The release of an AI-powered security model called Mythos has sparked a fundamental shift in how the cryptocurrency and decentralized finance (DeFi) sectors approach protection. Until now, DeFi projects mainly concentrated on strengthening smart contracts, conducting code audits, and identifying known vulnerabilities to manage risks. However, Mythos goes beyond code, spotlighting infrastructure-level weaknesses and igniting a significant debate across the industry.
AI reshapes threat landscape as infrastructure risks rise
For years, defense strategies in DeFi focused almost exclusively on detecting and patching smart contract flaws. Yet, Paul Vijender, head of security at Gauntlet, emphasizes that the real danger with AI-driven attacks emerges at the infrastructure level. Critical back-end elements such as key management systems, signing services, cross-chain bridges, and oracle networks are now exposed as major sources of overlooked risk.
Recently, a security breach in the widely used Vercel infrastructure threatened the API keys of numerous crypto firms. Investigations found the incident resulted from a vulnerability introduced by a third-party AI tool called Context.ai. This example demonstrates, just as Mythos aims to highlight, that threats often extend beyond code flaws to include the broader technological stack.
The greatest risks reside in the infrastructure. Beyond code, AI-driven threats now target human and infrastructure layers, industry observers have noted.
Interconnected protocols increase cascading risks in DeFi
Unlike traditional security tools that scan for known bugs, Mythos simulates complex attack scenarios by analyzing interactions between systems, revealing how minor flaws can result in major damage. This holistic approach has not only captured the attention of crypto firms but also traditional financial giants. Major banks such as JP Morgan are beginning to view AI-generated cyber risks as a unified threat and are stress-testing their systems using models like Mythos. Coinbase and Binance have reportedly entered talks with Anthropic to pilot Mythos in their own security frameworks.
By design, DeFi protocols operate in a tightly integrated manner. While sharing liquidity, importing data via oracles, and stacking protocol layers help boost ecosystem flexibility, they also set the stage for small vulnerabilities to cascade into widespread losses. In a recent Hyperbridge attack, an exploit involving message verification allowed unauthorized minting of 1 billion dollars’ worth of Polkadot tokens on Ethereum.
Composability is key to DeFi’s innovation, but even a minor flaw can escalate into a major risk for the entire ecosystem, experts warn.
AI arms both attackers and defenders in new security era
Autonomous DeFi systems have built-in defensive mechanisms that work without human input, but the rise of AI is rapidly evolving the threat landscape. Stani Kulechov, founder of Aave Labs, notes that although Web3 has long dealt with cyberattacks, AI drastically speeds up existing threats and introduces new dynamics.
Aave has begun incorporating AI tools into its code review and audit processes. Kulechov points out that AI can even detect lingering issues dismissed as irrelevant by human auditors. Historically, defense consisted of pre-launch code checks followed by human monitoring. Today, adaptive and always-on AI-powered defensive solutions are now essential.
Hayden Adams, founder of Uniswap Labs, says that AI-based security offers significant opportunities, further dividing secure and insecure protocols. Moving forward, projects placing security at the forefront are expected to thrive while others face more substantial risks.
With attackers able to move faster, defense must evolve just as quickly. Security has now become a process of constant adaptation, industry voices stress.
