Introduction
We used to joke that AI would come for the poets and artists first, leaving the hard engineering problems for last. We were wrong. While we were busy debating the ethics of AI art, the models were quietly learning to break into bank vaults. Well, not physical vaults. Digital ones.
Anthropic recently released a paper that acts less like a research report and more like a wake-up call for anyone paying attention to AI cyber security risks. The headline figures are staggering. In a controlled simulation, agents powered by models like Claude Opus 4.5 and GPT-5 didn’t just write code; they successfully identified and exploited over $4.6 million in potential crypto assets. They didn’t do this with a human holding their hand. They did it autonomously.
This isn’t just a story about cryptocurrency or magic internet money. It represents a fundamental phase shift in the digital landscape. We are moving from an era where hacking required deep, specialized human expertise to an era where AI cyber security risks are scalable, automated, and terrifyingly cheap. The cost of offense is plummeting, and defense is scrambling to catch up.
Here is the breakdown of what happened, how they did it, and why your mental model of software security needs to update immediately.
Table of Contents
1. Inside the SCONE-Bench: How AI Agents “Learned” to Steal
To understand the magnitude of this shift, you have to look at the methodology. The researchers didn’t just ask the AI to “find bugs.” They built a gymnasium for digital burglars.
They introduced SCONE-bench (Smart CONtracts Exploitation benchmark). This dataset consists of 405 real-world historical exploits from 2020 to 2025. These aren’t theoretical exercises. These are contracts that actually lost money on Ethereum, Binance Smart Chain, and Base.
The setup was rigorous. They placed the AI agents crypto capabilities to the test by giving them tools. Real tools. The agents had access to:
- A sandboxed environment (Docker containers).
- A local fork of the blockchain (a simulation of the real thing).
- Standard developer tools like Foundry and Python.
- A code editor to write and refine their attack scripts.
The AI was given a simple goal: increase your balance.
The results were chilling. The agents demonstrated what we call “agentic behavior“. They didn’t just guess. They explored. They wrote code, ran it against the simulator, saw the error message, fixed the code, and ran it again. This iterative loop is the core of the new AI cyber security risks we face. The agents are no longer just predicting the next token; they are reasoning through complex logic puzzles where the prize is millions of dollars.
This moves us beyond the realm of “script kiddies” into the realm of automated, tireless expert hackers. The AI cyber security risks here aren’t that the AI is smarter than the smartest human hacker (yet). It’s that the AI never sleeps, never gets tired, and can spin up a thousand instances of itself to attack a thousand different targets simultaneously.
2. The $1.22 Heist: The Economics of Automated Penetration Testing
The most terrifying number in the entire report isn’t the $4.6 million stolen. It is $1.22. That is the average cost for the GPT-5 agent to scan a contract, analyze the bytecode, reasoning through the logic, and attempt an exploit. Let that sink in.
In the traditional world of automated penetration testing, you pay a firm tens of thousands of dollars to have human experts look at your code for a few weeks. In the new world of generative ai cyber security, an attacker can run a sophisticated, agentic scan on your software for less than the price of a cup of coffee.
The researchers ran a massive experiment. They unleashed these agents on 2,849 recently deployed smart contracts. These were “live” contracts, not historical data. To be clear, they did this in a simulation, they didn’t steal real money, but they found zero-day exploits.
The agents found vulnerabilities in contracts that no one knew were broken. The total cost to find a contract vulnerable to a specific type of attack was roughly $1,738. This changes the economics of cybercrime entirely.
If you can spend $1,700 in compute to find an exploit that yields $100,000, you have a money-printing machine. This arbitrage is the driving force behind the escalating AI cyber security risks. As token costs drop, and they are dropping by about 70% every six months, the profit margin for automated hacking widens.
AI Cyber Security Risks: Model Exploitation Revenue
| LLM Model | Approximate Release Date | Total Revenue from Exploitation (USD) |
|---|---|---|
| DeepSeek V3 | Early 2025 | $5,000 |
| Sonnet 3.7 | ~March 2025 | $84,000 |
| o3 | ~April 2025 | $96,000 |
| Opus 4 | ~May 2025 | $965,000 |
| Opus 4.1 | ~August 2025 | $833,000 |
| GPT-5 | ~August 2025 | $2,100,000 |
| Sonnet 4.5 | ~October 2025 | $918,000 |
| Opus 4.5 | ~November 2025 | $4,500,000 |
You can see the trendline. The revenue potential is tracking closely with model intelligence. As we move from GPT-5 to whatever comes next, the AI cyber security risks will not grow linearly. They will grow exponentially.
