AI is entering the crypto security process at a faster pace. Researchers say that as the price of related tools decreases and their coverage expands, the security review threshold before smart contracts go live may be redefined, and the due diligence requirements faced by development teams and institutions will also increase.
Audit costs have decreased significantly.
CoinDesk reports that Mythos, a recently launched AI security system, is driving smart contract auditing from one-off manual checks to lower-cost, more frequent automated reviews. Alexander Urbelis, Chief Information Security Officer at ENS Labs, stated that such tools are pushing the price of basic auditing to near zero.
He stated that tasks that previously required weeks and substantial budgets may now be completed in minutes. This means that smaller projects that previously couldn't afford professional audits can now obtain initial security assessments much faster.
Shift from finding vulnerabilities to continuous review
Researchers point out that traditional automation tools mainly rely on large amounts of input to test program anomalies, while AI tools are beginning to possess stronger reasoning capabilities. They can not only detect code errors, but also potentially determine what the code originally intended to achieve, and then compare that with the actual execution result.
David Schwed, COO of blockchain security company SVRN, stated that the bigger change isn't necessarily finding more vulnerabilities, but rather that continuous auditing is becoming feasible. Compared to a one-time pre-deployment review, low-cost continuous monitoring and remediation recommendations may become the new security process.
If this model becomes widespread, the industry's judgment on "having conducted sufficient security checks" may also change. Urbelis believes that in the past, teams often explained why certain checks were not completed by citing the high cost and complexity of audits; however, when relevant tools are readily available and inexpensive, such reasons will become more difficult to justify.
AI still cannot replace human judgment
However, both researchers believe that AI cannot replace human auditing. Machines are better at identifying code defects, but their understanding of economic models, incentive designs, and adversarial behavior remains limited, and these kinds of problems are precisely what are associated with many significant losses.
Schwed stated that simply having a model check a smart contract does not equate to establishing a complete security system. If users cannot determine whether the model's returned results are reliable, they may only gain a sense of security, rather than true security capabilities.
The two also mentioned that many high-loss incidents in the crypto industry do not stem from smart contract vulnerabilities, but rather from social engineering attacks, credential leaks, compromised keys, or manipulation of the signing process. For example, in such cases, code scanning tools themselves cannot prevent authorized signers from approving transactions they have not actually verified.
Overall, AI will not eliminate security issues in the crypto industry, but it is changing another more realistic variable: the cost of discovering code defects is decreasing, and industry expectations regarding what security checks should be performed before a project goes live may rise as a result.
