In the world of crypto security, AI emerges as both a savior and a challenge. On one hand, AI tools like Mythos promise to drastically cut the costs of smart contract audits, making continuous checks not just possible but practical. Yet, these innovations cannot replace the nuanced insights of human judgment, leaving room for the old problems to persist.

According to CoinDesk, AI-driven systems are reshaping the landscape of crypto security by enabling automated and continuous code reviews at a fraction of traditional costs. Alexander Urbelis, chief information security officer at ENS Labs, highlights how Mythos can push the cost of basic audits toward zero. This shift implies that comprehensive security assessments, once a costly endeavor, could become accessible even to smaller projects.

The traditional model of conducting smart contract audits has been limited by significant budget constraints, often leaving smaller teams unable to afford comprehensive security evaluations. AI systems like Mythos, which was briefly released before being removed from the American market, aim to democratize access to security tools, enabling even those with limited resources to perform thorough code reviews.

For years, researchers have relied on automated tools known as fuzzers to hunt for software bugs by bombarding programs with inputs and observing what breaks. AI systems take a different approach. "It's a change in degree that could likely cause a change in kind," Urbelis said. "Machines have hunted bugs for years. But now we're talking about a fuzzer that has the capacity to reason."

Rather than simply identifying technical bugs, systems like Mythos could infer what code was intended to do and compare that against what it actually does. In crypto, where smart contract code is public and bug bounties can have big budgets, that capability could significantly expand the industry's ability to identify vulnerabilities before launch.

David Schwed, COO of blockchain security firm SVRN and founder of the cybersecurity master's program at Yeshiva University, described the shift as even more significant. "These models now operate the way a human attacker does," Schwed said. "They iterate, they take the next step based on what they're seeing in real time. The older tooling was just complicated deterministic flows."

But Schwed argued the bigger change may not be vulnerability discovery itself. It may be the emergence of continuous security monitoring. "The real shift is continuous auditing with suggested remediations at a fraction of the cost, instead of a point-in-time review you can only afford once," he said.

If security reviews become inexpensive and continuous, researchers said the industry's expectations could change alongside them. Urbelis said he believes AI could eventually reshape the standard of care around smart contract development. Historically, teams could point to the cost and complexity of audits as a reason certain reviews were not performed. That argument becomes more difficult when sophisticated security analysis is available on demand.

More from Coin Times

MACRO

Massive Bonuses at Chip Firms Fuel Korean Inflation Fears

South Korea's tech worker bonuses stir inflation fears, while retail revels in luxury sales boom near chip hubs.

"A clean AI report will be seen as no defense," he said. "A plaintiff may well argue it the other way: the tool existed, it was cheap, and you should have caught it." The prospect raises broader questions for the industry: if AI-powered security reviews become ubiquitous, will investors expect them before funding projects, and could failing to run AI-assisted audits eventually be viewed as negligence?

Despite the technology's promise, neither researcher said he believes AI is poised to replace human auditors. While machines excel at identifying coding flaws, Urbelis said they remain weaker at spotting the economic and incentive-based vulnerabilities that have contributed to some of crypto's largest losses. "The bugs that drain treasuries often turn on intent and adversarial incentives," he said. "Those still need an experienced human in the room."

Schwed offered a similar warning. "'Claude, audit my smart contract, make no mistakes' is not a security program," he said. "If the person running the tool can't evaluate what comes back, you haven't bought security, you've bought a false sense of it."

But whether a system like Mythos could have prevented major hacks, both researchers noted that many of crypto's most costly incidents did not originate from smart contract vulnerabilities. Urbelis pointed to the recent compromise of Drift, which he described as the culmination of a months-long social engineering campaign that targeted trusted contributors rather than the protocol's code. "The smart contract did exactly what it was told," he said. "The authority behind the instruction was what was compromised and abused."

Similarly, Schwed cited incidents such as Ronin and Bybit, where compromised keys and manipulated signing processes, rather than software vulnerabilities, played central roles. "No code scanner stops an authorized signer from approving a transaction they can't verify," he said.

The potential for AI to change the expectations around due diligence is undeniable. If AI-assisted audits become ubiquitous, failing to employ these tools could be seen as negligence. This shift could have broader implications for the industry, possibly altering investor expectations and legal standards.

In this evolving landscape, AI's role is undeniable, but it's not a panacea. The industry must balance these technological advances with the irreplaceable value of human insight. As AI reshapes one part of the equation by lowering bug discovery costs, the larger security challenges remain.