AI Agents Outperform Humans in Smart Contract Auditing, But Challenges Remain

The article explores the state of AI-powered smart contract auditing, highlighting recent developments in the EVMbench benchmark and a breakthrough discovery by Anatomist Security's AI agent.

Details

The article discusses three key events that have shaped the state of AI-powered smart contract auditing as of March 2026. First, the launch of the EVMbench benchmark by OpenAI and Paradigm, which evaluates AI agents' ability to detect, patch, and exploit vulnerabilities in smart contracts. The benchmark revealed that GPT-5.3-Codex outperformed previous models in the exploit mode, successfully exploiting 71% of vulnerabilities. However, the agent struggled with detection and patching, missing more than half of known vulnerabilities and failing to fix most of the ones it found. Next, the article discusses BlockSec's re-evaluation of EVMbench, which raised concerns about the benchmark's methodology. BlockSec found that the exploit mode was biased by the scaffold design, which provided agents with deployment scripts, contract ABIs, and partial proof-of-concept code. This essentially turned the exploit task into a coding exercise rather than a true auditing challenge. However, BlockSec confirmed that AI agents, such as Claude Opus 4.6, do have real detection capabilities, identifying a significant number of real-world vulnerabilities without the scaffold assistance. Finally, the article highlights the breakthrough by Anatomist Security's AI agent, which autonomously discovered a critical vulnerability in the Solana blockchain itself, earning a $400,000 bounty - the largest ever awarded to an AI. This is a significant achievement, as the agent was not given a curated vulnerability to exploit in a sandbox, but rather found a real-world bug that human researchers had missed.