The key is to make choices that suit oneself under the premise of understanding risks.

Written by: Liu Jiaolian

The overnight BTC pulled back above 73k. Market sentiment is stagnant.

A warning from a heavyweight figure in the DeFi security field has stirred ripples in the crypto circle.

A few days ago, OpenZeppelin co-founder Manuel Aráoz publicly suggested that investors exit their DeFi positions, including mature protocols like Aave, MakerDAO, and Compound.[1]

He has been working in smart contract security for ten years. His words are at least worth serious consideration.

However, Jiaolian believes that before panic, it is essential to clarify the technical boundaries.

1. Why now

Aráoz's warning did not come out of thin air. It stands on two timelines.

The first timeline is a16z's research. a16z found that AI agents can continuously identify core weaknesses in historical DeFi vulnerabilities.[1] Even if agents cannot independently complete an entire attack process, they can efficiently find the starting point of an attack. In other words, a beginner with AI tools may not be able to write complete attack code but at least knows which direction to work toward.

This is already unsettling.

The second timeline pushes unease into anxiety.

On April 7, 2026, Anthropic released the Claude Mythos Preview.[2] This is not an ordinary model iteration. Mythos did not launch as a publicly accessible preview as before but was directly included in Project Glasswing—a defensive cybersecurity plan involving 12 organizations including AWS, Apple, Google, Microsoft, and CrowdStrike, available by invitation only.[2]

Why such caution?

Because it is said that Mythos’s capabilities have crossed a threshold. On SWE-Bench Pro, Mythos reached 77.8%, while Anthropic's previous strongest model Opus 4.6 was 53.4%, OpenAI's GPT-5.4 was 57.7%, and Google's Gemini 3.1 Pro was 54.2%.[3]

But the real difference is not reflected in benchmark figures. Anthropic's red team found in internal evaluations that Opus 4.6's success rate in autonomously completing attack code was close to 0%. In contrast, Mythos generated 181 operational attack codes on the Firefox 147 JavaScript engine vulnerability, with an additional 29 achieving register control.[3] In internal tests targeting about 1,000 open-source repositories and around 7,000 entry points, Mythos achieved 10 level 5 complete control flow hijacks (the highest level where attackers fully control the program execution flow) on fully patched targets.[3]

Athropic claims that these capabilities are not acquired by training the model to be a hacking model. They emerge from the enhanced downstream capabilities of code, reasoning, and autonomy.[3]

As of now, Mythos reportedly has discovered thousands of high-risk vulnerabilities, covering every mainstream operating system and major browsers. This includes a 27-year-old vulnerability in OpenBSD and a 16-year-old vulnerability in FFmpeg.[2]

On May 26, the European Central Bank convened an emergency bank meeting. Vice President of the ECB Banking Supervision Committee Frank Elderson stated: This is something that can change the game. Time is running out.[4]

When cutting-edge AI models have been proven capable of autonomously discovering and exploiting security vulnerabilities, it is not hard to understand why Aráoz issued a warning at this particular time.

2. What does Aráoz's warning mean

Aráoz's statement was:

Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric. Defenders need to fix every bug while attackers need just one exploit to steal funds.[1]

AI programming agents have reached superhuman levels in finding vulnerabilities. Smart contract security is too asymmetric—defenders must fix every vulnerability while attackers need just one to succeed.

Jiaolian thinks that Aráoz's statement needs to be unpacked.

The first half related to AI capabilities has already been empirically demonstrated by the emergence of Claude Mythos (unless the hype is for inflating the market ahead of this year's listing). AI has indeed reached superhuman levels in vulnerability detection.

The second half regarding asymmetry is actually not a new problem. The information security field has always been asymmetric. Defenders must secure every point while attackers only need to find one. This dilemma did not arise only in the AI era.

However, AI has changed the scale of this asymmetry.

In the past, attackers needed extensive training and accumulated extensive knowledge to discover and exploit a vulnerability. This meant that the cultivation of attacking talent was scarce, expensive, and time-consuming. Defenders could maintain a relative balance through audits, bounty programs, open-source code, and community reviews.

Now, AI has lowered the barriers for attackers. A malicious participant, even without a strong technical security background, might leverage AI tools to find exploitable weaknesses. AI has turned vulnerability discovery from a scarce skill into a purchasable service.

This is what Aráoz truly meant to say. It is not that AI created asymmetry, but that AI accelerated the tilt of the asymmetry scale.

3. Voices of dissent

After Aráoz's suggestion was published, key figures in the DeFi ecosystem quickly responded.

Aave founder Stani Kulechov stated that DeFi infrastructure already has better risk control engines, formal verification, audits, vulnerability bounties, oracle improvements, automated monitoring, and circuit breakers.[1] The remaining attack surfaces mainly focus on Web2-level operational oversights—private key theft, social engineering, and lax access controls. These are not new problems brought by AI.

Uniswap founder Hayden Adams also expressed a different view. Good code remains good code. AI will only accelerate the exposure of weak code and careless development practices.[1]

OpenZeppelin itself pointed out in its response that most recent significant losses stem from operational failures rather than flaws in audited contract code.[1] In April, DeFi lost over 600 million USD due to vulnerabilities, with the largest loss—nearly 300 million USD from Drift Protocol—resulting from a six-month social engineering attack by North Korea's Lazarus group. This has nothing to do with AI.

These rebuttals share a common point: they do not deny AI's capabilities but emphasize that the attack surface of AI differs from the attack surface people imagine. AI excels at discovering vulnerabilities at the code level. However, some of the largest losses in DeFi history stem not from pure code vulnerabilities, but rather from the continuation of Web2 security issues.

