For years, smart contract security has been constrained by budgets. Comprehensive audits from leading firms like Trail of Bits, OpenZeppelin, or ConsenSys Diligence cost between $50,000 and $500,000 depending on complexity. The expense meant most crypto projects couldn’t afford the rigorous reviews that institutional standards require. Smaller protocols deployed code with minimal external review. Larger projects audited primary contracts but couldn’t justify continuous security analysis across their entire codebase.
That economic constraint is breaking. AI tools including Anthropic’s Mythos and Claude Fable 5 are pushing the cost of basic security audits toward zero. Work that previously required weeks of senior engineering time can now be completed in minutes by AI systems. The technology is changing what crypto projects can afford to do for security, what users can reasonably expect, and what counts as standard due diligence before deploying code.
Alexander Urbelis, Chief Information Security Officer at ENS Labs, told CoinDesk this week that the shift represents “a change in degree that could likely cause a change in kind.” The phrase captures something important about what’s happening. The price compression isn’t just making existing security practices cheaper. It’s enabling entirely new approaches to crypto security that weren’t economically possible before.
For users evaluating which protocols to trust with their capital, the implications are substantial. For developers shipping smart contracts, the expectations are changing rapidly. For attackers who previously exploited the gap between protocol security budgets and code complexity, the playing field is shifting.
What the Numbers Actually Show
The cost reduction isn’t theoretical. Concrete examples from early deployments demonstrate the magnitude of change.
In Project Glasswing, Anthropic’s restricted cybersecurity program with partners including AWS, Microsoft, Apple, and CrowdStrike, the Mythos-class AI helped surface more than 10,000 vulnerabilities across various codebases. The volume represents work that would have required hundreds of senior security engineers operating full-time for months to replicate manually.
Stripe used Claude Fable 5 to complete a codebase-wide migration across a 50-million-line repository in a single day. The same migration through traditional methods would have required weeks of engineering work and significant risk of human error during the transition.
Pendle, a DeFi yield protocol, has used Anthropic’s models defensively since the first version of Claude Opus. The team uses AI to map its codebase, stress-test its contracts, and identify potential vulnerabilities before deployment. Pendle’s developers report that the tools catch bugs early and help write cleaner code.
The cost compression is dramatic. Urbelis stated the technology “pushes the price of a basic audit toward zero.” Projects that previously couldn’t afford professional reviews can now obtain fast security assessments. Continuous code review that was economically impossible becomes viable. The expectation of what constitutes reasonable due diligence shifts as the underlying cost economics change.
For the Bitcoin and Ethereum protocols specifically, the implications are different from emerging projects. These networks have extensive history of audits from leading firms, formal verification efforts, and battle-testing through years of operation. AI-assisted security represents incremental improvement rather than transformational change. For newer Layer 1 networks, Layer 2 solutions, and DeFi protocols, the impact is much larger.
The Limitation That Matters
Despite the technological advances, security researchers consistently emphasise what AI cannot replace.
Jonathan Schwed, a security researcher at Halborn, warned against treating AI tools as security solutions in themselves. “‘Claude, audit my smart contract, make no mistakes’ is not a security program,” he said. “If the person running the tool can’t evaluate what comes back, you haven’t bought security, you’ve bought a false sense of it.”
The argument captures a fundamental constraint. AI tools generate output that requires interpretation. Whether the AI correctly identified all relevant vulnerabilities, whether it understood the protocol’s specific economic model, whether it caught the edge cases that matter most: all of these require human judgment to evaluate. The AI accelerates the process but doesn’t eliminate the need for skilled security professionals to interpret results and make final decisions.
Urbelis added a deeper concern. The vulnerabilities that drain protocol treasuries often turn on intent and adversarial incentives rather than simple coding flaws. “Those still need an experienced human in the room,” he said. AI systems excel at identifying syntactic and obvious semantic bugs. They struggle with economic vulnerabilities that emerge from how smart contracts interact with each other and with adversarial actors.
The clearest illustration of AI’s limits comes from the actual incidents that have damaged crypto most. Most major 2026 DeFi incidents didn’t originate from smart contract bugs. The Drift Protocol exploit, which resulted in approximately $285 million in losses, came from a months-long social engineering campaign targeting trusted contributors rather than the protocol’s code. “The smart contract did exactly what it was told,” Urbelis explained. “The authority behind the instruction was what was compromised and abused.”
Similarly, major incidents like the Ronin Bridge ($625 million) and Bybit ($1.46 billion in February 2025, the largest crypto heist in history) involved compromised keys and manipulated signing processes rather than software vulnerabilities. AI auditing the smart contracts wouldn’t have prevented these losses because the smart contracts weren’t where the vulnerabilities existed.
