NextFin News - On February 18, 2026, OpenAI, in collaboration with the cryptocurrency investment firm Paradigm, officially launched EVMbench, a comprehensive benchmarking framework designed to evaluate the performance of artificial intelligence agents in securing Ethereum Virtual Machine (EVM) smart contracts. The release comes at a pivotal moment for the blockchain industry, where smart contracts currently secure over $100 billion in open-source assets but remain vulnerable to high-severity exploits that resulted in $3.4 billion in losses during 2025 alone. According to TechInformed, the benchmark utilizes 120 curated vulnerabilities from 40 real-world audits, including data from Code4rena competitions and the security process of the Tempo blockchain, a high-throughput Layer 1 network designed for stablecoin payments.
The EVMbench framework operates across three distinct functional modes: "Detect," where agents audit code for known flaws; "Patch," where they must fix vulnerabilities without altering intended contract behavior; and "Exploit," where agents attempt to drain funds in a sandboxed environment. To ensure objective results, OpenAI developed a programmatic harness using a local Ethereum-compatible chain (Anvil) and a JSON-RPC proxy to prevent agents from manipulating the chain state directly. Early performance data released by OpenAI indicates a significant leap in offensive capabilities; the GPT-5.3-Codex model achieved a 72.2% success rate in the "Exploit" mode, a dramatic increase from the 31.9% recorded by GPT-5 just six months prior. However, defensive metrics remain lower, with the same model scoring only 41.5% in the "Patch" category, suggesting that while AI is becoming adept at finding the "path of least resistance" to drain funds, the nuanced logic required for comprehensive security auditing and repair is still evolving.
The launch of EVMbench represents more than just a technical tool; it is a strategic response to the "dual-use" nature of advanced AI in the financial sector. By open-sourcing the benchmark and committing $10 million in API credits through its Cybersecurity Grant Program, OpenAI is attempting to tilt the scales in favor of defensive applications. The disparity between exploit success and patching accuracy highlights a fundamental challenge: offensive actions often require finding only a single flaw, whereas defense requires exhaustive coverage of all possible attack vectors. This "asymmetry of effort" is a well-known concept in cybersecurity, now being quantified in the context of large language models (LLMs) and autonomous agents.
From an industry perspective, the involvement of Paradigm—a firm deeply embedded in the DeFi ecosystem through investments in Uniswap and Optimism—signals that the venture capital community views AI-driven security as a prerequisite for the next phase of institutional crypto adoption. As U.S. President Trump’s administration continues to navigate the intersection of digital asset regulation and national AI competitiveness, the development of standardized safety benchmarks like EVMbench provides a private-sector model for self-regulation. The data suggests that as AI agents become more integrated into financial workflows—with some estimates predicting billions of agents transacting via stablecoins by 2030—the ability to automatically verify the integrity of the underlying code will be the difference between a resilient financial system and one prone to systemic collapse.
Looking forward, the trend points toward the emergence of "Security-as-a-Service" agents that operate continuously on-chain. While current models like Anthropic’s Claude Opus 4.6 and OpenAI’s GPT-5.3-Codex are showing promise, the next frontier will likely involve multi-agent systems where one AI "red teams" a contract while another "blue teams" the defense in a recursive loop. However, the risk remains that the same tools intended to harden Ethereum’s infrastructure could be repurposed by malicious actors to automate the discovery of zero-day vulnerabilities. The success of EVMbench will ultimately be measured not by the scores of the models, but by whether it can accelerate the development of defensive AI fast enough to outpace the rapidly advancing capabilities of automated attackers.
Explore more exclusive insights at nextfin.ai.
