Mythos, the new AI model from Anthropic that has sparked fear and confusion in traditional tech and finance, is also driving a massive shift in how the crypto industry thinks about security.
For years, decentralized finance has focused its defense on smart contracts. The code is audited, vulnerabilities are cataloged, and many common exploits are well understood. But Mythos, a model designed to identify and link vulnerabilities across systems, pushes attention beyond code and into the infrastructure that supports it.
“The bigger risks are in the infrastructure,” said Paul Vijender, chief security officer at Gauntlet, a risk management firm. “When I think about AI-driven threats, I’m less concerned about smart contract exploitation and more focused on AI-assisted attack against human and infrastructure layers.”
It includes key management systems, signing services, bridges, oracle networks, and the cryptographic layers that connect them. These components are less visible than smart contracts and are often outside the scope of traditional auditing.
In fact, this month the web infrastructure provider Vercel, which many crypto companies use, disclosed a security breach that may have exposed customer API keys, prompting crypto projects to rotate credentials and review their code. Vercel traced the intrusion to a compromised Google Workspace connection via the third-party AI tool Context.ai that an employee was using.
Mythos belongs to a new class of AI systems built to simulate opponents. Instead of scanning for known bugs, it examines how protocols interact and tests how small weaknesses can be combined into real-world exploits. That approach has drawn attention beyond crypto. Banks such as JP Morgan are increasingly treating AI-driven cyber risk as systemic and are exploring tools such as Mythos for stress testing. Earlier this month, Coinbase and Binance both approached Anthropic to test Mythos.
Early results from models like Mythos have identified weaknesses in the behind-the-scenes systems that keep crypto platforms secure, including the technology that protects keys and handles communication between systems.
“I think there are two areas where AI models are particularly valuable,” Vijender said. “First, multi-step exploit chains, which historically are only discovered after money is lost. Second, vulnerabilities at the infrastructure layer that traditional audits never touch.”
That shift matters in a system built on composability, where DeFi protocols can connect and build on each other’s services.
DeFi protocols are designed to connect. They share liquidity, rely on common oracles, and interact through layers of integrations that are difficult to fully map. This interconnectedness has driven growth, but it also creates avenues for risk diffusion, as seen in recent bridge exploits such as the Hyperbridge attack, where an attacker minted $1 billion of bridged Polkadot tokens on Ethereum by exploiting a flaw in how cross-chain messages were verified.
“Composability is what makes DeFi capital efficient and innovative,” Vijender said. “But it also means that a minor vulnerability in one protocol can become a critical exploitation vector with contagion potential across the ecosystem.”
Without AI, these dependencies are hard to track. With AI, they can be mapped and exploited on a large scale. The result is a shift from isolated exploits to systemic bugs that cut across protocols.
Development of AI attacks
Still, some industry leaders see Mythos as an acceleration rather than a tipping point.
At Aave Labs, founder Stani Kulechov said AI reflects the dynamics already at play in DeFi’s adversarial environment.
“Web3 is no stranger to well-funded and motivated opponents,” he told CoinDesk. “AI models represent an evolution in the tools used to achieve exploits.”
From that perspective, DeFi is already built for machine speed attacks. Smart contracts are executed automatically, and defenses such as liquidation mechanisms and risk parameters work without human intervention.
“DeFi works at computational speed, so AI doesn’t introduce a new dynamic,” Kulechov said. “It intensifies an environment that has always required constant vigilance.”
Still, Aave sees AI emerging as new categories of vulnerabilities, including problems that human auditors may have previously downplayed.
“The Mythos paper shows that artificial intelligence can uncover old bugs that were previously downplayed,” he said.
That breadth still matters in a system where even minor vulnerabilities can undermine trust or be combined into larger exploits.
If forwards can move faster, the question becomes whether defenses can keep up.
For both Gauntlet and Aave, the answer lies in changing the security model itself. Audits before deployment and monitoring after were designed for human-paced threats. AI compresses that timeline.
“To defend against offensive AI, we will need to take an AI-centric approach where speed and continuous adaptation are essential,” said Gauntlet’s Vijender. It includes continuous auditing, real-time simulation, and systems built with the assumption that breaches will happen.
A ‘bigger way’
Aave has already integrated AI into its workflows, using it for simulations and code review alongside human auditors. “We’re taking an AI-first approach where it adds clear value,” said Aave Labs’ Kulechov. “But it complements, rather than replaces, human-led auditing.”
In that sense, AI equips both attackers and defenders.
For builders, the long-term effect may be less disruption than divergence.
“We haven’t tested Mythos yet, but we’re genuinely interested in what it and tools like it can do for protocol security,” said Hayden Adams, founder and CEO of Uniswap Labs. “AI gives builders better ways to stress test and harden systems.”
Over time, Adams expects the gap between secure and insecure protocols to widen.
“Projects that prioritize security will have greater ability to test and harden systems before launch,” he said. “Projects that don’t do that will be most at risk.”
It could be the real shift. Security is no longer about eliminating vulnerabilities. It is about continuously adapting to a system where these vulnerabilities are constantly rediscovered and recombined.
Read more: Go over bitcoin and quantum risks. Anthropic’s Mythos AI could have big implications for DeFi
