Manuel Aráoz, co-founder of the cybersecurity firm OpenZeppelin, has deemed “the entire DeFi sector” unsafe. According to him, the rapid development of AI agents has created a critical asymmetry between defenders and attackers.
PSA: I now consider *all* of DeFi unsafe.
Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.
— Manuel Aráoz (@maraoz) May 26, 2026
Aráoz mentioned that he personally advised friends and family to close all positions in DeFi protocols. This warning applies even to well-established platforms like Aave, MakerDAO, and Compound.
The expert explained his stance by noting that modern neural networks already surpass humans in finding code vulnerabilities. In such a scenario, smart contract security becomes a losing battle: developers must fix every single bug, while a malicious actor using AI needs only to find one.
The statement comes amid growing concerns about the use of artificial intelligence in Web3. In March, OpenZeppelin introduced OpenZeppelin Skills, a tool for training AI agents to work safely with smart contracts. At the time, the company warned of the risks of incorrect toolchain configuration and errors complicating code auditing and verification.
Increasing risks have also impacted market metrics. The total value locked in the DeFi sector has decreased by 14% since mid-April, from $172 billion to $148 billion.
Earlier in May, Anthropic published the first report on Project Glasswing, a program for finding vulnerabilities using the Claude Mythos model.