The Recursive Security Era
What’s emerging from the AI integration is what some researchers are calling “recursive security.” The concept describes a fundamental shift in how blockchain security operates.
Traditional crypto security has relied on periodic audits. Projects deploy code, hire firms to review it, address findings, then operate the deployed code until major upgrades trigger another audit cycle. The model works because audit costs were high enough to justify only periodic reviews, and major code changes were infrequent enough to make periodic audits adequate.
Recursive security operates continuously. AI systems analyze code as it’s written, identify potential vulnerabilities before deployment, monitor deployed contracts for behavioural anomalies that might indicate emerging exploits, and continuously update threat models as the broader landscape evolves. The model treats security as an ongoing process rather than a discrete event.
For protocols that adopt recursive security approaches, the structural improvements are significant. Vulnerabilities get caught before they reach production. The window between bug introduction and discovery shrinks from months to minutes. Continuous monitoring detects exploitation attempts faster, potentially preventing successful attacks even when vulnerabilities exist.
For protocols that don’t adopt these approaches, the competitive disadvantage grows. As recursive security becomes feasible and increasingly standard, projects operating under traditional periodic audit models face elevated relative risk. Institutional capital evaluating which protocols to allocate to will increasingly consider not just whether code has been audited, but whether security operates continuously.
The shift parallels what happened in traditional software development with continuous integration and continuous deployment (CI/CD). Tools that automated previously manual processes didn’t eliminate the need for engineering judgment but did transform what was operationally feasible. The same dynamic is playing out in crypto security.
What Users Should Actually Do
For individual crypto users navigating this environment, several practical considerations matter.
The fundamental security advice doesn’t change. Hardware wallets remain the appropriate solution for significant holdings. Token approvals should be revoked regularly through tools like Revoke.cash. Suspicious links and communications should be treated with rigorous skepticism. Operational security practices need to be maintained on the systems that hold crypto assets.
What AI changes is the protocol selection question. As AI-assisted security becomes more prevalent, users can reasonably expect protocols they trust with significant capital to deploy continuous security monitoring. Projects that maintain old-style periodic audit cycles or that don’t disclose their security practices warrant additional scrutiny. The bar for what counts as “secure protocol” is shifting upward.
The exploit acceleration warning matters too. Anthropic’s own Frontier Red Team research showed that advanced AI can dramatically compress the timeline between vulnerability disclosure and exploitation. What used to be “N-days” (attackers waiting days or weeks after disclosure to develop exploits) is becoming “N-hours” (working exploits emerging within hours of disclosure). For users with funds in protocols that face emergency patches, the time between learning about a vulnerability and getting funds to safety is much shorter than it used to be.
The competitive dynamic between attackers and defenders is shifting in ways that matter for everyone. AI accelerates both sides simultaneously. Defenders gain machine-speed monitoring and continuous auditing. Attackers gain faster vulnerability research, exploit development, and scaled social engineering. Whether the net effect favours defenders or attackers depends on adoption patterns across the industry.
For projects that deploy AI-assisted security aggressively, the advantage is meaningful. For projects that don’t, the disadvantage compounds. The next major crypto hack will probably not look fundamentally new. It will look like the same poisoned package, fooled developer, or bad signing flow that DeFi already knows. But it will arrive faster and at greater scale because AI accelerates the scouting phase that attackers use to find vulnerable targets.
The Bottom Line
AI is making crypto security cheaper, faster, and harder to ignore. The cost of basic audits is approaching zero. The pace of vulnerability discovery has accelerated dramatically. The expectation of what counts as reasonable due diligence is shifting upward.
The technology won’t replace human security professionals. The economic vulnerabilities, social engineering attacks, and operational failures that have caused most major crypto losses still require human judgment to address effectively. AI augments human security capabilities rather than substituting for them.
But the augmentation is substantial. Projects deploying AI-assisted security continuously will operate with better defences than projects relying on periodic manual audits. Users will increasingly expect this standard from protocols they trust with significant capital. The competitive dynamics will reward early adopters and punish those who treat security as an afterthought.
The arms race between AI-augmented attackers and AI-augmented defenders is just beginning. The crypto industry that emerges from this transition will be more sophisticated, more continuously monitored, and probably safer than the one we have today. The transition itself will likely produce some painful incidents as the new capabilities reach attackers before defenders fully implement countermeasures. Watching that unfold is going to be uncomfortable, but the destination is clearly better than where we started.
Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Cryptocurrency investments carry significant risk. Always conduct your own research before making any investment decisions.
