Mythos, the new AI model from Anthropic that has sparked fear and confusion in traditional tech and finance, is also driving a massive shift in how the crypto industry thinks about security.
For years, decentralized finance has focused its defenses on smart contracts. Code is audited, vulnerabilities are cataloged, and many common exploits are well understood. But Mythos, a model designed to identify and chain together weaknesses across systems, is pushing attention beyond code and into the infrastructure that supports it.
“The bigger risks sit in infrastructure,” said Paul Vijender, head of security at Gauntlet, a risk management firm. “When I think about AI-driven threats, I’m less concerned about smart contract exploits and more focused on AI-assisted attacks against the human and infrastructure layers.”
That includes key management systems, signing services, bridges, oracle networks, and the cryptographic layers that connect them. These components are less visible than smart contracts and are often outside traditional audit scope.
In fact, this month, web infrastructure provider Vercel, which many crypto companies use, disclosed a security breach that may have exposed customer API keys, prompting crypto projects to rotate credentials and review their code. Vercel traced the intrusion to a compromised Google Workspace connection via the third-party AI tool Context.ai, which an employee used.
Mythos belongs to a new class of AI systems built to simulate adversaries. Instead of scanning for known bugs, it explores how protocols interact, testing how small weaknesses can be combined into real-world exploits. That approach has drawn attention beyond crypto. Banks like JP Morgan are increasingly treating AI-driven cyber risk as systemic and are exploring tools like Mythos for stress testing. Earlier this month, Coinbase and Binance both reportedly approached Anthropic to test Mythos.
Early findings from models like Mythos have identified weaknesses in the behind-the-scenes systems that keep crypto platforms secure, including the technology that protects keys and handles communication between systems.
“I think there are two areas where AI models are especially valuable,” Vijender said. “First, multi-step exploit chains that historically only get discovered after money is lost. Second, infrastructure-layer vulnerabilities that traditional audits never touch.”
That shift matters in a system built on composability, where DeFi protocols can connect and build on each other’s services.
DeFi protocols are designed to interconnect. They share liquidity, rely on common oracles, and interact through layers of integrations that are difficult to map in full. That interconnectedness has driven growth, but it also creates pathways for risk to spread, as seen in recent bridge exploits like the Hyperbridge attack, in which an attacker minted $1 billion worth of bridged Polkadot tokens on Ethereum by exploiting a flaw in how cross-chain messages were verified.
“Composability is what makes DeFi capital efficient and innovative,” Vijender said. “But it also means a minor vulnerability in one protocol can become a critical exploit vector with contagion potential across the ecosystem.”
Without AI, those dependencies are hard to trace. With AI, they can be mapped and exploited at scale. The result is a shift from isolated exploits to systemic failures that cascade across protocols.
Evolution of AI attacks
Still, some industry leaders see Mythos as an acceleration rather than a turning point.
At Aave Labs, founder Stani Kulechov said AI reflects the dynamics already at play in DeFi’s adversarial environment.
“Web3 is no stranger to well-funded and motivated adversaries,” he told CoinDesk. “AI models represent an evolution in the tools used to achieve exploits.”
From that perspective, DeFi is already built for machine-speed attacks. Smart contracts execute automatically, and defenses such as liquidation mechanisms and risk parameters operate without human intervention.
“DeFi operates at compute speed, so AI doesn’t introduce a new dynamic,” Kulechov said. “It intensifies an environment that has always required constant vigilance.”
Even so, Aave is seeing AI surface new categories of vulnerabilities, including issues that human auditors may have previously deprioritized.
“The Mythos paper shows that AI can uncover old bugs that were previously deprioritized,” he said.
That breadth still matters in a system where even smaller vulnerabilities can undermine trust or be combined into larger exploits.
If attackers can move faster, the question becomes whether defenses can keep pace.
For both Gauntlet and Aave, the answer lies in changing the security model itself. Audits before deployment and monitoring after were designed for human-paced threats. AI compresses that timeline.
“To defend against offensive AI, we will need to take an AI-centric approach where speed and continuous adaptation are essential,” Vijender of Gauntlet said. That includes continuous auditing, real-time simulation, and systems built with the assumption that breaches will happen.
A ‘greater way’
Aave has already integrated AI into its workflows, using it for simulations and code review alongside human auditors. “We take an AI-first approach where it adds clear value,” Kulechov of Aave Labs said. “But it complements, rather than replaces, human-led auditing.”
In that sense, AI equips both attackers and defenders.
For builders, the long-term effect may be less disruption than divergence.
“We haven’t tested Mythos yet, but we’re genuinely interested in what it and tools like it can do for protocol security,” said Hayden Adams, founder and CEO of Uniswap Labs. “AI gives builders better ways to stress test and harden systems.”
Over time, Adams expects the gap between secure and insecure protocols to widen.
“Projects that prioritize security will have greater ability to test and harden systems before launching,” he said. “Projects that don’t will be most at risk.”
That may be the real shift. Security is no longer about eliminating vulnerabilities. It is about continuously adapting to a system in which those vulnerabilities are constantly rediscovered and recombined.
Read more: Move over bitcoin and quantum risks. Anthropic’s Mythos AI could have major implications for DeFi
Source: https://www.coindesk.com/tech/2026/04/25/how-anthropic-s-mythos-model-is-forcing-the-crypto-industry-to-rethink-everything-about-security
