An AI model developed by Anthropic has demonstrated the ability to autonomously discover zero-day software vulnerabilities, surpassing both decades of human security expertise and all automated tools currently available. This development poses potential threats to decentralized finance (DeFi) infrastructure.
The AI model, Claude Mythos Preview, is adept at identifying bugs that have long evaded human detection. It uncovered a 27-year-old vulnerability in OpenBSD for under $50 in computational resources. Additionally, it revealed a 16-year-old flaw in FFmpeg, despite the software being scanned five million times by automated tools.
Mythos even devised a browser exploit chaining four vulnerabilities to bypass two security layers and transformed a publicly known Linux vulnerability into a full-fledged attack for under $2,000—a task typically requiring weeks of human effort.
These capabilities have triggered concerns in the tech sector. Unlike theoretical quantum computing threats to Bitcoin, Mythos is operational and uncovering previously undetected vulnerabilities safeguarding user funds. Anthropic’s technical blog highlights Mythos’ discovery of security flaws within popular cryptography libraries such as TLS, AES-GCM, and SSH—essential for internet security and DeFi operations.
DeFi protocols, built on open-source software publicly accessible to entities like Mythos, face heightened risks. While the approximately $200 billion in smart contracts across platforms like Ethereum and Solana have undergone human and automated audits, Anthropic asserts that Mythos operates beyond these checks.
The company has pointed out that security measures relying primarily on friction rather than robust barriers could become less effective against model-assisted adversaries. Measures such as multisig governance, timelocks, and audit reports offer friction-based defenses, delaying but not blocking attacks at the code level.
Despite these developments, market valuations remain unaffected. The CoinDesk DeFi Select Index has risen 7% in a day, outperforming bitcoin and ether due to improved risk sentiment from geopolitical factors. However, traders might consider monitoring Mythos’ progress given its potential impact on software and blockchain security.
For now, the Mythos model is not public but shared with select entities like Google, Apple, and Microsoft under ‘Project Glasswing.’