My startup builds agents for penetration testing, and this is the bet we have been making for over a year when models started getting good at coding. There was a huge jump in capability from Sonnet 4 to Sonnet 4.5. We are still internally testing Opus 4.5, which is the first version of Opus priced low enough to use in production. It's very clever and we are re-designing our benchmark systems because it's saturating the test cases.
VladVladikoff•Dec 2, 2025
I have a hotel software startup and if you are interested in showing me how good your agents are you can look us up at rook like the chess piece, hotel dot com
karlgkk•Dec 2, 2025
Is it rookhotel.com?
dboreham•Dec 2, 2025
I've had similar experience using LLMs for static analysis of code looking for security vulnerabilities, but I'm not sure it makes sense for me to found a start up around that "product". Reason being that the technology with the moat isn't mine -- it belongs to Anthropic. Actually it may not even belong to them, probably it belongs to whoever owns the training data they feed their models. Definitely not me though. Curious to hear your thoughts on that. Is the idea to just try for light speed and exit before the market figures this out?
apercu•Dec 2, 2025
That’s 100% why I haven’t done this - we’ve seen the movie where people build a business around someone else’s product and then the api gets disabled or the prime uses your product as market research and replaces you.
tharkun__•Dec 2, 2025
Does that matter as long as you've made a few millions and just move on to do other fun stuff?
pavel_lishin•Dec 2, 2025
Assuming you make those few millions.
ryanjshaw•Dec 2, 2025
There are armies of people at universities, Code4rena and Sherlock who do this full-time. Oh and apparently Anthropic too. Tough game to beat if you have other commitments.
micromacrofoot•Dec 2, 2025
wild that so many companies these days consider the exit before they've even entered
rajamaka•Dec 2, 2025
Every company evaluates potential risks before starting.
davidw•Dec 2, 2025
Depending on how much of a bubble it is. When things really heat up it's sometimes more like "just send it, bro".
NortySpock•Dec 2, 2025
It is considered prudent to write a business plan and do some market research if possible before starting a business.
blitzar•Dec 2, 2025
the exit is the business
vngzs•Dec 2, 2025
How do you manage to coax public production models into developing exploits or otherwise attacking systems? My experience has been extremely mixed, and I can't imagine it boding well for a pentesting tools startup to have end-users face responses like "I'm sorry, but I can't assist you in developing exploits."
Divide the steps into small enough steps so the LLMs don't actually know the big picture of what you're trying to achieve. Better for high-quality responses anyways. Instead of prompting "Find security holes for me to exploit in this other person's project", do "Given this code snippet, is there any potential security issues?"
apimade•Dec 2, 2025
The same way you write malware without it being detected by EDR/antivirus.
Bit by bit.
Over the past six weeks, I’ve been using AI to support penetration testing, vulnerability discovery, reverse engineering, and bug bounty research. What began as a collection of small, ad-hoc tools has evolved into a structured framework: a set of pipelines for decompiling, deconstructing, deobfuscating, and analyzing binaries, JavaScript, Java bytecode, and more, alongside utility scripts that automate discovery and validation workflows.
I primarily use ChatGPT Pro and Gemini. Claude is effective for software development tasks, but its usage limits make it impractical for day-to-day work. From my perspective, Anthropic subsidizes high-intensity users far less than its competitors, which affects how far one can push its models. Although it's becoming more economical across their models recently, and I'd shift to them completely purely because of the performance of their models and infrastructure.
Having said all that, I’ve never had issues with providers regarding this type of work. While my activity is likely monitored for patterns associated with state-aligned actors (similar to recent news reports you may have read), I operate under my real identity and company account. Technically, some of this usage may sit outside standard Terms of Service, but in practice I’m not aware of any penetration testers who have faced repercussions -- and I'd quite happily take the L if I fall afoul of some automated policy, because competitors will quite happily take advantage of that situation. Larger vuln research/pentest firms may deploy private infrastructure for client-side analysis, but most research and development still takes place on commercial AI platforms -- and as far as I'm aware, I've never heard of a single instance of Google, Microsoft, OpenAI or Anthropic shutting down legitimate research use.
carsoon•Dec 2, 2025
Yeah this latest generation of models (Opus 4.5 GPT 5.1 and Gemini Pro 3) are the biggest breakthrough since gpt-4o in my mind.