3. Smart Contract Audits: The First Industry to be Disrupted
If you are working in the smart contract audit space, this report should make you sweat. Historically, smart contract security relied on “security by scarcity.” There were only so many skilled auditors in the world. They were expensive. They were slow. You booked them months in advance. Because of this bottleneck, many projects launched with unverified code, hoping for the best.
The AI cyber security risks introduced by autonomous agents flip this on its head. The audit industry is about to be industrialized.
The old way involved humans staring at Solidity code, trying to keep the entire state machine in their head to spot logic errors. The new way involves AI cyber security tools that act as infinite interns. They can read every line of code, simulate every possible state transition, and fuzz every input parameter until the contract breaks.
Why is this industry the first to fall? Because smart contracts are uniquely vulnerable.
- Open Source: The bytecode is public on the blockchain. The AI doesn’t need to break into a server to see the code.
- Immutable: You can’t just push a hotfix. Once the contract is deployed, the bugs are permanent.
- Direct Financial Value: A bug in a web app might leak data. A bug in a smart contract leaks money.
The AI cyber security risks here are acute because the feedback loop is immediate. The moment an AI finds a bug, it can execute a transaction to drain the funds. There is no “responsible disclosure” period when the attacker is a bot optimizing for profit.
For developers, this means the smart contract audit is no longer a luxury. It is a survival requirement. And ironically, the only way to afford a rigorous audit will be to use the same AI agents that are trying to rob you.
4. Zero-Day Exploits: Proof This Isn’t Just Hype
I know what you are thinking. I can hear the Reddit comments already. “This is just overfitting. The AI has seen these hacks in its training data. It’s just memorizing.” That was my first thought too. But the Anthropic study anticipated this skepticism.
They tested the agents on “Zero-Day” exploits, vulnerabilities in contracts deployed after the model’s knowledge cutoff. The agents had never seen these specific bugs before. They had never seen the code.
One specific example from the report highlights the sophistication of these AI cyber security risks. The agents found an “unprotected read-only function” in a live contract.
Here is the technical breakdown: The developer created a function to calculate rewards. It was meant to be a “view” function, just looking at data, not changing it. But the developer forgot the view modifier. And crucially, the function actually updated the state variables when called.
It is like a bank having an “Inquiry” button on the ATM that inadvertently adds $10 to your account every time you press it.
The AI agent didn’t just spot the missing keyword. It understood the implication. It realized it could call this function repeatedly to inflate its own balance and then drain the liquidity pool. It wrote a script to loop the call, optimize the gas fees, and extract the maximum value.
This wasn’t a syntax error. It was a logic error. The code compiled perfectly. The intent was wrong. The ability of AI to reason about intent vs implementation is what elevates the AI cyber security risks to a new level.
5. Are Bitcoin and Your Crypto Wallet Safe? (Addressing Community Fears)
Before you panic and sell all your digital assets, we need to make a distinction. There is a massive difference between the Bitcoin protocol and a random DeFi protocol you found on Twitter. The AI cyber security risks discussed here primarily target smart contracts, the programmable applications built on top of blockchains.
Bitcoin, in its base layer, is relatively simple code. It has been battle-tested for 15 years. It doesn’t have the complex, Turing-complete surface area that these AI agents exploit. Holding Bitcoin in a cold wallet is still effectively safe from these specific attacks.
The danger lies in “DeFi” (Decentralized Finance). When you deposit your crypto into a yield farm, a bridge, or a lending protocol, you are handing custody of your assets to a piece of software. That software is what the AI is attacking.
The problem is immutability. In traditional software, if Microsoft finds a bug in Windows, they push an update Tuesday night. You reboot, and you are safe. In crypto, if an AI finds a bug in a smart contract, that contract is often unchangeable. The funds are sitting ducks.
This immutability amplifies the AI cyber security risks. The attacker has infinite attempts. The defender has to be right 100% of the time, forever. And now, the attacker can try millions of times per second for pennies.
6. The Defensive Shield: Turning the Weapon Around
Is it all doom and gloom? No. The same sword can be used as a shield. The rise of AI cyber security risks necessitates the rise of AI cyber security tools. We are entering an arms race. A strictly human security team is now obsolete. You cannot manually review code fast enough to beat an AI that costs $1.22 per run.
Developers must use these same agents for automated penetration testing before they deploy. This is the new standard workflow:
- Write code.
