Skip to content
D23E Research
A1
Tool-augmented AI agents for validated smart contract exploit generation.

Autonomous Exploit Generation

A1: AI Agent Smart Contract Exploit Generation

AI SecurityBy Arthur Gervais and Liyi Zhou

A1 turns a general-purpose LLM into an end-to-end exploit generator: it gathers on-chain context, writes a concrete proof-of-concept, and validates it by executing on a forked chain state—so you get verified, actionable findings rather than speculation.

Read the paper (arXiv)Media coverage (The Register)

Most security tooling can tell you “this looks suspicious,” but turning suspicion into a working exploit is the hard part. A1 focuses on that end-to-end loop. Instead of producing a long list of unverifiable alerts, it iterates until it has a profitable proof-of-concept that executes against real historical chain state.

  • Validated PoCs, not guesses. A1 writes an exploit contract and runs it in a deterministic, forked execution environment. The feedback loop uses profitability, traces, and revert reasons to refine the strategy.
  • Domain tools for contract reality. The agent is equipped with tools that retrieve verified source (including proxy resolution), recover constructor parameters, snapshot contract state, sanitize code to the essentials, and normalize revenue.
  • Time-to-detect is everything. The paper’s backtesting analysis suggests immediate detection yields far higher “beat the attacker” probability than delayed discovery, highlighting why continuous self-monitoring matters.

Results at a glance

In the evaluation reported in the paper:

  • Tested across 36 real-world vulnerable contracts on Ethereum and BNB Smart Chain.
  • Achieved a 62.96% success rate on the VERITE benchmark (≈63%).
  • Reported up to $8.59M extractable value per successful case ($9.33M total across successful cases).
  • Ran 432 experiments across six LLM backends, with per-run cost from $0.01 to $3.59, depending on model and iteration budget.
  • Backtesting suggests immediate discovery yields 86–89% chance of preempting attackers, dropping to 6–21% with week-long delays.
  • Economic analysis suggests attackers can break even around $6,000 exploit values, while defenders often need roughly $60,000 to justify continuous monitoring.

The takeaway isn’t that agents magically solve security—it’s that validated exploit generation is becoming cheap enough to be operational.

What defenders should do now

If exploit-generation agents become cheaper and more capable, defensive posture has to shift from periodic reviews to continuous verification:

  • Run continuous “assume-breach” scanning on mainnet forks for production deployments (not just on testnets).
  • Reduce worst-case loss with circuit breakers, TVL/rate limits, and time-delayed high-privilege actions.
  • Treat upgrades, new markets, and new collateral as fresh security events—ship with monitoring from day zero.
  • Align incentives: ensure bug bounty caps and response time don’t systematically favor attackers.

References

Want a confidential, adversarial review of your protocol using state-of-the-art tooling and research methods? Email us at [email protected].