In a groundbreaking move to fortify the increasingly vulnerable world of decentralized finance (DeFi), OpenAI, in partnership with crypto venture capital firm Paradigm, has officially launched EVMbench – a high-stakes digital arena where advanced AI agents are pitted against each other, acting as both relentless attackers and vigilant defenders of smart contracts.
The initiative aims to push the boundaries of AI capabilities in identifying, patching, and exploiting critical vulnerabilities, focusing specifically on high-stakes Ethereum contract bugs.
OpenAI Introduces EVMBench
The motivation behind EVMBench is the growing financial risk of potential smart contract security failures, as they routinely secure over $100 billion in crypto assets.
Recently, DeFi lending platform Moonwell Protocol suffered a major exploit due to a bug in AI-generated code, resulting in approximately $2.7 million in losses. The vulnerability stemmed from a misconfigured oracle in a governance proposal that undervalued the Coinbase Wrapped ETH (cbETH) token at around $1 instead of its true price of around $2,200. This triggered mass liquidations by bots, leaving Moonwell with significant bad debt across Base and Optimism networks.
The faulty oracle code was reportedly generated using Anthropic’s Claude Opus 4.6 model, marking an early case of AI-generated DeFi risks despite the code passing the Halborn audit.
This event, alongside other high-profile exploits in late 2025, underscored a critical security gap: as AI’s role in code generation increases, it demands an equally sophisticated, AI-driven defense mechanism to prevent catastrophic financial leaks.
Dr. Anya Sharma, lead researcher at OpenAI’s blockchain security division, noted that the rise of AI-assisted code generation in smart contracts introduces a significant asymmetric risk. While AI can rapidly write complex contracts, the same power can be leveraged for malicious exploits. EVMbench serves as an answer to this dilemma by providing a dedicated platform to train and test AI in an adversarial environment that mirrors real-world threats.
In their release, the company said EVMBench draws on 120 curated vulnerabilities collected from 40 professional smart contract audits done by Code4rena and the security team at the layer-1 blockchain Tempo. The program is designed to rigorously test AI agents’ coding abilities across three distinct yet interconnected roles that reflect the full spectrum of blockchain-related security challenges.
In “Detect” mode, the agent is tasked to act as an auditor to scan smart contract repositories and identify existing vulnerabilities. Its performance is measured by its ability to uncover “ground-truth” bugs previously confirmed by human experts. Then comes the “Patch” mode, where an agent posing as a developer must rewrite the vulnerable code to fix a detected bug while ensuring the patch does not introduce new flaws or alter the contract’s intended functionality. Finally, in “Exploit” mode, the agent simulates a malicious actor within a sandboxed blockchain environment, attempting to drain the funds to highlight potential pathways for real-world theft.
NoOpenAI noted that EVMBench exploit tasks will run in an isolated local Anvil environment instead of a live blockchain.
Researchers Concerned by AI Agents’ Proficiency in Attack
The initial findings from EVMBench have provided both promising insights and concerning revelations about the current state of AI. For instance, Claude Opus 4.6 has shown strength in detection, yet researchers found that agents often cease their search after finding a single bug, missing other critical vulnerabilities within the same file. Even more alarming is the proficiency agents show in attacking compared to defending. GPT-5.3-Codex achieved a remarkable 72.2% success rate in exploit mode, proving that it is currently much easier for AI to break a system than to fix one.
This superior performance in exploitation is particularly striking because it offers a clear, singular objective: drain the money. Patching, however, remains the hardest task because it requires a nuanced understanding of the contract’s entire purpose and the cascading effects of code changes. Agents frequently fix an identified bug only to inadvertently introduce regressions that break other critical functionalities of the contract.
Beyond the public EVMBench, OpenAI has also expanded the private beta of Aardvark, an autonomous “white-hat” security research agent. Aardvark operates in a continuous loop, monitoring code commits in real-time, hypothesizing potential attack vectors, and verifying these vulnerabilities in a secure sandbox. It even goes as far as generating pull requests with proposed fixes without human intervention.
EVMBench marks a pivotal moment in blockchain security, fostering an adversarial arms race to ensure that defenders evolve faster than attackers in the future of decentralized finance.
