A recent study has highlighted the effectiveness of a specialized AI security agent in identifying vulnerabilities within decentralized finance (DeFi) smart contracts. Conducted by the AI security firm Cecuro, the research found that this purpose-built system detected vulnerabilities in 92% of exploited contracts, significantly outperforming general-purpose AI models.
The study, released on February 20, 2026, evaluated 90 real-world smart contracts that were exploited between October 2024 and early 2026, resulting in verified losses totaling $228 million. The specialized AI flagged vulnerabilities associated with $96.8 million in potential exploit value. In contrast, a baseline GPT-5.1-based coding agent only managed to detect 34% of vulnerabilities, covering a mere $7.5 million.
Both AI systems operated on the same foundational model, but the key distinction lay in their application layers. The specialized agent utilized domain-specific methodologies, structured review phases, and security heuristics tailored for DeFi, enhancing its detection capabilities.
This research emerges amid escalating concerns regarding the role of AI in facilitating crypto-related crimes. Additional studies by Anthropic and OpenAI have indicated that AI agents can now conduct end-to-end exploits on many known vulnerable smart contracts. The frequency of such exploit capabilities is reportedly doubling approximately every 1.3 months, with the average cost of an AI-driven exploit attempt estimated at just $1.22 per contract. This reduction in cost has lowered the barriers for large-scale vulnerability scanning.
Previous reports have noted that malicious actors, including state-sponsored groups like North Korea, are increasingly leveraging AI to enhance their hacking operations. This trend underscores a growing disparity between offensive and defensive cybersecurity capabilities.
Cecuro’s findings suggest that many development teams continue to rely on general-purpose AI tools or isolated audits for security assessments. However, the benchmark indicates that these methods may overlook critical, high-value vulnerabilities, as evidenced by several contracts in the study that had previously undergone professional audits before being exploited.
The benchmark dataset, along with the evaluation framework and baseline agent, has been made available as open-source on GitHub. However, Cecuro has opted not to release its complete security agent, citing concerns that similar tools could be misused for malicious purposes.
A new study reveals that a specialized AI security agent is significantly more effective at detecting vulnerabilities in DeFi smart contracts compared to general-purpose models. This research underscores the growing challenges in cybersecurity as AI's role in facilitating crypto crime expands.