Defenders must patch every vulnerability, while attackers need only succeed once. AI is granting attackers superhuman capabilities to discover vulnerabilities. If a DeFi security professional suddenly began advising friends and family to withdraw all their funds from DeFi protocols like Aave and Compound—how would you interpret that? This isn’t panic-mongering. Manuel Aráoz, co-founder of OpenZeppelin, recently voiced this stance publicly. His rationale fits in one sentence: “The asymmetry between offense and defense is intensifying at an unprecedented pace.”
Data corroborates this intuition. In April 2025, $630 million was stolen from DeFi protocols in a single month. Since mid-April, total value locked (TVL) across DeFi plummeted by 14%, falling from $172 billion to $148 billion. The $630 million stolen in one month marks the worst month since Bybit’s $1.5 billion breach in February 2025. Drift and Kelp DAO lost $285 million and $293 million respectively—both attacks traced back to North Korean hackers. Yet what Aráoz truly wants to emphasize isn’t “another hack.” He’s highlighting a foundational structural problem: “Defenders must fix every vulnerability, while attackers need only succeed once. AI is endowing attackers with superhuman vulnerability-discovery capabilities.”
An asymmetric war has already begun—and this statement deserves slow, deliberate reflection. Traditional software security has long been an asymmetric war: defenders must seal all vulnerabilities, while attackers need only find one opening. In DeFi, however, this asymmetry is magnified tenfold—once deployed, smart contracts are nearly immutable; funds sit directly exposed to on-chain logic flaws; anyone globally can launch an attack at any time; and stolen assets are extremely difficult to recover. AI’s entry into this arena has handed attackers an unprecedented weapon. By late 2025, research confirmed that a compromised AI coding agent autonomously executed 80–90% of network penetration tests against approximately 30 global institutions—requiring minimal human intervention. The era of AI-powered offense isn’t “coming soon”—it has already arrived.
Against this backdrop, in April 2026, Anthropic trained a new model: Claude Mythos. Independent testing by the UK’s AI Safety Institute (AISI) yielded numbers that stunned the industry: in expert-level Capture-The-Flag (CTF) cybersecurity challenges, Mythos Preview achieved a 73% success rate. Prior to April 2025, no AI model had ever completed such tasks.
Claude Mythos capability snapshot:
– Vulnerability discovery: In one test, it generated 181 usable vulnerabilities spanning all major operating systems and browsers—including multi-step browser sandbox escape chains.
– Attack simulation: It became the first AI model capable of executing an end-to-end simulated “32-step enterprise network intrusion” attack chain.
– Zero-day discovery: It autonomously identified previously unknown software vulnerabilities—including latent flaws buried in systems for 30 years.
– Capability threshold: Two years ago, the best AI models barely handled beginner-level cybersecurity tasks; Mythos operates at the level of elite human experts. As Turing Award winner and world-leading AI scientist Yoshua Bengio put it: “This is the first time in human history that AI has discovered zero-day vulnerabilities at scale”—vulnerabilities exploitable against banking systems, government networks, healthcare infrastructure—and DeFi protocols.
But there’s another side to this story—and it’s equally critical. Alongside launching Mythos, Anthropic initiated Project Glasswing: using Mythos proactively to scan mainstream software for security vulnerabilities before attackers exploit them—and then patching them. Within one month, Anthropic and its 50 restricted partners identified over 10,000 high-risk vulnerabilities across mainstream software systems, covering more than 1,000 open-source projects. Mozilla patched 271 vulnerabilities discovered by Mythos in a single Firefox update; Cloudflare uncovered 2,000 vulnerabilities in its own critical infrastructure; and a participating bank intercepted a $1.5 million fraudulent wire transfer using Mythos.
A particularly noteworthy detail: CVE-2026-5194—a critical flaw discovered by Mythos—resided in WolfSSL, an open-source cryptographic library widely renowned for its security. With a CVSS score of 9.1, it enables attackers to forge TLS certificates—potentially impacting billions of IoT devices. In other words, Mythos isn’t merely an offensive weapon; it’s currently the most powerful defensive scanning tool available—the only question is: who deploys it first?
This same logic applies to DeFi. Historically, security audits relied on a “human + tool” hybrid approach—auditing a complex protocol took weeks and still left blind spots. AI-powered audits can scan vastly larger codebases in far less time, uncovering subtle logical flaws easily missed by humans. If defenders build this capability first—and proactively hunt their own vulnerabilities—the dynamic shifts from passive defense to active resilience. This is an arms race—but it’s not unidirectional.
Potential AI-driven defensive value for DeFi includes:
– Continuous auditing layer: AI scans protocol code 24/7, compressing the security response window from “weekly” to “hourly”;
– On-chain anomaly monitoring: Like intercepting fraudulent wire transfers, AI identifies anomalous transaction patterns before an attack fully unfolds—and triggers circuit-breaker mechanisms;
– White-hat capability democratization: When AI tools are opened to community security researchers, vulnerability-finding ceases to be the exclusive domain of nation-state hackers.
AI-powered on-chain security infrastructure itself is the next compelling Web3 narrative—whoever first integrates Mythos-class capabilities into DeFi defense will define the next generation of security standards.
