The emergence of artificial intelligence-powered security systems is fundamentally changing what the crypto industry considers reasonable due diligence before deploying code. As these tools become cheaper, faster and more widely available, researchers say they could alter expectations for developers and institutions across the blockchain space.
The release of Mythos, an AI system designed to autonomously discover vulnerabilities in smart contract code, exemplifies this shift. The tool was briefly released earlier this month before being removed from the American market, but its arrival signals a broader transformation in how the industry approaches security.
For years, smart contract security has been constrained by cost. Comprehensive audits often require significant budgets and weeks of work from specialized firms. AI systems like Mythos promise to dramatically reduce both the time and expense involved. “It pushes the price of a basic audit toward zero,” said Alexander Urbelis, chief information security officer at ENS Labs. Work that once required weeks and substantial investment could eventually be completed in minutes, potentially allowing projects that previously could not afford professional reviews to obtain fast security assessments.
The technological shift represents more than just incremental improvement. Traditional security tools known as fuzzers have long hunted for software bugs by bombarding programs with various inputs and observing what breaks. AI systems take a fundamentally different approach. “It’s a change in degree that could likely cause a change in kind,” Urbelis explained. “Machines have hunted bugs for years. But now we’re talking about a fuzzer that has the capacity to reason.”
Rather than simply identifying technical bugs, systems like Mythos can infer what code was intended to do and compare that against what it actually does. In crypto, where smart contract code is public and bug bounties can have substantial budgets, this capability could significantly expand the industry’s ability to identify vulnerabilities before launch.
See also: Crypto Jobs: Cyber Security Engineer
David Schwed, COO of blockchain security firm SVRN and founder of the cybersecurity master’s program at Yeshiva University, believes the shift extends beyond vulnerability discovery itself. “These models now operate the way a human attacker does,” Schwed said. “They iterate, they take the next step based on what they’re seeing in real time. The older tooling was just complicated deterministic flows.”
The bigger change may be the emergence of continuous security monitoring. “The real shift is continuous auditing with suggested remediations at a fraction of the cost, instead of a point-in-time review you can only afford once,” Schwed noted. If security reviews become inexpensive and continuous, the industry’s expectations could change alongside them.
This shift raises important questions about liability and standards of care. Urbelis believes AI could eventually reshape what constitutes reasonable due diligence around smart contract development. Historically, teams could point to the cost and complexity of audits as justification for skipping certain reviews. That argument becomes harder to make when sophisticated security analysis is available on demand. “A clean AI report will be seen as no defense,” he said. “A plaintiff may well argue it the other way: the tool existed, it was cheap, and you should have caught it.”
The prospect raises broader industry questions: if AI-powered security reviews become ubiquitous, will investors expect them before funding projects? Could failing to run AI-assisted audits eventually be viewed as negligence? These questions mirror concerns seen in growing demand for crypto security expertise across the industry.
Despite the technology’s promise, neither researcher believes AI is poised to replace human auditors entirely. While machines excel at identifying coding flaws, they remain weaker at spotting economic and incentive-based vulnerabilities that have contributed to some of crypto’s largest losses. “The bugs that drain treasuries often turn on intent and adversarial incentives,” Urbelis said. “Those still need an experienced human in the room.”
See also: Texas Brothers Plead Guilty to $8M Armed Crypto Kidnapping
Schwed offered a similar warning about over-reliance on automated tools. “Claude, audit my smart contract, make no mistakes is not a security program,” he said. “If the person running the tool can’t evaluate what comes back, you haven’t bought security, you’ve bought a false sense of it.”
Many of crypto’s most costly incidents did not originate from smart contract vulnerabilities at all. Urbelis pointed to the recent compromise of Drift, which he described as the culmination of a months-long social engineering campaign targeting trusted contributors rather than the protocol’s code. “The smart contract did exactly what it was told,” he explained. “The authority behind the instruction was what was compromised and abused.”
Similarly, major incidents like Ronin and Bybit involved compromised keys and manipulated signing processes rather than software vulnerabilities. “No code scanner stops an authorized signer from approving a transaction they can’t verify,” Schwed noted.
While AI will not eliminate crypto’s security challenges, researchers argue it could fundamentally alter one critical part of the equation: the cost of finding bugs and the expectations surrounding their discovery. As these tools become more prevalent, the industry may need to recalibrate what constitutes adequate security practices.
More Reads:
Philippine SEC Signals Full Readiness for Real-World Asset Tokenization
The Complete MACD Indicator Trading Guide: From Beginner to Pro
If you’re reading this, you’re already ahead. Stay there, by joining the…
Dipprofit’s private Telegram community
Discover more from Dipprofit
Subscribe to get the latest posts sent to your email.
