Step aside Bitcoin and quantum threats—Anthropic’s Mythos AI may reshape the future of DeFi.

Anthropic’s Claude Mythos Preview has uncovered thousands of zero-day vulnerabilities spanning major operating systems and web browsers—including flaws embedded in cryptographic libraries that underpin decentralized finance (DeFi) infrastructure.

The company claims its latest AI model can autonomously identify and exploit previously unknown software vulnerabilities at a level that surpasses decades of human-led security research, as well as existing automated tools.

A closer examination of Mythos’ capabilities highlights potential risks for crypto markets—particularly DeFi. The model demonstrates an ability akin to finding a needle in millions of haystacks, systematically exposing bugs that have evaded detection for years.

Among its findings, Mythos identified a 27-year-old vulnerability in OpenBSD—an operating system specifically engineered for security—for less than $50 in compute costs. It also uncovered a 16-year-old flaw in FFmpeg, a core component of global video streaming infrastructure, despite the software having undergone millions of automated scans.

In another instance, the model constructed a browser exploit by chaining together four distinct vulnerabilities, bypassing multiple layers of defense. It also transformed a known Linux vulnerability into a fully functional attack in under 24 hours for less than $2,000—a task that would typically take weeks for a skilled human researcher.

These capabilities have raised significant concern across the technology sector. Unlike theoretical risks such as quantum computing threats to Bitcoin, Mythos is already operational and actively identifying vulnerabilities in code that safeguards user funds—some of which have remained undiscovered for decades.

For the crypto ecosystem, the most critical revelations come from Anthropic’s technical disclosures. Mythos reportedly identified weaknesses in widely used cryptographic standards and libraries, including TLS, AES-GCM, and SSH. These technologies are foundational to internet security, enabling encrypted communications, secure HTTPS connections, and remote server access—core components of DeFi and exchange infrastructure.

Exploiting such vulnerabilities could allow attackers to forge digital certificates or decrypt sensitive communications, posing systemic risks.

DeFi protocols may be particularly exposed due to their open-source nature. With codebases publicly accessible, models like Mythos can autonomously scan, analyze, and catalog vulnerabilities at machine speed and near-zero marginal cost.

While roughly $200 billion remains locked across smart contracts on networks such as Ethereum and Solana—many of which have undergone audits by both humans and automated tools—Anthropic suggests Mythos operates beyond the limitations of both.

The company noted that security measures relying on friction rather than hard technical barriers could become significantly less effective in the face of AI-assisted adversaries. This includes mechanisms such as multisignature governance, transaction timelocks, and audit assurances, which are designed to slow down attacks rather than eliminate underlying vulnerabilities.

Despite these concerns, market sentiment has remained largely unaffected in the short term. The CoinDesk DeFi Select Index rose 7% over 24 hours, outperforming both Bitcoin and Ether, supported by improved risk appetite following a temporary ceasefire between the U.S. and Iran.

Looking ahead, however, market participants may need to monitor not only macroeconomic developments but also advancements in AI-driven security tools like Mythos, given their potential to reshape the risk landscape for blockchain infrastructure.

For now, Anthropic has not released Mythos to the public. Instead, access is limited to a group of approximately 40 major technology firms—including Google, Apple, and Microsoft—under an initiative known as Project Glasswing.