code. The structural problem, he said, is deeply asymmetric. Defenders must identify and patch every single vulnerability. Attackers need only find one to drain a protocol entirely. Aráoz told his followers he has personally advised friends and family to withdraw from all DeFi applications. He did not spare the sector’s most established names, flagging protocols including Aave, MakerDAO and Compound as offering no reliable safety guarantee.

April Delivered a Record Wave of Protocol Attacks

Aráoz’s remarks landed against a difficult backdrop. April 2026 ranked as the worst month on record for DeFi exploits, according to industry tracking data, adding urgency to questions about whether the sector’s security model remains viable as AI tooling advances rapidly.

The Industry Pushes Back Hard

OpenZeppelin itself distanced from its founder’s position. The firm argued in a series of public posts that AI is equally powerful as a defensive instrument, not just an offensive one. Company researchers, it said, already use AI daily to surface edge cases and unusual code behaviors that human auditors might miss. The answer to AI risk, the firm concluded, is more rigorous security practice, not withdrawal from DeFi entirely. Several prominent protocol figures echoed that line, attributing recent hacks primarily to operational security failures rather than flaws embedded in smart contract logic itself.

Not Everyone Finds That Reassuring

Web3 OPSEC researcher Pablo Sabbattela, founder of Security Alliance, told Benzinga the counterarguments offered little comfort to ordinary users. Most protocols, he said, are poorly equipped to handle even basic operational security standards. He also raised the permissionless nature of DeFi as a compounding factor. Once a protocol is successfully exploited, funds are typically gone permanently and the project rarely survives. The combination of open access and inevitable vulnerability discovery, whether by ethical researchers or criminal actors, makes the risk equation uniquely difficult to manage.

The debate remains unresolved, and the frequency of high-profile exploits suggests the pressure on both sides of the argument is far from easing.

Read Next: What the Fed’s Rate Pause Means for Risk Assets in 2026