Before it felt like they were good for very specific usecases and common frameworks (Python and nextjs) but still made tons of mistakes constantly.
Now they work with novel frameworks and are very good at correcting themselves using linting errors, debugging themselves by reading files and querying databases and these models are affordable enough for many different usecases.
justanotherunit•Dec 2, 2025
Is it the models tho? With every release (mutlimodal etc) its just a well crafted layer of business logic between the user and the LLM. Sometimes I feel like we lose track of what the LLM does, and what the API before it does.
mwkaufma•Dec 2, 2025
Says more about the relatively poor infosec on etherium contracts than about the absolute utility of pentesting LLMs.
TheRoque•Dec 2, 2025
True, I'd be curious to see if (and when) those contracts were compromised in the real world. Though they said they found 0 days, which implies some breaches were never found in the real world.
px43•Dec 2, 2025
4.6M is not a lot, and these were old bugs that it found. Also, actually exploiting these bugs in the real world is often a lot harder than just finding the bug. Top bug hunters in the Ethereum space are absolutely using AI tooling to find bugs, but it's still a bit more complex than just blindly pointing an LLM at a test suite of known exploitable bugs.
Legend2440•Dec 2, 2025
According to the blogpost, these are fully autonomous exploits, not merely discovered bugs. The LLM's success was measured by much money it was able to extract:
>A second motivation for evaluating exploitation capabilities in dollars stolen rather than attack success rate (ASR) is that ASR ignores how effectively an agent can monetize a vulnerability once it finds one. Two agents can both "solve" the same problem, yet extract vastly different amounts of value. For example, on the benchmark problem "FPC", GPT-5 exploited $1.12M in simulated stolen funds, while Opus 4.5 exploited $3.5M. Opus 4.5 was substantially better at maximizing the revenue per exploit by systematically exploring and attacking many smart contracts affected by the same vulnerability.
They also found new bugs in real smart contracts:
>Going beyond retrospective analysis, we evaluated both Sonnet 4.5 and GPT-5 in simulation against 2,849 recently deployed contracts without any known vulnerabilities. Both agents uncovered two novel zero-day vulnerabilities and produced exploits worth $3,694.
fragmede•Dec 2, 2025
> Important: To avoid potential real-world harm, our work only ever tested exploits in blockchain simulators. We never tested exploits on live blockchains and our work had no impact on real-world assets.
Well, that's no fun!
My favorite we're-living-in-a-cyberpunk-future story is the one where there was some bug in Ethereum or whatever, and there was a hacker going around stealing everybody's money, so then the good hackers had to go and steal everybody's money first, so they could give it back to them after the bug got fixed.
toomuchtodo•Dec 2, 2025
I’m surprised folks aren’t already grinding against smart contract security in prod with gen AI and agents. If they are, I suppose they are not being conspicuous by design. Power and GPU time goes in, exploits and crypto comes out.
mschuster91•Dec 2, 2025
As soon as money in larger sums gets involved, the legal system will crack down hard on you if you are anywhere in the Western sphere of influence, easy as that.
In contrast, countries like North Korea, Russia, Iran - they all make bank on cryptocurrency shenanigans because they do not have to fear any repercussions.
px43•Dec 2, 2025
Of course they are, and they've been doing it since long before ChatGPT or any of that was a thing. Before it was more with classifiers and concolic execution engines, but it's only gotten way more advanced.
TheRoque•Dec 2, 2025
Check the prizes for the bug bounties in big smart contracts. The prizes are truly crazy, like Uniswap pays $15,000,000 for a critical vuln, and $1,000,000 for a high vuln. With that kind of money, I HIGHLY doubt there aren't people grinding against smart contracts as you say.