Aráoz’s concern is real—but it describes a collapsing old paradigm, not DeFi’s final state. The old paradigm rested on the “code is law” security assumption; the new paradigm is prototyped by Project Glasswing: security is not a one-time event, but a continuously operating capability. Defenders don’t need “better manual audits”—they need “defensive AI capable of matching offensive AI, head-to-head.” Intriguingly, Anthropic itself acknowledges: fewer than 1% of the vulnerabilities uncovered by Glasswing have been patched so far. This underscores the immense remaining challenge—and precisely why the market opportunity for such security infrastructure is enormous.
Every technological leap disrupts the existing offense-defense balance. Early internet skeptics claimed “the internet will never be secure”—yet security systems ultimately caught up, driven by sufficiently strong defensive incentives. DeFi secures hundreds of billions of dollars in assets; those incentives are stronger still. DeFi’s security challenge isn’t an “unsolvable technical dead end”—it’s that legacy defensive tools simply can’t keep pace with novel offensive tools. Claude Mythos proves AI has already surpassed humans in vulnerability discovery. The pivotal question is singular: who will place this weapon first in the hands of defenders? Glasswing answers that—for traditional internet infrastructure. DeFi’s version remains pending.
[Conflux]
* `
* `
**The End of “Code is Law”: Why AI-Driven Security is the Only Viable DeFi Narrative**
The April 2025 DeFi bloodbath—culminating in $630 million in stolen assets and a 14% TVL collapse from $172 billion to $148 billion—is not merely a cyclical downtrend. It is the stress fracture of an obsolete security paradigm. When Manuel Aráoz, co-founder of OpenZeppelin, publicly advises withdrawing funds from blue-chip protocols like Aave and Compound, experienced investors should listen. We are witnessing the rapid weaponization of AI in blockchain exploitation, fundamentally repricing the risk of on-chain capital.
**The Threat Asymmetry and Market Repricing**
Historically, DeFi valuations and TVLs rested on the assumption that “code is law” and that a one-time, multi-week human audit was sufficient to secure billions. That assumption is now dead. The hacks on Drift ($285M) and Kelp DAO ($293M), attributed to North Korean state actors, represent the beta testing of AI-assisted exploitation.
With Anthropic’s Claude Mythos demonstrating a 73% success rate in expert-level Capture-The-Flag challenges and autonomously generating complex, multi-step zero-day exploits, the asymmetry between offense and defense has reached a breaking point. For legacy DeFi tokens, this introduces a massive, unquantifiable risk premium. Protocols with massive TVLs that rely on static, pre-deployment audits are effectively functioning as honeypots. In the short to medium term, we expect a continued capital flight from complex, cross-collateralized lending protocols and LRT platforms toward simpler, isolated, or heavily over-collateralized yield venues. AAVE and COMP will likely face downward price pressure not from tokenomics, but from the existential threat of un-patchable zero-day logic flaws.
**The Defensive Revolution: Project Glasswing and the New Alpha**
However, declaring the “death of DeFi” is a novice take. As demonstrated by Anthropic’s Project Glasswing, AI is a dual-use asset. By deploying Mythos proactively, Anthropic and its partners uncovered over 10,000 high-risk vulnerabilities across more than 1,000 open-source projects before malicious actors could exploit them.
The narrative has instantly shifted from a defensive apocalypse to a defensive arms race. The market opportunity here is staggering. The transition from “periodic human audits” to “continuous AI auditing layers” is not just an upgrade; it is a complete restructuring of Web3 security architecture.
**Risks and Opportunities for the Astute Investor**
1. **Opportunity: AI-Powered Web3 Security Infrastructure**
The most undervalued sector in crypto right now is decentralized, AI-driven security infrastructure. Projects that offer 24/7 on-chain anomaly monitoring, automated circuit-breakers, and AI-powered code scanning will command massive premiums. Whoever successfully integrates Mythos-class AI models into a decentralized threat-detection network will capture the next wave of protocol security budgets. Investors should aggressively rotate capital into tokens powering decentralized security networks, threat intelligence marketplaces, and AI-driven smart contract scanners.
2. **Opportunity: DeFi Insurance and Smart Contract Coverage**
With fewer than 1% of Glasswing-discovered vulnerabilities patched, we are in a highly vulnerable transition window. As protocol exploits surge, the demand for smart contract insurance will explode. DeFi insurance protocols are currently deeply undervalued relative to the sheer volume of TVL they are poised to underwrite. Expect exponential growth in premium yields for liquidity providers in decentralized insurance pools.
3. **Risk: The Complacency Trap**
The primary risk to the market is complacency. Protocols that fail to transition to continuous, AI-driven defense will be ruthlessly liquidated. Investors holding governance tokens of protocols that do not explicitly announce AI-integrated security upgrades (or partnerships with AI security firms) are holding ticking time bombs.
**The Bottom Line**
The old DeFi paradigm relied on human perfection; the new paradigm relies on AI resilience. While attackers only need to succeed once, AI now allows defenders to proactively hunt vulnerabilities at machine speed. For investors, the mandate is clear: divest from legacy, statically-audited DeFi monoliths, and back the infrastructure that is building the AI shields for Web3. The next generation of blue-chip crypto assets won’t be lending protocols or DEXs—they will be the AI security engines that keep them alive.