How Secure Is Crypto After Anthropic’s Mythos Preview?

[0:00] A recent report from Anthropic says its Mythos AI model found flaws in some of the basic security [0:05] software that helps protect digital systems. So what does that mean for cryptocurrency? [0:10] The risk is less in the blockchains themselves and more around the software stack that crypto [0:15] companies depend on to give owners access to their holdings. [0:18] So where do we see the threats from AI in the crypto space? It's really to centralize companies, [0:24] companies that run security programs to secure their customers' assets. It's not the cryptographic [0:29] keys of the Bitcoin network or the cryptographic keys of any other coin that are securing your [0:34] assets. It is actually the company itself. Anthropic's Mythos is getting attention because [0:42] it is reportedly very good at identifying vulnerabilities in software. The company [0:47] also says that Mythos is more autonomous and more capable at software engineering [0:51] and cybersecurity than prior models, which makes it better at working around restrictions. [0:56] That means it can help spot flaws in code that humans or existing security tools may have missed. [1:01] But in some cases, Mythos is capable of turning those vulnerabilities into working exploits. [1:07] Anthropic says the model found thousands of high and critical severity vulnerabilities. [1:11] Anthropic's documentation around Mythos suggests one of the key issues here may be speed. [1:16] The company says the AI can shorten the time between a bug becoming known [1:20] and attackers figuring out how to weaponize it. In other words, once a vulnerability is disclosed, [1:25] defenders may have less time to react. At this point, AI is becoming a new class of thinker. It's doing [1:32] things that humans have never done. We recently heard the release of the new Mythos algorithm from [1:36] Claude from Anthropic. And this algorithm is able to, and this model is able to find exploits and [1:42] software that humans have looked at for decades and have not found any problems in. So it is creating [1:49] a new class of attacks. At the same time, it's creating a new class of defense. So companies that are able to [1:53] adopt agentic and AI forward thinking are able to fight against those threats by internally checking [1:59] their own systems against these threats before they emerge. Protocols like Bitcoin are probably not [2:05] impacted by something like this because the code itself for Bitcoin is relatively simple. If the whole [2:10] premise of Mythos is using agents to pour over code to look for laws, something like Bitcoin that's been [2:17] around since 2009, whose code is actually very simple. And really, security lies in the decentralized [2:25] economic security of it rather than necessarily the code based security. When people talk about AI [2:30] and its effect on Bitcoin, it's important to understand that Bitcoin is fundamentally secured [2:35] by cryptography and a set of shared rules. The cryptography itself isn't affected by AI. And the shared [2:40] rules are enforced by a network of people running Bitcoin nodes all over the world. So while AI can influence [2:46] how those people think in some way, it really is very difficult to modify the rules of the network [2:51] without really full consensus for the network. That means Bitcoin itself may not be where the risk is. [2:56] Instead, retail facing platforms and apps may be more vulnerable. So in particular, if you have a [3:02] website that is tied towards the retail customers, you have to have an internet like web based browser or [3:11] like mobile apps that connect with consumers. I think that kind of platforms are kind of like maybe easier [3:19] for AI agents to attack because they have the fixed target that they can go after. And so I would [3:28] highlight some of these retail oriented platform that could be more vulnerable to this kind of attack. [3:37] Now, as blockchain has grown more over time, certainly there are a lot of applications that are [3:42] more complex now. And there are more applications that are that have some bits of the process that [3:47] are closed source or that are not fully open source. And therein lies a little bit more risk. [3:52] Anthropic reported that Mythos found ways to bypass authentication that allowed unauthorized users to [3:58] give themselves administrator privileges. It also figured out how to bypass account login features like [4:03] getting in without a password or two factor authentication code. Anthropic also suggested [4:08] that bad actors can use denial of service tax to remotely delete data or crash web based services. [4:13] That's where the risk factor really increases. It is probably going to have the companies that have [4:17] the most capital associated with them, right? These things like exchanges or or trading applications [4:24] where customers are depositing funds and have a lot of funds on those platforms, they will more likely [4:29] be the ones that are targeted. If AI gets better at finding flaws in those building blocks, that could [4:34] create new risks for the apps and services people use to store and use crypto. AI is making social [4:40] engineering attacks very, very easy and very low cost, which means that an AI can go around and call a [4:45] bunch of people, pretend to be someone they know and try to coerce them to give up their past phrases, [4:51] seed phrases and other cryptographic keys. And this is actually the biggest attack vector right now. [4:56] It has been for a long time, but AI is making that easier. Anthropic advises that the next steps to [5:01] combating the vulnerabilities would be to shorten patch cycles when software updates and security [5:05] fixes are tested, approved and deployed to systems, which would include tightening and patching [5:10] enforcement window and enabling auto update wherever possible. Because they are more vulnerable, [5:17] I would also imagine these companies will also invest more into these counterattacks, like how they [5:23] can protect against these AI agents. At the same time, if they can attack these companies, crypto [5:28] companies like Coinbase and Bolus can also leverage these AI agents to defend against these AI agents [5:35] as well. So you have to see it in both ways. The AI cat is out of the bag, it's impossible to put back. [5:41] And every day we see somebody innovate on a model. And then the very next day, the same model is [5:46] improved across somewhere across the world. So knowledge sharing is happening in real time, [5:50] we've got the internet, we cannot put this cat back in the bag. So unfortunately, we're going to have to [5:54] live with it, which means we all have to level up. And we're going to be buying those solutions from [5:59] the very companies that created the problems. But there's also lots of open source work being done [6:03] here and lots of free work by very smart people across the world. So I think this is ultimately a [6:08] net benefit for humanity. But it's going to be a period of time where we struggle to understand [6:13] what exactly to do with all of this.