As hacks pile up and DeFi TVL falls fast, OpenZeppelin co-founder and former CTO Manuel Aráoz says AI coding agents have made smart contracts fatally vulnerable.Updated May 27, 2026, 8:19 p.m. Published May 27, 2026, 8:51 a.m. 2 min readMake preferred on CORRECTION (May 27, 3:51 pm ET): Corrects headline and story throughout to say Manuel Aráoz is a former CTO and co-founder of OpenZeppelin who departed in 2019. An earlier version of the article incorrectly identified Aráoz as the company's CEO. Former OpenZeppelin CTO and co-founder Manuel Aráoz said he now considers "all" of decentralized finance (DeFi) unsafe because coding agents have become "superhuman" at finding vulnerabilities in a post on X on Wednesday.The warning from Aráoz, who left OpenZeppelin in 2019, comes as DeFi's total value locked has dropped by over $20 billion since the start of the year, according to DeFiLlama data. While some of that reflects broader crypto price weakness, the sector has also been battered by a steady stream of exploits that continue to test confidence in onchain finance.PSA: I now consider *all* of DeFi unsafe.Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.— Manuel Aráoz (@maraoz) May 26, 2026 However, OpenZeppelin has pushed back on Aráoz's post. "Aráoz's views do not represent OpenZeppelin's current position. The company, led by co-founder and CEO Demian Brener, has reaffirmed its commitment to securing onchain finance, arguing that the answer to AI-driven risk is continuous, AI-augmented security rather than retreat from DeFi," according to a statement from OpenZeppelin's spokesperson. DefiLlama data shows that more than $1.1 billion has been lost to DeFi hacks over the past 365 days, including April's $292 million Kelp DAO exploit, which exposed how vulnerabilities in cross-chain infrastructure can quickly spill into the broader ecosystem. Solana-based Step Finance, meanwhile, shut down earlier this year after a $27 million exploit left the project unable to recover.Araoz's comments also come as Anthropic has warned that its restricted Claude Mythos AI model can autonomously discover software vulnerabilities and develop working exploits at a level the company says surpasses existing automated tools.That raises uncomfortable questions for DeFi, whose core security model was designed around human attackers operating at human speed.DeFi's transparency, long marketed as a strength, could become a liability if machine systems can scan publicly available smart contract code, identify weaknesses and weaponize them faster than defenders can patch them.More For YouThe new earn product lets users generate BTC-denominated rewards through DeFi strategies while keeping exposure to bitcoin’s price.What to know: Kraken launched Bitcoin Vault, a new product within Kraken Earn aimed at long-term bitcoin holders seeking passive yield. The product is powered by Veda and operated by Sentora, with funds deployed across DeFi protocols including Aave and Morpho. The crypto platform's broader DeFi Earn offering has grown to more than...Read full story