Highlights

Anthropic’s latest Mythos-class model delivers much stronger reasoning and coding abilities while attempting to block dangerous uses. Security teams warn that advanced AI likely won’t invent fundamentally new cryptographic attacks but will dramatically accelerate the process of finding and chaining vulnerabilities, exploiting misconfigurations, exposed keys and social-engineering vectors. The biggest DeFi losses this year—over $840 million—stemmed mainly from operational failures and human error rather than novel smart-contract exploits, underscoring how speedier reconnaissance by AI can turn familiar weaknesses into costlier breaches.

Sentiment Analysis

• 
  The overall sentiment of this article is mixed-to-cautious. It recognizes clear technological progress—improved reasoning and coding in new AI models—while warning of heightened security risks. The tone combines cautious concern about misuse with pragmatic notes on defensive benefits. Use the progress bar below to represent a moderately negative security outlook due to elevated risk.
  
  
  

  
  65%
  

  
  
  
  

Article Text

Anthropic has introduced a new, more capable AI in its Mythos family, offering users stronger reasoning and coding abilities while implementing restrictions intended to prevent dangerous uses. The company published two distinct variants: a public-facing model with tightened controls and a less-restricted Mythos version available to vetted cybersecurity and critical-infrastructure users. Anthropic also built fallback behavior that routes high-risk requests to a weaker model to limit harmful outputs, and it reports extensive bug-bounty testing and security review of the system.

Security specialists emphasize that this step up in capability is unlikely to produce fundamentally new classes of cryptographic attacks. Instead, the key change is speed: models that can rapidly scan repositories, compare historical code, enumerate configuration errors, and draft exploit steps at machine pace give attackers a decisive advantage. As one expert observed, the problem is not that AI will invent novel hacks but that it shortens the time between discovery and exploitation, enabling adversaries to chain issues and turn small mistakes into large losses far more quickly.

Decentralized finance (DeFi) has already suffered significant losses this year, exceeding $840 million in the first months. Notably, the largest incidents were driven not by exotic smart-contract vulnerabilities but by operational weaknesses and human failures. In one case, a prolonged social-engineering campaign enabled an attacker to gain administrative control and drain hundreds of millions. In another, a single-verifier flaw allowed a massive siphoning of funds. There was also a private-key compromise in which multiple keys were exposed on an employee laptop, enabling a six-figure theft. These examples show how conventional mistakes—exposed keys, poor signing flows, and social-engineering attacks—remain the principal sources of major losses.

AI models do not need to hand over a complete exploit to shift attack economics. They can automate reconnaissance: reading public code, surfacing outdated dependencies, summarizing audits, and drafting convincing phishing or social-engineering messages. That accelerates the scouting and preparation phases, reducing the time defenders have to respond. Consequently, the final operational steps—where private keys are signed, where access is granted, and where human approval is required—become ever more critical points of defense. Experts emphasize the need for hardware-backed key storage, trusted displays that show exactly what is being signed, and more stringent operational controls to prevent a compromised workstation from enabling catastrophic transfers.

At the same time, the same AI techniques that empower attackers can assist defenders. Several DeFi teams have already used advanced models to map codebases, run stress tests on contracts, and detect potential issues earlier in development. AI can help find edge cases and speed audits, allowing teams to patch vulnerabilities before they are exploited. Smart contracts, being comparatively small and limited in entry points, remain auditable by skilled reviewers; the real weak points are the surrounding operational systems that manage keys, deploy contracts, and approve transactions.

The net effect is a double-edged sword: AI amplifies both offense and defense. For attackers, it reduces the time and labor needed to find and combine flaws; for defenders, it can improve code hygiene and accelerate vulnerability discovery. Because the most damaging incidents to date have relied on social engineering and human error rather than novel contract-level exploits, the pressing defensive priority is operational hardening. That includes securing signing flows, ensuring private keys cannot be accessed from compromised endpoints, and adopting hardware roots of trust with clear, verifiable signing UIs.

In conclusion, more powerful AI models will likely change the tempo, not the taxonomy, of crypto attacks. Familiar weaknesses—misconfigurations, exposed secrets and flawed human processes—remain the attackers’ favored vectors. What changes is that reconnaissance and exploit construction can now occur at machine speed, making it more important than ever for projects to assume attackers will rapidly find and combine weaknesses. The most effective mitigations will be operational: robust key management, trusted signing interfaces, rigorous dependency tracking and continuous use of defensive AI tools to keep pace with rapidly accelerating reconnaissance.

Key Insights Table