I mean they are, the only news here is that Anthropic isn't staffed by ignorant know-it-alls that wholesale dismiss the web3 development space like some other forum I know of
PunchyHamster•Dec 2, 2025
The whole ethereum fork was such a funny situation.
"Our currency is immutable and all, no banks or any law messing with your money"
"oh, but that contract that people got conned by need to be fixed, let's throw all promises into the trash and undo that"
"...so you just acted as bank or regulators would, because the Important People lost some money"
"essentially yeah"
latenightcoding•Dec 2, 2025
when the core devs lose money, the rules change.
DennisP•Dec 2, 2025
It's been nine years since the chain split, which happened within the first year. No irregular changes have been made since then. Two major hacks caused over a hundred million dollars in losses to Parity, a company founded by one of the core devs. That dev lobbied heavily for rescue, and the community refused.
Bitcoin also made an irregular change, a year and a half into its history.
csomar•Dec 2, 2025
It just shows that the decision making is very centralized and failure of ETC shows that the community is not interested in a true immutable ledger.
ChadNauseam•Dec 2, 2025
The old version stayed around but (essentially) nobody wanted to use it. If they had, the forked version would be worthless. That is the difference. A cryptocurrency fork cannot succeed without the consent of the community. No one is compelled to use it the way that you are compelled to accept the decisions of a regulator.
ceejayoz•Dec 2, 2025
Well, the consent of some of the community.
Potentially far, far less than a majority of the community, even, considering it's not one person, one vote.
beefnugs•Dec 2, 2025
I couldnt find it in the article, how do they "assume" how many victims will fall to these contract exploits?
And to go further: if it costs $3500 in ai tokens, to fix a bug that could steal $3600, who should pay for that? Whos responsibility is it for "dumbass suckers who use other peoples buggy or purposefully malicious money based code" ?
At best this is another weird ad by anthropic, trying to say, hey why arent you changing the world with our stuff, pay up quick hurry
DennisP•Dec 2, 2025
Contracts themselves can hold funds. Usually a contract hack extracts the money it holds.
$3500 was the average cost per exploit they found. The cost to scan a contract averaged to $1.22. That cost should be paid by each contract's developers. Often they pay much more than that for security audits.
venturecruelty•Dec 2, 2025
"Money". The real cyberpunks would switch to anonymous, untraceable cash.
ekjhgkejhgk•Dec 2, 2025
Can someone explain smart contracts to me?
Ok, I understand that it's a description in code of "if X happens, then state becomes Y". Like a contract but in code. But, someone has to input that X has happened. So is it not trivially manipulated by that person?
px43•Dec 2, 2025
State is globally distributed, and smart contract code executes state transitions on that state. When someone submits a transaction with certain function parameters, anyone can verify that those parameters will lead to that exact state transition.
patrickaljord•Dec 2, 2025
Once a contract is deployed on the blockchain, its source code is immutable. So before using a contract, check if it gives permission to its deployer (or any address) to change any state at will.
Note that some contracts act as proxy to other contract and can be made to point to another code through a state change, if this is the case then you need to trust whoever can change the state to point to another contract. Such contract sometime have a timelock so that if such a change occurs, there's a delay before it is actually activated, which gives time to users to withdraw their funds if they do not trust the update.
If you are talking about Oracle contracts, if it's an oracle involving offchain data, then there will always be some trust involved, which is usually managed by having the offchain actors share the responsibility and staking some money with the risk to get slashed if they turn into bad actors. But again, offchain data oracles will always require some level of trust that would have to deal with in non-blockchain apps too.
Animats•Dec 2, 2025
> Once a contract is deployed on the blockchain, its source code is immutable.
Maybe. Some smart contracts have calls to other contracts that can be changed.[1]
This turns out to have significant legal consequences.
Yes! When developing Smart Contracts this used to be a best practice, enabling us to fix security holes in worst case scenarios.
