Immunefi CEO Calls AI the Biggest New Threat Hitting DeFi Security

DeFi is bleeding. Mitchell Amador, CEO of blockchain security firm Immunefi, says new AI models are driving a sharp rise in hacks across decentralized finance platforms — and the damage is piling up fast.

Amador’s word for it: a “vulnerability apocalypse.” That’s not a phrase you throw around lightly, and he didn’t. Immunefi has been tracking security breaches across the DeFi sector for years, and what the company sees now is different — bigger in frequency, more complex in execution, and harder to stop. The core problem, per Amador, is that cutting-edge AI models have opened doors for attackers that simply didn’t exist before. The tools are sophisticated. The exploits are evolving faster than most platforms can respond. And the financial losses? Substantial, though Immunefi didn’t break down exact figures in Amador’s remarks.

It’s a strange situation.

AI That Builds Also Breaks

The same technology that’s supposed to make crypto smarter is, apparently, making it more fragile. AI models get deployed into DeFi systems fast — sometimes too fast — and the gaps they create aren’t obvious until someone finds them the hard way. Security teams are playing catch-up. Traditional audit frameworks weren’t built to handle the kind of complexity these models introduce, and that mismatch is showing up in hack tallies across the sector.

Amador’s read is pretty clear: the rapid deployment of frontier AI is outpacing the industry’s ability to protect itself. Security measures that worked fine two or three years ago aren’t cutting it anymore. The threat landscape shifted, and a lot of projects didn’t shift with it.

That said, it’s not all doom. Amador and others in the space seem to think AI can also be part of the fix — that the same class of tools driving these new attack vectors could, if pointed in the right direction, help build stronger defenses. But that’s a harder problem than it sounds. Getting there requires deliberate investment, not just optimism.

Industry Scrambles for a Collective Answer

Some DeFi projects are already pouring money into security audits and vulnerability testing. Others are pushing for something bigger — industry-wide standards, shared best practices, a more coordinated response to what’s clearly a coordinated threat. The argument for collaboration is gaining ground. Isolated security efforts, even well-funded ones, can’t keep up with attackers who are sharing tools and techniques across the board.

Related: MetaMask Integrates AI Agents in DeFi, Security Questions Persist

Immunefi sits at the center of a lot of this. The company’s core business is finding vulnerabilities before the bad guys do — running bug bounty programs, flagging risks, pushing platforms to patch weaknesses before they become headlines. With AI-driven threats now in the mix, that job has gotten harder and probably more important.

The frequency of attacks is the part that’s hard to ignore. It’s not just that individual hacks are getting more sophisticated. There are more of them. And the complexity of what Immunefi is seeing suggests attackers aren’t slowing down — they’re getting better at using the same AI tools that developers are using to build.

DeFi has always had a security problem. That’s not new. But the AI angle adds a layer that the sector wasn’t fully prepared for, and the window to get ahead of it is narrowing.

What Needs to Happen Now

Amador’s warning is basically a call to action. The industry can’t treat security as an afterthought when it’s integrating technology this powerful. Developers, auditors, protocol teams — all of them need to be thinking about how AI changes the attack surface, not just how it improves the product.

Stakeholders are increasingly aware of this. The question is whether awareness translates into action fast enough. Pooling resources across the DeFi community seems like the most realistic path forward — no single firm has the bandwidth to map every new vulnerability that AI models introduce. Shared knowledge, shared tooling, shared standards. That’s the direction the conversation is heading.

See also: AI Trading Tools Grab Market Share as Crypto Runs 24/7 in 2026

And the stakes aren’t abstract. User assets are on the line. So is trust in the broader DeFi ecosystem, which has spent years trying to convince mainstream finance that it’s a legitimate alternative — not a casino where the house always gets hacked.

Amador’s framing of a “vulnerability apocalypse” probably won’t calm anyone down. But it’s probably meant to shake people out of complacency, not send them running. The DeFi sector has survived rough patches before. Whether it can adapt quickly enough to AI-driven threats is the real test right now.

Immunefi, for its part, says it’s watching closely and pushing for faster adaptation across the platforms it works with.