AI is making crypto security cheaper, faster and harder to ignore
"AI-powered security tools are transforming the crypto industry, but at what cost? Experts weigh in on the implications."
Mythos, an AI system, was briefly released to autonomously discover vulnerabilities in code, sparking a potential revolution in crypto security. Developed to help blockchain developers find bugs, Mythos may reshape what the industry considers reasonable due diligence before deploying code.
The release of Mythos has significant implications for the crypto industry, particularly in the area of smart contract security. For years, comprehensive audits have been costly, making it difficult for smaller projects to afford professional reviews. However, with the emergence of AI-powered security tools like Mythos, the price of a basic audit could be dramatically reduced, potentially toward zero. According to Alexander Urbelis, chief information security officer at ENS Labs, this could allow projects that previously could not afford professional reviews to obtain fast security assessments.
The use of AI in crypto security is not new, but the approach taken by systems like Mythos is different from traditional methods. For years, researchers have relied on automated tools known as fuzzers to hunt for software bugs by bombarding programs with inputs and observing what breaks. AI systems, on the other hand, take a more sophisticated approach, inferring what code was intended to do and comparing that against what it actually does. This capability could significantly expand the industry's ability to identify vulnerabilities before launch.
David Schwed, COO of blockchain security firm SVRN and founder of the cybersecurity master's program at Yeshiva University, described the shift as even more significant. "These models now operate the way a human attacker does," Schwed said. "They iterate, they take the next step based on what they're seeing in real time. The older tooling was just complicated deterministic flows." The emergence of AI-powered security tools could lead to continuous security monitoring, allowing for real-time identification of vulnerabilities and suggested remediations at a fraction of the cost.
The implications of this shift are far-reaching. If security reviews become inexpensive and continuous, the industry's expectations could change alongside them. Urbelis believes that AI could eventually reshape the standard of care around smart contract development. Historically, teams could point to the cost and complexity of audits as a reason certain reviews were not performed. However, with sophisticated security analysis available on demand, that argument becomes more difficult to make. "A clean AI report will be seen as no defense," he said. "A plaintiff may well argue it the other way: the tool existed, it was cheap, and you should have caught it."
The prospect raises broader questions for the industry: if AI-powered security reviews become ubiquitous, will investors expect them before funding projects, and could failing to run AI-assisted audits eventually be viewed as negligence? Despite the technology's promise, neither researcher believes that AI is poised to replace human auditors. While machines excel at identifying coding flaws, Urbelis said they remain weaker at spotting the economic and incentive-based vulnerabilities that have contributed to some of crypto's largest losses.
Schwed offered a similar warning. "'Claude, audit my smart contract, make no mistakes' is not a security program," he said. "If the person running the tool can't evaluate what comes back, you haven't bought security, you've bought a false sense of it." The use of AI in crypto security is not a replacement for human expertise, but rather a tool to augment it. As the industry continues to evolve, it is likely that we will see a combination of human and machine-based approaches to security.
In the short term, the emergence of AI-powered security tools like Mythos is likely to have a significant impact on the crypto industry. The ability to identify vulnerabilities quickly and cheaply could lead to a reduction in the number of security breaches and a increase in investor confidence. However, as the technology continues to evolve, it is likely that we will see new challenges emerge. The use of AI in crypto security is a double-edged sword, offering both significant benefits and potential risks.
As the industry moves forward, it is essential to consider the implications of AI-powered security tools. The use of these tools could lead to a shift in the standard of care around smart contract development, with investors and regulators expecting a higher level of security. However, it is also important to recognize the limitations of these tools and the need for human expertise in evaluating their output. Ultimately, the key to successful security in the crypto industry will be a combination of human and machine-based approaches, with a deep understanding of the potential benefits and risks of each.
