May 27, 2026 — Manuel Araoz, CEO of OpenZeppelin, issued a sector-wide security warning on Wednesday, declaring that he now considers all of decentralized finance unsafe as AI coding agents reach superhuman capability at finding smart contract vulnerabilities.
"I now consider all of DeFi unsafe," Araoz wrote on X. "Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds."
The warning lands as DeFi's total value locked has dropped by more than $20 billion since January 1, 2026, according to DeFiLlama data. Over the same stretch, the sector has lost more than $1.1 billion to exploits in the past 365 days, per DeFiLlama's hacks tracker.
The recent ledger makes Araoz's point concrete. April's Kelp DAO exploit drained $292 million by attacking cross-chain infrastructure, stranding wrapped ether across 20 chains. Step Finance shut down in February after a $27 million January hack left it unable to recover. Neither project has recovered the funds.
The asymmetry Araoz describes is not new, but AI sharpens it structurally. Defenders must identify and patch every flaw in a codebase that is public by design. An attacker needs only one. As AI agents accelerate discovery, the gap between attacker throughput and defender capacity widens.
The threat is not theoretical. Anthropic warned in March 2026 that its restricted Claude Mythos model can autonomously discover software vulnerabilities and develop working exploits at a level that surpasses existing automated tools. DeFi's transparency — long marketed as a feature, because users can audit any protocol — now creates structural exposure: machine systems can scan the same public code, identify weaknesses, and weaponize them faster than any security team can respond.
OpenZeppelin is not a peripheral voice. The firm wrote the open-source smart contract libraries that underpin the majority of Ethereum's deployed protocols. When its CEO calls the sector unsafe, the statement carries weight that a project team or analyst's warning does not.
Whether the industry treats this as a fire alarm or background noise is the question. Araoz offered no fix. The asymmetry he describes is architectural, not patching-cycle. Solving it likely requires rethinking what on-chain code exposure means in a world where attackers can field AI agents at scale.
Sources: CoinDesk, May 27 2026 · Araoz on X · DeFiLlama hacks tracker
Category: [tech]