Share article

AI is supposed to make software safer. Yet crypto keeps donating fresh exploit headlines to the internet, like it is a recurring subscription. So, sure, let's try the obvious next step: measure whether AI can actually catch Ethereum$1,686.33 smart contract bugs before attackers do.
OpenAI has debuted EVMbench, a new benchmark designed to test how well AI systems can audit smart contracts that run on the Ethereum$1,686.33 Virtual Machine (EVM). The pitch is simple and overdue: if the industry is going to lean on AI for contract reviews, it needs a standardized way to evaluate performance, not vibes.

Market context was broadly risk-on at the time the news circulated, with Bitcoin$62,592.54 around $66,369 (up about 2.1%) and Ethereum$1,686.33 near $1,954 (up about 2.1%), per the pricing snapshot carried alongside the report. Prices move, bugs do not care.

Morning Minute: Harvard Reportedly Sells Bitcoin and Shifts Into Ethereum

Enjoy articles without ads?

Register for free and get unlimited access to all articles.

What OpenAI is shipping with EVMbench (and what it is not)

At a high level, EVMbench is a test suite: it presents models with smart contract security tasks and measures whether they can correctly identify vulnerabilities and risky behavior. That matters because "AI can audit contracts" is not a single capability. It is a bundle of skills that often fail in different ways:

  • Reading Solidity (and sometimes bytecode) accurately
  • Understanding EVM execution details (storage, call semantics, reentrancy conditions)
  • Tracking state changes across multiple functions and external calls
  • Distinguishing real exploits from false positives
  • Producing actionable explanations a human auditor can validate

A benchmark does not magically solve those problems. What it can do is force the conversation into numbers: accuracy, precision, recall, difficulty tiers, and reproducibility. In crypto security, that is already an upgrade.

OpenAI's broader security research direction also points toward "agentic" workflows, where models do more than answer questions and instead iterate like a researcher. Separate reporting and commentary in the AI security space has highlighted OpenAI experiments with AI systems that behave more like bug hunters than chatbots. EVMbench fits that trajectory as a way to test whether that approach transfers to adversarial, high-stakes on-chain code. [1] [2]

The DAO Returns: After the 2016 Hack, a $150M Endowment Targets Ethereum Security

Why crypto needs a benchmark, not another demo

Smart contract audits are a weird corner of software security. The code is public, the assets are liquid, and the attacker incentives are immediate. A bug is not just a bug, it is a payday.

That incentive structure creates two persistent problems for security claims:

  1. Demos overfit to toy examples. A model can look great on a curated set of textbook vulnerabilities and still miss the ugly, compositional failures that actually drain protocols.
  2. "Helpful" explanations can hide wrong answers. Large language models are good at sounding confident. Audits require being correct. [3]

Benchmarks help by making results comparable across model versions and across vendors. They also make it harder to bury the lede with hand-picked examples. If the goal is production-grade auditing, the industry needs to know things like: Does the model catch reentrancy in complex call graphs? Does it understand access-control edge cases? Does it hallucinate vulnerabilities that waste auditor time?

EVMbench is essentially OpenAI saying the quiet part out loud: AI auditing needs standardized evaluation before anyone treats it as a safety net.

What "AI smart contract auditing" really means in practice

Most teams do not want an AI that spits out a list of generic issues. They want something closer to a junior auditor who never sleeps and can triage quickly.

In a real workflow, an EVM-focused AI system might be asked to:

  • Flag suspicious patterns (unchecked external calls, delegatecall hazards, upgradeability footguns)
  • Trace whether user-controlled input can influence value transfers
  • Identify missing invariants (for example, balances can go negative via bad accounting)
  • Suggest concrete tests or proof-of-concept exploit paths (with human verification)

That last point is where things get uncomfortable. The same capability that helps defenders reproduce an exploit also helps attackers scale. A benchmark like EVMbench implicitly tests dual-use skill sets. It is not enough to ask "can the model find the bug?" You also have to care about how reliably it does so, and under what constraints, because attackers only need one correct answer once. [4]

The hard part: Ethereum bugs are rarely isolated

Ethereum contract failures often come from interactions, not just individual functions. Even when a vulnerability has a familiar name, the exploit path tends to be contextual:

  • A permission check exists, but can be bypassed via an unexpected call route
  • A "safe" external call becomes unsafe when paired with a callback
  • An upgrade changes storage layout and breaks assumptions
  • A token behaves oddly (fee-on-transfer, rebasing, ERC-777 hooks) and the protocol is not defensive

Benchmarks are useful only if they reflect that messy reality. If EVMbench includes multi-contract scenarios, adversarial prompts, and tricky edge cases, it can pressure-test models in a way that resembles production. If it is mostly single-contract, single-bug exercises, it will still be useful, just not sufficient.

Moonwell oracle glitch prices ETH at $1.12, bots liquidate collateral and leave ~$1.78M in bad debt

Takeaways (clearly labeled, because adults are talking)

Takeaway 1: EVMbench is about measurement, not marketing.
Crypto security has plenty of "AI audit" claims. A benchmark is the infrastructure needed to decide which ones are real.

Takeaway 2: This is a step toward agent-style security tooling.
The broader research theme across AI security is moving from chat responses to iterative bug hunting. EVMbench gives that approach something concrete to optimize against.

Takeaway 3: Attackers benefit from the same capabilities.
Any material improvement in automated vulnerability discovery will be used offensively. The question is not whether, it is how quickly.

What to watch next (practical, mildly unimpressed)

  1. Benchmark design details: What vulnerability classes are included, how "real" the contracts are, and whether tasks require cross-contract reasoning. If it is mostly basic patterns, results will be inflated.
  2. False positive rates: Auditor time is expensive. A tool that cries wolf too often will get ignored, no matter how smart it sounds.
  3. Reproducibility and baselines: Does EVMbench publish strong non-AI baselines (static analyzers, symbolic execution tools) and comparable model baselines? Otherwise, numbers will be hard to interpret.
  4. Adoption by auditors and security firms: The fastest signal that this matters is not a leaderboard, it is whether professional auditors use it to evaluate tools and internal workflows.
  5. Any evidence of real-world catches: The most meaningful follow-up would be documented cases where AI systems tested under EVMbench-style tasks help prevent an exploit in production, with clear disclosure and verification.

EVMbench will not end smart contract hacks. It might do something more realistic: make it harder to pretend that "AI auditing" works without proving it. That is progress, even if it is the kind that comes with spreadsheets instead of miracles.

Tags

#Ethereum#OpenAI#EVMbench#EVM#Smart contract auditing#Solidity#Security benchmark#AI vulnerability detection#smart contract security#DeFi exploits