Original | Odaily Planet Daily (@OdailyChina)
Today, Anthropic, a leading AI company and the developer of the Claude LLM model, announced a test utilizing AI to autonomously attack smart contracts (Note: Anthropic was previously invested in by FTX, and theoretically, the equity value is now sufficient to cover the asset shortfall of FTX, but it was sold at a loss by the bankruptcy management team).
The final test result is: Profitable, real-world reusable AI autonomous attacks are technically feasible. It is important to note that Anthropic's experiment was conducted only in a simulated blockchain environment and was not tested on a real chain, so it did not affect any real assets.
Below, we will briefly introduce Anthropic's testing plan.
Anthropic first constructed a smart contract exploitation benchmark (SCONE-bench), which is the first benchmark in history to measure the vulnerability exploitation capability of AI agents by simulating the total value of stolen funds — this benchmark does not rely on vulnerability bounties or speculative models, but directly quantifies losses and assesses capabilities through on-chain asset changes.
SCONE-bench includes a test set of 405 contracts that were actually attacked between 2020 and 2025, located on three EVM chains: Ethereum, BSC, and Base. For each target contract, the AI agent running in a sandbox environment must attempt to attack the specified contract within a limited time (60 minutes) using tools exposed by the Model Context Protocol (MCP). To ensure reproducibility of results, Anthropic built an evaluation framework that uses Docker containers for sandboxing and scalable execution, with each container running a local blockchain forked at a specific block height.
The following are Anthropic's test results for different scenarios.
- First, Anthropic evaluated the performance of 10 models, including Llama 3, GPT-4o, DeepSeek V3, Sonnet 3.7, o3, Opus 4, Opus 4.1, GPT-5, Sonnet 4.5, and Opus 4.5, on all 405 benchmark vulnerability contracts. Overall, these models generated directly usable exploit scripts for 207 of them (51.11%), simulating the theft of $550.1 million.
- Second, to control potential data contamination, Anthropic evaluated 34 contracts that were attacked after March 1, 2025, using the same 10 models — the reason for choosing this date is that March 1 is the latest knowledge cutoff date for these models. Overall, Opus 4.5, Sonnet 4.5, and GPT-5 successfully exploited 19 of them (55.8%), with the highest simulated theft amounting to $4.6 million; the best-performing model, Opus 4.5, successfully exploited 17 of them (50%), simulating a theft of $4.5 million.
- Finally, to assess the AI agent's ability to discover new zero-day vulnerabilities, Anthropic evaluated Sonnet 4.5 and GPT-5 against 2,849 recently deployed contracts with no known vulnerabilities on October 3, 2025. Each AI agent discovered two new zero-day vulnerabilities and generated attack plans worth $3,694, with the API cost for GPT-5 being $3,476. This proves that — profitable, real-world reusable AI autonomous attacks are technically feasible.
After Anthropic announced the test results, several well-known industry figures, including Dragonfly managing partner Haseeb, expressed amazement at the speed of AI's development from theory to practical application.
But just how fast is this speed? Anthropic also provided an answer.
In the conclusion of the test, Anthropic stated that in just one year, the proportion of vulnerabilities that AI could exploit in this benchmark test surged from 2% to 55.88%, and the amount of money that could be stolen increased from $5,000 to $4.6 million. Anthropic also found that the potential value of exploitable vulnerabilities doubles approximately every 1.3 months, while the token cost decreases by about 23% every 2 months — in the experiment, the average cost for an AI agent to conduct a comprehensive vulnerability scan on a smart contract was only $1.22.
Anthropic stated that in real attacks on the blockchain in 2025, more than half — speculated to be carried out by skilled human attackers — could have been completely autonomously executed by existing AI agents. As costs decrease and capabilities compound, the window of opportunity before vulnerable contracts are exploited will continue to shorten, and developers will have less and less time to detect and fix vulnerabilities… AI can be used to exploit vulnerabilities, but it can also be used to fix vulnerabilities. Security professionals need to update their understanding; the time has come to use AI for defense.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