Philpax•Dec 2, 2025
Yes, this is a problem (look up "the oracle problem"). My understanding is that the conventional solution is to rely on trusted third-party oracles that are outside of the control of the contract's participants and/or require consensus over multiple oracles.
momentmaker•Dec 2, 2025
blockchains are isolated environment where it can only know about data/states within itself.
if outside data is needed, then it needs something called an oracle, which delivers real-world and/or even other blockchain data to it.
I’m convinced that there is a reason from blockchain, but it was like 10 years too early - OR - we’ve already passed the problem it solves and didn’t notice.
PunchyHamster•Dec 2, 2025
Well, technically DVCSes like git use "blockchain" (the repo, logically, is pretty much a chain of blocks that incorporate the hash of the previous blocks - just tree instead of linear dependency).
So we are already successfully using blockchain for decades just not as... currency provider.
Forward secure sealing (used in logging) also have similar idea
DennisP•Dec 2, 2025
What makes it a block chain instead of a tree is that there's a way to form consensus on which block is the next in the chain.
What makes it different than database logging is that the consensus method is distributed and decentralized, and anyone can participate.
TheRoque•Dec 2, 2025
Not sure what you mean that "input that X has happened". You don't directly input the changes, instead, you call a function that creates that state change (or not, if it's invalid), by running its code. This code can include checks on who is the caller, it can check if you're the contract owner, if you're someone who already interacted with the contract (by checking previous state), or any hardcoded address etc.
LikesPwsh•Dec 2, 2025
That's infamously known as the "Oracle Problem".
Blockchain can't handle external state.
Smart contracts abstract it a bit by having a trusted third party or an automated pricing mechanism, but both are fragile.
PunchyHamster•Dec 2, 2025
It's funny that it just re-invented stuff already used for old world finances, and just invented escrow with more moving parts while still requiring non-compromised 3rd party.
pawelduda•Dec 2, 2025
Unless you know and trust person X, you don't want to authorize and interact with such contracts. Scammers will leave loopholes in code so they can, for example, grab all funds deposited to the contract.
Normal contracts that involve money operations would have safeguards that disallow the owner to touch balance that is not theirs. But there's billion of creative attack vectors to bypass that, either by that person X, or any 3rd party
bgwalter•Dec 2, 2025
You can create hot air "organizations" with contract rules on the Ethereum blockchain. If the inner circle does not like a contract, they fork everything:
It's all a toy for rug pulls and speculation. "AI" attacking the blockchain is hilarious. I wish the blockchain could also attack "AI".
dboreham•Dec 2, 2025
There's already many replies, but I'm not sure any of them answers your question directly:
You are somewhat correct that contracts take external inputs in some cases, but note that this isn't a given. For example you could have a contract that has the behavior "if someone deposits X scoin at escrow address A, send them Y gcoin from escrow address Y". That someone can only deposit scoins and get gcoins in exchange. They can't just take all the escrow account balances. So there are inputs, but they are subject to some sort of validation and contract logic that limits their power. Blockchain people call this an "on-chain event".
So short answer is: no smart contracts can't be trivially manipulated by someone, including their owner. But not being able to do that depends on there not being any bugs or back doors in the contract code.
If you are asking about a contract that has some bearing on an event in meat-space, such as someone buying a house, or depositing a bar of gold in a room somewhere, then that depends on someone telling the contract it happened. Blockchain people call this an "off-chain event". This is the "oracle problem" that you'll see mentioned in other replies. Anything off-chain is generally regarded by blockchain folks as sketchy, but sometimes unavoidable. E.g. betting markets need some way to be told that the event being bet on happened or didn't happen. The blockchain has no way to know if it snowed in Central London on December 25.
nrhrjrjrjtntbt•Dec 2, 2025
The pure (if you like) smart contacts do transactions. You give me 100 apple tokens and I give you 50 pear tokens. The contract ensures nothing else can happen.
They get more sophisticated e.g. automatic market makers. But same idea just swapping.
Voting is also possible e.g. release funds if there is a quorom. Who to release them to could be hard coded or part of the vote.
