# OpenZeppelin Co-Founder Warns AI Has Made “All of DeFi” Unsafe — Experts Split on Response
OpenZeppelin co-founder Manuel Aráoz has dropped a bombshell on the crypto industry, declaring that artificial intelligence has rendered the entire decentralized finance sector fundamentally unsafe and advising users to withdraw their funds from all DeFi protocols — including major platforms like Aave and Compound.
The stark warning, delivered in a series of interviews and social media posts, has sent shockwaves through the crypto security community and reignited a long-simmering debate about whether DeFi’s security model can survive the age of AI-powered attacks.
## “Get Out of DeFi” — Aráoz’s Dire Warning
Aráoz, who co-founded OpenZeppelin — the smart contract auditing firm behind the industry-standard Solidity libraries used by thousands of protocols — didn’t mince words. He stated that AI has become “superhuman” at finding and exploiting vulnerabilities in smart contracts, making it effectively impossible for human auditors to keep pace.
“All of DeFi is unsafe,” Aráoz reportedly said. “The gap between what AI can find and what human auditors can catch is growing exponentially. If you have funds in DeFi protocols, even the most audited ones, you should withdraw them.”
The warning carries particular weight coming from Aráoz, whose firm has audited many of the largest protocols in the space. OpenZeppelin’s smart contract libraries are the most widely adopted security standard in Ethereum development, meaning Aráoz has an insider’s understanding of both the strengths and weaknesses of current security practices.
## The Data Behind the Claim
Aráoz’s warning isn’t coming out of nowhere. The numbers paint a grim picture for DeFi security in 2026:
Over $1 billion has been lost to DeFi exploits so far this year, according to industry trackers. Just this week, a StakeDAO attacker managed to mint 5.4 trillion vsdCRV tokens after compromising a deployer key — though thin liquidity fortunately limited the actual take to $91,000.
Security firms are reporting a sharp increase in AI-assisted attacks. Machine learning models can now automatically scan smart contract bytecode for vulnerabilities, generate exploit code, and even simulate attack vectors at a speed and scale that human auditors cannot match.
On-chain analytics suggest that AI-driven attacks are becoming more sophisticated, with exploiters using generative AI to craft convincing social engineering campaigns alongside technical exploits.
## The Industry Reacts — Divided Opinions
The crypto security community has split into two camps in response to Aráoz’s warning.
**The Pessimists** agree with Aráoz’s assessment. They argue that DeFi’s fundamental security model — which relies on human auditors reviewing code before deployment — is structurally incapable of defending against AI that can scan millions of lines of code in seconds. They point to the accelerating pace of hacks as evidence that the model is already broken.
**The Optimists** counter that AI is a double-edged sword. If AI can find vulnerabilities faster, it can also be used to audit code faster. Several firms are already deploying AI-powered security tools that can identify vulnerabilities before deployment. They argue that the solution is better AI on the defensive side, not abandoning DeFi entirely.
A third camp argues that the real issue isn’t AI but fundamental incentive misalignment. “AI didn’t create the bug — it just found it faster,” one security researcher noted. “The problem is that protocols don’t adequately incentivize responsible disclosure, and AI just accelerates the race between finders and fixers.”
## Market Impact
The immediate market reaction has been muted, with most major DeFi tokens showing only minor declines. Analysts note that similar “DeFi is dead” warnings have been issued periodically since 2022 without causing lasting damage to the sector.
However, the source of this warning makes it harder to dismiss. OpenZeppelin’s libraries underpin a significant portion of the DeFi ecosystem, and Aráoz’s credibility within the developer community is substantial.
Total value locked in DeFi currently stands at approximately $45 billion, down from its 2021 peak of over $180 billion but still representing significant user capital at risk.
## What This Means for DeFi Users
For the average DeFi user, Aráoz’s warning presents a difficult judgment call. While DeFi has always carried smart contract risk, the introduction of AI-powered attackers changes the risk calculus in ways that are hard to quantify.
Security best practices remain the same but are now more critical than ever:
– Use only protocols that have been recently audited by reputable firms
– Diversify across multiple protocols to limit single-point-of-failure risk
– Consider using insurance protocols like Nexus Mutual or Sherlock
– Stay informed about the latest security research and vulnerability disclosures
## FAQ
**Should I withdraw my funds from DeFi right now?**
That depends on your risk tolerance. Aráoz’s warning is serious and comes from a credible source, but DeFi has survived similar existential warnings before. Evaluate your specific protocol’s security posture and make an informed decision.
**Can AI also be used to defend DeFi protocols?**
Yes. Several firms are developing AI-powered security tools for smart contract auditing and on-chain monitoring. The race between AI attackers and AI defenders is ongoing, and it’s not yet clear which side has the advantage.
**Has OpenZeppelin changed its auditing practices in response to AI threats?**
OpenZeppelin has not publicly announced major changes to its audit methodology in response to AI threats, though the firm is known to be investing in AI-powered security tooling internally.
—
*Sources: CoinDesk, Decrypt, OpenZeppelin social channels, The Block, DeFiLlama*
