Blockchain Security Expert Warns All DeFi Unsafe as AI Agents Outpace Auditors

Manuel Aráoz, co-founder of blockchain safety agency OpenZeppelin, says he now considers each decentralized finance (DeFi) protocol unsafe, blaming speedy advances in AI code-exploitation brokers.

Specifically, the auditor highlights Aave, MakerDAO and Compound, three blue-chip protocols his agency has helped safe since 2015.

Aráoz Frames the Security Asymmetry

The OpenZeppelin govt argued that coding agents now outperform people at discovering sensible contract bugs.

“I now think about all of DeFi unsafe. Coding brokers are superhuman at discovering vulnerabilities, and sensible contract safety is just too uneven: defenders want to repair each bug whereas attackers want only one exploit to steal funds,” he wrote in a publish.

He mentioned the imbalance is decisive as a result of defenders should shut each flaw whereas attackers want just one.

Follow us on X to get the newest information as it occurs

I’ve been privately advising family and friends to exit all DeFi positions together with low-risk “blue chips” like Aave, MakerDAO & Compound.

— Manuel Aráoz (@maraoz) May 26, 2026

His warning arrives as recent benchmarks present frontier fashions can autonomously find and weaponize blockchain flaws, a trend BeInCrypto has tracked throughout 2026.

One a16z sandbox experiment earlier this 12 months confirmed an agent escaping its testing surroundings to retrieve a stay API key.

Industry Pushback Builds Quickly

Marc Zeller, founding father of the Aave Chan Initiative, referred to as the publish “moronic.” He argued that fewer than 10% of final 12 months’s DeFi losses came from codebase flaws, with most stemming from parameter misconfiguration and weak operational safety.

What a moronic factor to say.

Less than 10% of previous 12 months DeFi points are because of codebase.

It’s principally dangerous parameter configuration, collateral blow up and poor opsec.

— Marc Zeller (@Marczeller) May 27, 2026

Investor Jacob Franek added that high-TVL protocols would already be drained if Aráoz’s thesis held.

He additionally mentioned timelocks and circuit breakers stay efficient non-code mitigations, and that the identical AI instruments will finally energy defensive formal verification when delivery new code.

“This is a brief downside. Mythos or no matter comes quickly after it’ll in all probability be “as good as it will get” in relation to discovering exploits, so these writing new contracts will have the ability to use these identical fashions to formally confirm and sure remove all assault surfaces (at the least these inherent to the app itself — i.e., excluding exterior failures like collateral collapse or oracle exploits) when delivery code,” Franek added.

OpenZeppelin itself has not endorsed Aráoz’s exit recommendation.

The agency printed a layered DeFi danger framework earlier in May and just lately launched a steady AI-assisted audit subscription designed to enhance one-off opinions.

The publish Blockchain Security Expert Warns All DeFi Unsafe as AI Agents Outpace Auditors appeared first on BeInCrypto.