- Pass code to a specialized “Red Team” AI agent.
- The agent tries to hack the code for 24 hours.
- If the agent fails to steal the imaginary money, only then do you deploy.
We are seeing a boom in companies integrating generative ai cyber security directly into the CI/CD pipeline. The goal is to make the cost of finding a bug lower for the defender than it is for the attacker.
Currently, the attackers have the advantage. They only need to find one hole. Defenders need to plug them all. But AI agents can be incredibly thorough defenders. They can generate thousands of unit tests, explore edge cases humans would miss, and mathematically prove certain properties of the code.
The future of security isn’t human vs. AI. It is AI vs. AI, with humans acting as the referees and architects.
AI Cyber Security Risks: Cost Analysis
| Metric | Value (GPT-5 Agent) |
|---|---|
| Cost per Agent Run | $1.22 |
| Cost to Scan 2,849 Contracts | $3,476 |
| Cost per Vulnerable Contract Identified | $1,738 |
| Average Revenue per Exploit | $1,847 |
| Net Profit (Simulated) | $109 |
This table shows a thin margin today. But as models get cheaper, that Net Profit number will grow, increasing the incentive for attackers and the AI cyber security risks for everyone else.
7. Conclusion: The Era of “Security by Obscurity” is Dead
We have relied on “security by obscurity” for too long. We assumed that because our code was complex, or boring, or deeply nested, no one would bother to look for the bugs.
That era is over. The AI cyber security risks we face today mean that everything will be looked at. Every line of open-source code, every public API endpoint, every smart contract will be scanned by an alien intelligence that never sleeps and works for fractions of a cent.
The Anthropic report shows us that the floor for autonomous theft is at least $4.6 million. That is just the starting line. As inference costs drop and model reasoning improves, the ceiling is limitless.
If you are building software today, you cannot ignore this. You can no longer rely on the fact that you are “too small to hack.” To an AI agent, you aren’t small. You are just another dataset. Another puzzle. Another potential reward.
The only way to survive the rising tide of AI cyber security risks is to adopt the tools of the enemy. We must build immune systems that are just as fast, just as smart, and just as tireless as the viruses attacking them. The $4.6 million warning shot has been fired. It is time to audit your code before something else does.
Next Step: Would you like me to analyze the specific defensive coding patterns or “Red Teaming” prompts that developers can use to protect their smart contracts against these AI agents?
Will AI be able to do cyber security and hacking autonomously?
Yes, the recent Anthropic study confirms this is already happening. AI agents powered by models like Claude Opus 4.5 and GPT-5 autonomously identified and executed exploits worth $4.6 million in a controlled simulation. More alarmingly, they discovered “zero-day” vulnerabilities in live, deployed contracts without any human guidance, proving that the era of autonomous hacking has arrived.
What is a smart contract audit and why did AI target it?
A smart contract audit is a rigorous security review of code that runs on a blockchain. AI researchers targeted this field because smart contracts are public, immutable, and hold direct financial value, making them the perfect “gymnasium” for training AI cyber security tools. Unlike traditional software where bugs might just cause errors, bugs in smart contracts allow for immediate, quantifiable financial theft, providing a clear metric for the AI’s offensive capabilities.
Does this mean Bitcoin and other crypto assets are unsafe?
Not necessarily. The risks highlighted in this study primarily apply to “DeFi” (Decentralized Finance) smart contracts on blockchains like Ethereum, which involve complex, programmable code. Bitcoin’s base layer uses a simpler, more rigid structure that is less susceptible to these specific types of logic-based attacks. However, any programmable asset held in a complex smart contract is now at higher risk of being targeted by automated agents.
How is AI used in cyber security for defense against these agents?
The industry is shifting toward “AI vs. AI” security. The same agentic capabilities used to steal funds are being repurposed for defense. Developers can now use “Red Team” AI agents to relentlessly attack their own code in a simulation before deployment. This form of automated penetration testing allows defenders to identify and patch vulnerabilities at a speed and scale that human auditors cannot match, effectively using the weapon as a shield.
Is the $4.6M figure real or just a simulation?
The $4.6 million figure represents the potential value of the exploits found by the agents in the study. While the agents were tested in a simulator (to avoid actual theft), the vulnerabilities they found were in real, historical contracts. Furthermore, in a separate test on live contracts, the agents successfully identified two novel “zero-day” exploits worth approximately $3,700, proving that their capability to find and exploit profitable bugs in the real world is genuine.