Under pressure to turn its enormous investment in AI into revenue, OpenAI has moved into the security of blockchain code. On February 18, 2026, the company and the cryptocurrency investment firm Paradigm introduced EVMbench, an open-source benchmark that measures how well AI agents can find, fix, and exploit serious vulnerabilities in smart contracts.
A smart contract is self-executing code stored on a blockchain that runs automatically when predefined conditions are met, for example releasing a payment or issuing new tokens. Because these contracts often control real money, including stablecoins, cryptocurrencies pegged to reserve assets such as the US dollar, a single bug can be extremely expensive. That makes automated security tooling valuable, and a shared benchmark gives the industry a way to compare how capable AI agents actually are at the job.
What EVMbench measures
The benchmark draws on 120 curated vulnerabilities taken from 40 audits, most of them from open audit competitions, and also incorporates scenarios from the security review of the Tempo blockchain, a Layer-1 network built by Stripe and Paradigm for high-throughput, low-cost stablecoin payments. EVMbench evaluates agents in three modes: Detect, which asks an agent to find vulnerabilities; Patch, which asks it to fix a flaw while preserving the contract’s intended behaviour; and Exploit, which asks it to carry out an end-to-end attack, such as draining funds, inside a sandboxed environment.
How the models performed
According to OpenAI, results varied sharply by mode and by model. In exploit mode, the company reported that its GPT-5.3-Codex model scored about 72 percent, well above an earlier GPT-5 result near 32 percent. Detect and patch modes proved harder: agents in detect mode sometimes stopped after finding a single vulnerability rather than completing a full audit, and patch mode exposed the difficulty of fixing a flaw without breaking the contract’s functionality. As with any vendor-reported benchmark, these figures describe performance on this specific test set rather than guaranteed real-world results.
Why this matters beyond crypto
EVMbench also sits within a larger trend: using AI agents not just to write code but to attack and defend it. Smart contracts are an especially clean test bed, because their logic is self-contained, their failures are measurable in lost funds, and exploits can be verified objectively in a sandbox. Lessons from this narrow domain, how reliably an agent reasons about adversarial conditions, where it overreaches, and how to keep it from causing harm, carry over to the broader question of whether autonomous agents can be trusted with security-critical work at all. That makes the benchmark interesting to security teams well outside the crypto world.
The business logic
The move fits a broader pattern. OpenAI is spending far more than it earns, and analysts read EVMbench partly as a response to that pressure. An analyst at Omdia noted that the incentive to demonstrate a return on heavy agentic-AI investment can pull a company toward domains where it believes it can generate revenue, and that crypto and stablecoin infrastructure, also a long-standing interest of large cloud providers, is one such domain. Whatever the motivation, the benchmark has a practical upside for the wider market: other vendors building security agents can use it to measure their own systems against a common yardstick, much as any agent evaluation provides a shared basis for comparison.
Limitations and what to watch
EVMbench is useful, but it is new and not without criticism. Security firms that reviewed it identified methodological flaws, including several issues labelled high severity that reviewers argued are not actually exploitable in practice, which complicates any clean comparison of model scores. The detect and patch results also show that strong performance in one mode does not imply competence across the board; an agent that can execute an exploit in a sandbox is not necessarily one that can responsibly audit and repair production code. More broadly, a benchmark captures a narrow, curated slice of the problem: real smart-contract security involves novel bugs, economic attacks, and context that no fixed test set fully represents, and the exploit-focused framing underscores the dual-use nature of these tools, which is why the evaluation runs in a controlled sandbox rather than against live systems. The sensible reading is that EVMbench is a step toward measuring AI security capability, not a verdict that agents are ready to secure real funds on their own.
The bottom line
EVMbench gives the industry a concrete, open way to gauge how well AI agents handle smart-contract security, and the early numbers suggest meaningful progress in some modes alongside clear weaknesses in others. For OpenAI it is also a commercially pointed move into crypto security at a moment when investors are watching for revenue. As an evaluation tool it is a welcome addition, provided its results are read with the same scrutiny that good security work demands, and that buyers remember why so many agent projects stall when capability is mistaken for production readiness.