Advanced AI models have demonstrated they can autonomously discover and exploit real-world software vulnerabilities, successfully extracting $4.6 million worth of cryptocurrency from blockchain smart contracts in simulated environments—a stark warning that profitable AI-driven cyberattacks are no longer theoretical.
In a groundbreaking study released by Anthropic researchers, frontier AI models including Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 were tested against 405 smart contracts with known vulnerabilities exploited between 2020 and 2025. The AI agents successfully cracked 207 of these contracts (51%), yielding $550 million in simulated stolen funds.
More concerning, when tested only on contracts exploited after March 2025—preventing any possibility the AI had seen these vulnerabilities during training—the models still exploited 56% of targets, demonstrating genuine problem-solving capabilities rather than memorization.
From Zero to Millions in One Year
The research reveals an alarming acceleration: exploit revenue doubled every 1.3 months over the past year, while the computational cost of developing successful exploits dropped by 70%. What once required extensive human expertise can now be accomplished by AI agents for an average cost of just $1.22 per contract scan.
The study went beyond retrospective testing. Researchers deployed their AI agents against 2,849 recently deployed contracts with no known vulnerabilities. Both Sonnet 4.5 and GPT-5 independently discovered two novel "zero-day" exploits worth $3,694—proving these systems can find completely new vulnerabilities, not just recreate known attacks.
One discovered vulnerability involved a token contract where developers forgot to mark a calculator function as "read-only," inadvertently allowing anyone to inflate their token balance. The AI agent identified this flaw, exploited it to generate $2,500 in profit, and did so autonomously within the test environment.
Implications Beyond Blockchain
While the research focused on smart contracts—programs on blockchains like Ethereum that handle financial transactions—the implications extend to all software. The core skills these AI agents demonstrated—control-flow reasoning, boundary analysis, and iterative problem-solving—apply equally to traditional applications, web services, and enterprise systems.
"The same capabilities that make agents effective at exploiting smart contracts extend to all kinds of software," the researchers warn. As costs continue falling, attackers will deploy AI agents to probe any code along the path to valuable assets, from authentication libraries to deprecated API endpoints.
The researchers emphasize that the same AI capabilities used for exploitation can also strengthen defenses. Their benchmark, SCONE-bench, is being released to help developers stress-test contracts before deployment. However, the rapidly shrinking window between vulnerability introduction and automated exploitation means defenders must adopt AI-powered security tools immediately—not eventually.
All testing was conducted in isolated blockchain simulators with no impact on real-world assets, though one vulnerability was independently exploited by an actual attacker days after the AI discovered it.