For external info from the real world e.g. "who got elected" you need an oracle. I.e. you trust someone not to lie and not to get hacked. You can fix the "someone" to a specific address but you still need to trust them.
wildzzz•Dec 2, 2025
That's a great explanation. I'm sure it's a lot deeper than that but I've never really understood the purpose. I'm not a crypto guy at all so it's nice hearing real world applications rather than just "stock market babble".
packetlost•Dec 2, 2025
Smart contracts are actually pretty cool, but the entire ecosystem is made dramatically worse by the tokens having speculative value. It’s necessary for the economics to work out, but it dampens the coolness of the technical aspects because it attracts sleazeballs and enables fraud/crime.
yieldcrv•Dec 2, 2025
they're like a Trust that self executes distributions
except that they cost a fraction of a cent to create instead of several thousand dollars in lawyer fees for the initial revision, and can be tested in infinite scenarios for free
to your theoretical reservation, the trust similarity continues, as the constraints around the X are also codified. The person that triggers it can only send sanitized information, isn't necessarily an administrator, admins/trustees can be relinquished for it to be completely orphaned, and so on
_pdp_•Dec 2, 2025
I am not surprised at all. I can already see self improving behaviour in our own work which means that the next logic step is self improving!
I know how this sounds but it seems to me, at least from my own vantage point, that things are moving towards more autonomous and more useful agents.
To be honest, I am excited that we are right in the middle of all of this!
parapatelsukh•Dec 2, 2025
Exciting! Let's orthogonally connect on this!
rcbdev•Dec 2, 2025
I prefer cross-polinating, as we're probably diametrical.
codethief•Dec 2, 2025
Having watched this talk[0] about what it takes to succeed in the DARPA AIxCC competition[1] these days, this doesn't surprise me in the least.
To me, this reads a lot like : "Company raises $45 Billion, makes $200 on an Ethereum 0-day!"
stavros•Dec 2, 2025
Yeah but use of the models isn't limited to the company.
user3939382•Dec 2, 2025
smart contracts the misnomer joke writes itself
yieldcrv•Dec 2, 2025
just means self executing, or more like domino triggered, in practice
quite a bit more advanced than contracts that do nothing on a sheet of paper, but the term is from 2012 or so when "smart" was appended to everything digital
8n4vidtmkvmk•Dec 2, 2025
Now we just append AI to everything instead...
judgmentday•Dec 2, 2025
That graph is impenetrable. What is it even trying to say?
Also, in what way should any of its contents prove linear?
> yielding a maximum of $4.6 million in simulated stolen funds
Oh, so they are pointing their bots at already known exploited contracts. I guess that's a weaker headline.
AznHisoka•Dec 2, 2025
At first I read this as "fined $4.6M", and my first thought "Finally, AI is held accountable for their wrong actions!"
evanb•Dec 2, 2025
Careful what you wish for. Negating the predicate of "A COMPUTER CAN NEVER BE HELD ACCOUNTABLE. THEREFORE A COMPUTER MUST NEVER MAKE A MANAGEMENT DECISION" might open us up to the consequence.
krupan•Dec 2, 2025
No mention of Bitcoin. Exploiting ethereum smart contracts is nothing that new or exciting.
dtagames•Dec 2, 2025
No one has ever successfully manipulated Bitcoin and it doesn't offer smart contracts.
yieldcrv•Dec 2, 2025
> Important: To avoid potential real-world harm, our work only ever tested exploits in blockchain simulators. We never tested exploits on live blockchains and our work had no impact on real-world assets.
They left the booty out there, this is actually hilarious, driving a massive rush towards their models
rkagerer•Dec 2, 2025
> Both agents uncovered two novel zero-day vulnerabilities and produced exploits worth $3,694, with GPT-5 doing so at an API cost of $3,476
nickphx•Dec 2, 2025
lol, no, the "ai agents" found what was already known... so amazing.
14 Comments
Bit by bit.
