CertiK CEO: AI is Turning DeFi Attack and Defense into an "Unfair Game"

Ronghui Gu, co-founder and CEO of CertiK, stated that AI tools are exacerbating the imbalance between attack and defense in DeFi security, making it easier for attackers to discover vulnerabilities and replicate attack vectors across different protocols.

He pointed out that the DeFi security situation was particularly severe in April this year, with only 3 days free from hacker attacks that month, resulting in cumulative losses of over $690 million for DeFi protocols. Excluding the February 2025 Bybit attack, April has become the month with the highest DeFi hacker losses since March 2022.

Gu Ronghui believes that attackers can concentrate massive computing power to repeatedly test a single protocol, while security companies need to serve multiple clients simultaneously, spreading their resources thin, thus placing the defense side at a natural disadvantage. At the same time, the focus of recent attacks is also shifting from smart contract vulnerabilities to operational security and weak points in the supply chain.

He emphasized that even if AI fails to discover vulnerabilities over an extended period, it does not prove that the code is completely secure; under current technological conditions, formal verification remains a more reliable method of ensuring security.