A specialized artificial intelligence security agent has successfully detected vulnerabilities in 92% of exploited decentralized finance (DeFi) smart contracts, according to a new open-source benchmark.
This purpose-built AI flagged threats linked to $96.8 million in potential exploit value. In contrast, a general-purpose GPT-5.1-based coding agent detected only 34%, covering $7.5 million.
The study, conducted by AI security firm Cecuro, analyzed 90 real-world smart contracts exploited between October 2024 and early 2026, resulting in verified losses of $228 million.
Cecuro attributes the specialized AI's superior performance to its domain-specific methodology, structured review phases, and DeFi-focused security heuristics layered over a frontier model.
These findings emerge as concerns mount over AI accelerating crypto crime. Previous research indicates AI agents can execute end-to-end exploits on most known vulnerable smart contracts, with exploit capability reportedly doubling rapidly and significantly lowering the barrier to entry for attackers.
Cecuro argues that many teams currently rely on general AI tools or infrequent audits, an approach that may overlook high-value, complex vulnerabilities. Some contracts in the dataset had undergone professional audits before being exploited.
The benchmark dataset and evaluation framework have been open-sourced. Cecuro has withheld its full security agent, citing concerns it could be repurposed for offensive use.