Over the past six weeks, I’ve been using AI to support penetration testing, vulnerability discovery, reverse engineering, and bug bounty research. What began as a collection of small, ad-hoc tools has evolved into a structured framework: a set of pipelines for decompiling, deconstructing, deobfuscating, and analyzing binaries, JavaScript, Java bytecode, and more, alongside utility scripts that automate discovery and validation workflows.
I primarily use ChatGPT Pro and Gemini. Claude is effective for software development tasks, but its usage limits make it impractical for day-to-day work. From my perspective, Anthropic subsidizes high-intensity users far less than its competitors, which affects how far one can push its models. Although it's becoming more economical across their models recently, and I'd shift to them completely purely because of the performance of their models and infrastructure.
Having said all that, I’ve never had issues with providers regarding this type of work. While my activity is likely monitored for patterns associated with state-aligned actors (similar to recent news reports you may have read), I operate under my real identity and company account. Technically, some of this usage may sit outside standard Terms of Service, but in practice I’m not aware of any penetration testers who have faced repercussions -- and I'd quite happily take the L if I fall afoul of some automated policy, because competitors will quite happily take advantage of that situation. Larger vuln research/pentest firms may deploy private infrastructure for client-side analysis, but most research and development still takes place on commercial AI platforms -- and as far as I'm aware, I've never heard of a single instance of Google, Microsoft, OpenAI or Anthropic shutting down legitimate research use.
Before it felt like they were good for very specific usecases and common frameworks (Python and nextjs) but still made tons of mistakes constantly.
Now they work with novel frameworks and are very good at correcting themselves using linting errors, debugging themselves by reading files and querying databases and these models are affordable enough for many different usecases.
>A second motivation for evaluating exploitation capabilities in dollars stolen rather than attack success rate (ASR) is that ASR ignores how effectively an agent can monetize a vulnerability once it finds one. Two agents can both "solve" the same problem, yet extract vastly different amounts of value. For example, on the benchmark problem "FPC", GPT-5 exploited $1.12M in simulated stolen funds, while Opus 4.5 exploited $3.5M. Opus 4.5 was substantially better at maximizing the revenue per exploit by systematically exploring and attacking many smart contracts affected by the same vulnerability.
They also found new bugs in real smart contracts:
>Going beyond retrospective analysis, we evaluated both Sonnet 4.5 and GPT-5 in simulation against 2,849 recently deployed contracts without any known vulnerabilities. Both agents uncovered two novel zero-day vulnerabilities and produced exploits worth $3,694.
Well, that's no fun!
My favorite we're-living-in-a-cyberpunk-future story is the one where there was some bug in Ethereum or whatever, and there was a hacker going around stealing everybody's money, so then the good hackers had to go and steal everybody's money first, so they could give it back to them after the bug got fixed.
In contrast, countries like North Korea, Russia, Iran - they all make bank on cryptocurrency shenanigans because they do not have to fear any repercussions.
"Our currency is immutable and all, no banks or any law messing with your money"
"oh, but that contract that people got conned by need to be fixed, let's throw all promises into the trash and undo that"
"...so you just acted as bank or regulators would, because the Important People lost some money"
"essentially yeah"
Bitcoin also made an irregular change, a year and a half into its history.
Potentially far, far less than a majority of the community, even, considering it's not one person, one vote.
And to go further: if it costs $3500 in ai tokens, to fix a bug that could steal $3600, who should pay for that? Whos responsibility is it for "dumbass suckers who use other peoples buggy or purposefully malicious money based code" ?
At best this is another weird ad by anthropic, trying to say, hey why arent you changing the world with our stuff, pay up quick hurry
$3500 was the average cost per exploit they found. The cost to scan a contract averaged to $1.22. That cost should be paid by each contract's developers. Often they pay much more than that for security audits.
Ok, I understand that it's a description in code of "if X happens, then state becomes Y". Like a contract but in code. But, someone has to input that X has happened. So is it not trivially manipulated by that person?