This distinction is essential.

4. The negation of the negation

It is worthwhile to look at the arguments from both sides together.

Both sides have points.

The panic faction has seen the correct direction: AI is indeed accelerating the asymmetry in offense and defense. The capabilities exhibited by Mythos indicate that AI can now discover vulnerabilities at the code level that human experts have failed to find for decades. This is not a possibility for the future; it is a reality that has already occurred.

The calm faction sees the correct magnitude: AI's capabilities are confined within a range. The discovery of code-level vulnerabilities does not equate to the inevitable occurrence of financial losses. The historical loss structure of DeFi shows that significant financial losses stem from operational issues rather than pure code-related matters. Additionally, defenders are also upgrading their defenses using the same AI tools.

The real risk may not lie in the argument between the two factions, but in a discreet corner that is easy to overlook: as AI makes detecting code-level vulnerabilities incredibly cheap and automatic, the main battlefield for attackers may shift from code vulnerabilities to automated operational attacks and social engineering. If code vulnerabilities are blocked by AI increasingly quickly, attackers may actually be more inclined to revert to operational issues: AI will make phishing emails, voice cloning, deepfakes, and so on, scalable.

After all, when AI becomes more powerful than humans, won’t the shortest board on the barrel be humanity itself?

5. If exiting DeFi, where to go

Even if we take a thousand steps back and assume Aráoz’s suggestion is correct that investors should indeed exit DeFi, then where should they go, and where can they go?

Should they retreat to stablecoins? But stablecoins themselves are also smart contracts. The contract code of USDT and USDC also has attack surfaces. Not to mention their centralized custody risks and review risks.

Should they retreat to token assets on public chains? Token contracts may also have vulnerabilities, and the underlying public chains carrying tokens, like ETH, can also be attacked or even compromised.

Should they retreat to PoW-protected native BTC? Mythos can uncover a 27-year-old OpenBSD vulnerability and a 16-year-old FFmpeg vulnerability. Even Bitcoin's core code cannot be said to be absolutely without vulnerabilities.

Should they exit crypto entirely and convert everything to fiat to deposit in a bank? The banking system suffers losses in the range of billions of USD due to online fraud each year. In 2023 alone, U.S. banks lost about 26 billion USD due to check fraud. Just less than a week after the news of the European Central Bank convening a meeting due to Mythos came out, the banking system itself is also in anxiety.

Retreating to paper currency, to slash-and-burn agriculture, or...?

Ultimately, absolute security does not exist. All financial systems exist on a spectrum of risk, with different positions, but no one stands at the zero-risk end.

DeFi is indeed closer to the high-risk side of the spectrum. However, it simultaneously offers what traditional finance cannot provide: permissionless, composable, globally accessible, and auditable.

This trade-off must be judged by each participant themselves.

6. A few thoughts from Jiaolian

First, AI is indeed accelerating the asymmetry in offense and defense, but there is no need to panic. AI excels at large-scale scanning of known vulnerability patterns and discovering issues at the code level. Well-designed protocols that have been through multiple audits and have been tested in the market for a long time limit the extra attack surface that AI can uncover. Mythos is powerful, but Anthropic's strategy is to utilize it for defense first, rather than unleashing it for attacks.

Second, the biggest security risk in DeFi currently may not be the code-level attacks brought by AI, but rather traditional operational security issues. Private key management, access controls, social engineering—these have existed long before the AI era, and the urgency will not diminish afterwards. It can even be said that enhancing operational security is a direction for defense upgrades that is lower in cost and more clearly rewarding.

Third, the long-term impact of AI on DeFi security may be positive. It forces the industry to shift from point auditing to continuous monitoring, from passive repairs to proactive defenses, from single-point security to systemic security. Those protocols with robust security standards will be the beneficiaries of this wave of impact. Projects with weak security awareness will be eliminated.

Fourth, for ordinary participants, there is no need to clear out all DeFi positions just because of one warning. However, it is essential to become more cautious. A simple judgment criterion: can the protocol you participate in clearly answer a few questions—has the code been professionally audited? Is there real-time monitoring and circuit breaker mechanisms? Does the team have the capability to respond to security incidents? Does the protocol design limit the destructive radius of single-point failures?

Fifth, technology has never been a one-way threat. Every leap in technology will eliminate a batch of old systems and spawn a batch of new systems. The internet of the 1990s did not perish because of hackers. Credit cards did not disappear because of fraud. DeFi will not collapse because of AI.

The key is not to eliminate all risks—that is impossible. The key, under the premise of understanding risks, is to make choices that suit oneself.

References:

[1] Oluwapelumi Adejumo, "Have AI agents made the entire $148 billion DeFi sector unsafe?", CryptoSlate, May 28, 2026. [Link](https://cryptoslate.com/have-ai-agents-made-the-entire-148-billion-defi-sector-unsafe/)

[2] Anthropic, "Project Glasswing: Securing critical software for the AI era", April 7, 2026. [Link](https://www.anthropic.com/glasswing)

[3] Anthropic Frontier Red Team, "Assessing Claude Mythos Preview’s cybersecurity capabilities", April 7, 2026. [Link](https://red.anthropic.com/2026/mythos-preview/)

[4] Wen Zhou, "Anthropic's new model Claude Mythos shakes the financial world, ECB urgently convenes meeting to upgrade network defense", IT Home, May 26, 2026. [Link](https://www.ithome.com/0/955/090.htm)