AI Models Expose Millions in Hidden Blockchain Weak Points
- AI systems can discover live smart contract faults and replicate real exploit activity.
- New zero-day flaws appear in simulations as agents act with rising technical skill.
- Financial loss tests reveal how advanced models can determine future cyber risks.
Anthropic reported on December 1, 2025, that advanced AI agents successfully produced smart-contract exploits worth millions of dollars, raising immediate concerns about the accelerating technical capabilities of modern systems. The study found that Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 collectively identified US$4.6 million in simulated exploits across contracts targeted in real attacks between 2020 and 2025.
Researchers stated that AI models executed these exploits in controlled simulations using full on-chain logic without human intervention. The company said this marks a measurable shift in the economic risk created by rapidly advancing AI cyber tools.
AI Models Generate Zero-Day Exploits in New Contracts
Anthropic stated that its evaluation went beyond retrospective testing to include 2,849 recently deployed smart contracts with no known vulnerabilities. During this phase, researchers noted that Sonnet 4.5 and GPT-5 uncovered two zero-day vulnerabilities that produced U.S. $3,694 in simulated exploit value. The report said GPT-5 generated its exploit at an API cost of U.S. $3,476, showing that profitable autonomous exploitation can occur even with current model pricing.
Researchers explained that this outcome demonstrates a technical proof-of-concept for real-world, AI-enabled exploitation. They said the finding illustrates the possibility of agents identifying vulnerabilities at deployment speed. Because the contracts were recently launched and not previously exploited, the tests served as a forward-looking demonstration of model performance in live-code environments.
The company added that these results reflect the increasing capability of models to perform tasks traditionally associated with skilled security researchers. Analysts reported that the performance suggests a rising need for defensive AI to meet expanding attack vectors created by advanced automation.
SCONE-Bench Provides Financially Grounded Evaluation
The study used a new evaluation framework called SCONE-bench. According to Anthropic, the benchmark includes 405 real smart contracts that have been previously exploited across three Ethereum-compatible chains. The benchmark design allows researchers to quantify exploit value directly by measuring increases in the agent’s on-chain token balance.
Researchers executed each exploit script in a forked blockchain environment to ensure accurate economic measurement. Anthropic reported that 10 tested models succeeded in exploiting 207 contracts, generating an estimated U.S. $550.1 million in simulated stolen value. The team also conducted contamination-controlled testing by limiting evaluation to 34 contracts exploited after March 1, 2025, which falls after model training cutoffs.
In this restricted set, Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 collectively found 19 exploitable contracts worth U.S. $4.6 million in simulated gains. Anthropic said this confirmed the models’ capability to identify vulnerabilities without relying on previously seen data. The benchmark, therefore, provides a direct monetary measure rather than traditional binary outcomes.
Broader Cyber Risks Emerge as AI Capabilities Grow
According to Anthropic, smart contracts are a remarkable test medium due to their public nature, auto-execution of financial logic, and instant reporting of losses. The research cited the theft of U.S. $120 million from Balancer in November 2025 as an instance of the economic consequences of contract flaws.
Related: Blockchain Security Firm Warns Against Fake TradingView Files
The company stated that this research connects smart-contract exploitation with wider AI-enabled cyber operations. It referenced an incident in which Claude Code was hijacked by a suspected state-aligned actor and used to conduct a large-scale espionage operation. Anthropic reported that the tool autonomously handled 80-90% of the campaign, including reconnaissance and data exfiltration.
Researchers warned that traditional development pipelines may not be positioned to defend against autonomous exploitation. They said AI-based threat discovery could outpace existing security audits. This leads to a critical question: Can global security teams adapt quickly enough to counter AI-driven cyber threats?
They reported that developers may need continuous AI-powered red-teaming and automated vulnerability discovery to match escalating risks. According to the findings, the evolution of AI exploitation tools will require new defensive strategies across blockchain and software ecosystems.