Note that some contracts act as proxy to other contract and can be made to point to another code through a state change, if this is the case then you need to trust whoever can change the state to point to another contract. Such contract sometime have a timelock so that if such a change occurs, there's a delay before it is actually activated, which gives time to users to withdraw their funds if they do not trust the update.
If you are talking about Oracle contracts, if it's an oracle involving offchain data, then there will always be some trust involved, which is usually managed by having the offchain actors share the responsibility and staking some money with the risk to get slashed if they turn into bad actors. But again, offchain data oracles will always require some level of trust that would have to deal with in non-blockchain apps too.
Maybe. Some smart contracts have calls to other contracts that can be changed.[1] This turns out to have significant legal consequences.
[1] https://news.bloomberglaw.com/us-law-week/smart-contracts-ru...
if outside data is needed, then it needs something called an oracle, which delivers real-world and/or even other blockchain data to it.
you can learn more about oracle here: https://chain.link/education/blockchain-oracles
So we are already successfully using blockchain for decades just not as... currency provider.
Forward secure sealing (used in logging) also have similar idea
What makes it different than database logging is that the consensus method is distributed and decentralized, and anyone can participate.
Blockchain can't handle external state.
Smart contracts abstract it a bit by having a trusted third party or an automated pricing mechanism, but both are fragile.
Normal contracts that involve money operations would have safeguards that disallow the owner to touch balance that is not theirs. But there's billion of creative attack vectors to bypass that, either by that person X, or any 3rd party
https://en.wikipedia.org/wiki/The_DAO
It's all a toy for rug pulls and speculation. "AI" attacking the blockchain is hilarious. I wish the blockchain could also attack "AI".
You are somewhat correct that contracts take external inputs in some cases, but note that this isn't a given. For example you could have a contract that has the behavior "if someone deposits X scoin at escrow address A, send them Y gcoin from escrow address Y". That someone can only deposit scoins and get gcoins in exchange. They can't just take all the escrow account balances. So there are inputs, but they are subject to some sort of validation and contract logic that limits their power. Blockchain people call this an "on-chain event".
So short answer is: no smart contracts can't be trivially manipulated by someone, including their owner. But not being able to do that depends on there not being any bugs or back doors in the contract code.
If you are asking about a contract that has some bearing on an event in meat-space, such as someone buying a house, or depositing a bar of gold in a room somewhere, then that depends on someone telling the contract it happened. Blockchain people call this an "off-chain event". This is the "oracle problem" that you'll see mentioned in other replies. Anything off-chain is generally regarded by blockchain folks as sketchy, but sometimes unavoidable. E.g. betting markets need some way to be told that the event being bet on happened or didn't happen. The blockchain has no way to know if it snowed in Central London on December 25.
They get more sophisticated e.g. automatic market makers. But same idea just swapping.
Voting is also possible e.g. release funds if there is a quorom. Who to release them to could be hard coded or part of the vote.
For external info from the real world e.g. "who got elected" you need an oracle. I.e. you trust someone not to lie and not to get hacked. You can fix the "someone" to a specific address but you still need to trust them.
except that they cost a fraction of a cent to create instead of several thousand dollars in lawyer fees for the initial revision, and can be tested in infinite scenarios for free
to your theoretical reservation, the trust similarity continues, as the constraints around the X are also codified. The person that triggers it can only send sanitized information, isn't necessarily an administrator, admins/trustees can be relinquished for it to be completely orphaned, and so on
I know how this sounds but it seems to me, at least from my own vantage point, that things are moving towards more autonomous and more useful agents.
To be honest, I am excited that we are right in the middle of all of this!
[0]: https://m.youtube.com/watch?v=rU6ukOuYLUA
[1]: https://aicyberchallenge.com/
quite a bit more advanced than contracts that do nothing on a sheet of paper, but the term is from 2012 or so when "smart" was appended to everything digital
Also, in what way should any of its contents prove linear?
> yielding a maximum of $4.6 million in simulated stolen funds
Oh, so they are pointing their bots at already known exploited contracts. I guess that's a weaker headline.
They left the booty out there, this is actually hilarious, driving a massive rush towards their models