OpenZeppelin has issued a public clarification after recent posts by Manuel Araoz, the company’s co-founder & former CTO, sparked discussion across the crypto community around artificial intelligence, DeFi security & the future risk profile of onchain finance.

OpenZeppelin emphasized that its position is grounded in its decade-long work securing blockchain applications. Since 2015, the company says it has helped secure more than $35 trillion in value transferred onchain. Its smart contract libraries, audit practices & security products are widely used across the DeFi ecosystem.

• OpenZeppelin Distances Itself From Former CTO Comments
• AI As Both Threat Vector & Defensive Tool
• Operational Security Vs Smart Contract Risk
• Why OpenZeppelin’s Clarification Matters For DeFi

OpenZeppelin Distances Itself From Former CTO Comments

This matters because Araoz is historically associated with the company. As a co-founder & former CTO, his comments can easily be interpreted by the wider market as reflecting OpenZeppelin’s internal thinking. OpenZeppelin moved quickly to separate personal commentary from company policy, stating that Araoz left the company in 2019.

For security firms, reputation & clarity are critical. Protocol teams, foundations, developers, investors & institutional users rely on companies like OpenZeppelin not only for technical audits but also for guidance on how to evaluate risk. If public comments from a former executive create uncertainty about the company’s view on DeFi, AI or blockchain security, a direct clarification becomes necessary.

The company framed its current position around its work in the ecosystem. It said it maintains libraries that underpin many DeFi protocols & supports a growing number of innovative financial use cases. That framing is important because OpenZeppelin is not speaking as an outside observer. It is one of the most recognized security infrastructure providers in Ethereum & broader smart contract development.

Recent posts by Manuel Aráoz on AI and DeFi security have been widely circulated, and customers have asked whether they reflect OpenZeppelin's position. They do not.

Manuel co-founded OpenZeppelin and served as the company’s CTO until 2019 when he left the company.

— OpenZeppelin (@OpenZeppelin) May 27, 2026

AI As Both Threat Vector & Defensive Tool

The company acknowledged that AI is a real threat vector. This is important because AI can increase the speed, scale & sophistication of attacks. Malicious actors may use AI to scan contracts, automate phishing attempts, generate exploit strategies, impersonate team members or identify operational weaknesses across crypto organizations.

However, OpenZeppelin rejected the idea that AI should only be seen as a danger. The company described AI as one of the most powerful defensive tools available when used with rigor & expert human judgment.

That distinction is critical. AI alone does not guarantee security. It can produce false positives, miss context, misunderstand protocol design or generate misleading conclusions. But when used by experienced researchers, AI can help accelerate repetitive security work, identify edge cases, analyze large codebases, compare patterns & support faster review cycles.

OpenZeppelin said its researchers use AI daily to catch more issues & edge cases. This suggests that AI is already becoming part of the security workflow, not a future experiment. The role of human experts remains central, but AI can expand their capacity.

In DeFi, where code often controls large amounts of value, faster detection can be meaningful. Smart contracts, governance systems, bridges, wallets, frontends, key management processes & integrations all create risk surfaces. AI-assisted review can help teams examine more of these surfaces before attackers do.

Recent posts by Manuel Aráoz on AI and DeFi security have been widely circulated, and customers have asked whether they reflect OpenZeppelin's position. They do not.

Manuel co-founded OpenZeppelin and served as the company’s CTO until 2019 when he left the company.

— OpenZeppelin (@OpenZeppelin) May 27, 2026

Operational Security Vs Smart Contract Risk

This distinction matters because DeFi security is often discussed only in terms of contract audits. While smart contract vulnerabilities remain serious, the modern crypto risk landscape is broader. A protocol can have well-audited contracts but still suffer losses due to compromised private keys, weak internal controls, malicious dependencies, phishing attacks, compromised frontends, social engineering, poor monitoring or unsafe upgrade processes.

OpenZeppelin’s statement suggests that the industry should avoid oversimplifying recent failures. If every exploit is treated as a smart contract problem, teams may focus too narrowly on code while ignoring operational weaknesses.

OpenZeppelin’s framing shows that DeFi security is no longer limited to “is the smart contract safe?” The better question is whether the full system is resilient. That includes contracts, teams, governance, infrastructure, interfaces & emergency procedures.

Why OpenZeppelin’s Clarification Matters For DeFi

OpenZeppelin’s clarification matters because it comes from one of the most trusted names in smart contract security. The company’s libraries have become default infrastructure for many developers building tokens, governance systems, access controls & upgradeable contracts.

When such a company speaks publicly about AI & DeFi, its message influences how the ecosystem thinks about risk. By rejecting retreat & emphasizing better security, OpenZeppelin is reinforcing a constructive path forward.

The statement also reassures protocols & institutions that OpenZeppelin remains committed to DeFi. In periods of major exploits or public criticism, there is often a tendency to frame DeFi as too risky or structurally unsafe. OpenZeppelin’s response pushes back against that narrative. It accepts that risks are real but argues that the solution is stronger tooling, better processes & more rigorous security culture.

This is especially relevant as DeFi becomes more institutional. Banks, asset managers, fintech firms & payment companies are increasingly exploring tokenized assets, stablecoins, settlement infrastructure & onchain financial products. These institutions need confidence that security firms are evolving alongside the threat landscape.

For DeFi teams, the statement is also a reminder to invest beyond smart contract audits. Strong operational security, access management, internal policies, monitoring systems & emergency response plans are now essential parts of protocol security.

OpenZeppelin ended its thread by reaffirming that it has secured DeFi for a decade & that this work now matters more than ever. The company said it remains alongside the protocols, institutions & developers building the next era of finance.

To promote your Web3 articles, events, and projects, you may reach out anytime via EtherWorld PR for submissions and collaboration.

Related Articles

1. Tether Mints $1B on Ethereum Network
2. Ethereum Sees Rapid User Growth via New Addresses
3. Ethereum Phishing Attack Drains $585K in 11 Hours
4. Gnosis & Zisk Launch Ethereum Economic Zone
5. Starknet Targets April Launch for STRK20 Privacy Layer

To follow blockchain news, track Ethereum protocol progress, and read our latest stories, subscribe to our weekly today.