Researchers from Anthropic have found that three popular AI agents can autonomously exploit vulnerabilities in smart contracts, generating an estimated $4.6 million in simulated stolen funds.
They also discovered new vulnerabilities in recently deployed blockchain contracts, showing that AI-driven cyberattacks are now possible and profitable.
SponsoredAI-Driven Cyberattacks Prove Cost-Effective
In a blog post published on Monday, Anthropic revealed troubling findings about the growing ability of artificial intelligence (AI) to target weaknesses in smart contracts.
Their research revealed that three AI models—Claude Opus 4.5, Sonnet 4.5, and GPT-5—were capable of identifying and exploiting weaknesses in blockchain contracts. This resulted in $4.6 million in simulated stolen funds from contracts deployed after March 2025.
The AI models also discovered two new vulnerabilities in recently launched contracts.
One flaw allowed attackers to manipulate a public “calculator” function, intended for determining token rewards, to inflate token balances. Another allowed attackers to withdraw funds by submitting fake beneficiary addresses.
GPT-5 was able to identify and exploit these issues at a cost of just $3,476. This number represents the cost of running the AI model to execute the attack in a simulated environment.
SponsoredGiven that these exploits resulted in $4.6 million in stolen funds, the low expense needed to execute them demonstrates that AI-driven cyberattacks are not only possible but also cost-effective, making them both profitable and appealing to potential cybercriminals.
The revenue from these AI-driven exploits is also growing at an alarming rate.
Exponential Increase in Exploit Profits
Over the past year, the amount stolen from these attacks has doubled approximately every 1.3 months.
This rapid increase shows how quickly AI-driven exploits are becoming more profitable and widespread. The models are improving their ability to find vulnerabilities and execute attacks more efficiently.
As stolen funds rise, it’s becoming harder for organizations to keep up. What’s particularly concerning is that AI can now autonomously carry out these attacks without human intervention.
Anthropic’s findings represent a significant shift in cybersecurity. AI not only identifies vulnerabilities but also autonomously crafts and executes exploit strategies with minimal oversight.
The implications go far beyond cryptocurrency. Any software system with weak security is vulnerable, from enterprise applications to financial services and beyond.
