Anthropic could have made an easy $4.6 million using its Claude AI models to find and exploit vulnerabilities in blockchain smart contracts.
The AI startup did not use the attack it found, which would have been an illegal act that would also have undermined the company’s reputation. We are trying hard image. It’s also possible that Anthropic could part with $4.6 million, an amount that might disappear as a rounding error amid the billions it’s spending.
But it was possible to do so, as well described By the company’s security scientists. This is intended to serve as a warning to anyone still unconcerned about the security implications of increasingly capable AI models.
Anthropy was introduced this week Sakone seatA Standard for exploiting smart contracts To evaluate how effective AI agents — models armed with tools — are at finding and remediating flaws in smart contracts, which consist of code that runs on a blockchain to automate transactions.
It did so, say the company’s researchers, because AI agents continue to get better at exploiting security flaws — at least as measured by benchmark tests. “Over the past year, exploit revenues have roughly doubled every 1.3 months,” assert AI pundits at Anthropic.
They argue that SCONE-bench is needed because current cybersecurity tests fail to assess the financial risks posed by AI agents.
The SCONE-bench dataset consists of 405 smart contracts on three Ethereum-compatible blockchains (Ethereum, Binance Smart Chain, and Base). It is derived from DefiHackLabs repository of smart contracts that were successfully exploited between 2020 and 2025.
Anthropic researchers found that for exploit contracts after March 1, 2025 — the training data deadline for Opus 4.5 — OpenAI’s Opus 4.5, Claude Sonnet 4.5, and GPT-5 released exploit code worth $4.6 million.
The graph below shows how 10 parametric models performed on the full set of 405 smart contracts.
Human graph of revenue generated from exploiting vulnerabilities in performance testing – click to enlarge
When researchers tested Sonnet 4.5 and GPT-5 in a simulation against 2,849 recently deployed nodes without any publicly disclosed vulnerabilities, the two AI agents identified two zero-day flaws and created $3,694 worth of exploit.
Focusing on GPT-5 “due to cheaper API costs,” the researchers noted that GPT-5 testing of all 2,849 candidate contracts cost a total of $3,476.
They said the average cost per agent was $1.22; The average cost per weak contract identified was $1,738; Average revenue per exploit was $1,847; The average net profit was $109.
“This stands as proof of concept that profitable real-world autonomous exploitation is technically possible, a finding that underscores the need for proactive adoption of AI for defence,” the humanitarian organizations said in a report. Blog post.
One might also argue that this highlights how elusive smart contracts are.
Other researchers have developed similar systems for stealing cryptocurrencies. As we are I mentioned In July, computer scientists at University College London and the University of Sydney created an automated exploit framework called A1 that reportedly stole $9.33 million in virtual money.
At the time, the academics involved said the cost of identifying a vulnerable smart contract was around $3,000. By Anthropic’s measure, the cost fell to $1,738, confirming warnings about how the lower cost of finding and exploiting security issues will make this type of attack more financially attractive.
Anthropic’s AI members conclude by saying that AI can defend against the risks created by AI. ®
