A study from MATS and Anthropic puts a sharper point on a growing cybersecurity question: how capable are advanced AI models at finding and using smart contract vulnerabilities? In controlled tests, models including Claude Opus 4.5, Sonnet 4.5, and GPT-5 were able to identify weaknesses and turn them into simulated exploits.
The work does not describe live attacks. All experiments were run in isolated sandbox environments. But the results still matter because they show how quickly AI agents can move from analysis to exploit behavior when given the right task and test setting.
What the study tested
The researchers used SCONE-bench, a benchmark built around 405 real smart contract exploits from 2020 to 2025. That detail is important: the tests were not based only on imagined examples or toy problems. They used real exploit cases as the basis for measuring model behavior.
In that benchmark, advanced models produced simulated damage of up to 4.6 million dollars. The number reflects what happened inside the controlled setup, not confirmed losses in the outside world. Still, it gives a concrete measure of the scale these systems could represent when they successfully identify a vulnerability.
The models named in the source were Claude Opus 4.5, Sonnet 4.5, and GPT-5. The study’s central finding is not simply that these systems can read smart contract code. It is that they can spot vulnerabilities and exploit them in a structured test environment.
A second test found new vulnerabilities
The study also included a separate experiment in which AI agents reviewed 2,849 new contracts. In that setting, the agents uncovered two previously unknown vulnerabilities.
This part of the study is especially relevant because it moves beyond replaying known exploit patterns. Finding vulnerabilities in new contracts suggests that the same general capability can apply to material that was not already part of the benchmark’s historical set.
The source also gives a narrow cost-and-revenue snapshot for one model. GPT-5 generated simulated revenue of 3,694 dollars at an estimated API cost of about 3,476 dollars. That came out to an average net gain of 109 dollars per exploit.
Those figures should be read carefully. They come from a simulated experiment, not a live financial outcome. But they show why researchers are paying attention to the economics of AI-assisted vulnerability discovery, not just the technical possibility.
Why sandbox results still matter
Because all experiments were run in isolated sandbox environments, the study avoids claiming that these models caused real-world damage. That boundary is important. A sandbox lets researchers test risky behavior without exposing actual systems to the same process.
At the same time, sandboxed results can still reveal capability. If a model can identify a weakness, plan an exploit, and produce simulated revenue under controlled conditions, defenders have reason to study the same workflow before it appears in less controlled settings.
The study therefore points in two directions at once:
- Risk: Advanced AI models can help discover and use smart contract vulnerabilities in controlled tests.
- Defense: The same ability could support tools that find weaknesses before they are exploited.
- Measurement: Benchmarks such as SCONE-bench give researchers a way to compare how models behave across real exploit cases.
This dual-use character is the core issue. The source says the researchers believe the findings point to real security risks, while also showing how the same models could help build stronger defensive tools.
What it means for smart contract security
The study reinforces that smart contract security is no longer only a matter of human review and traditional tooling. AI agents can now participate in the process, at least in controlled environments, and their performance can be measured against real exploit histories.
For defenders, the constructive use case is clear from the source: models that can find vulnerabilities may also help strengthen defensive tools. If an AI system can identify risky code paths in a sandbox, similar techniques may help teams inspect contracts before they become targets.
For risk assessment, the simulated financial results add another layer. The benchmark produced simulated damage of up to 4.6 million dollars, while the separate experiment showed GPT-5 producing simulated revenue above its estimated API cost. Those numbers do not prove that real-world exploitation would be profitable in the same way, but they do show why the cost of running AI agents is part of the security conversation.
The most grounded takeaway is simple: MATS and Anthropic found that leading AI models can uncover and exploit smart contract vulnerabilities in controlled tests, including cases based on 405 real smart contract exploits from 2020 to 2025 and new-contract reviews involving 2,849 contracts. That makes AI a serious subject for both offensive-risk research and defensive security development.