AI finds smart‑contract flaws

A smart contract is code that moves crypto automatically, like a vending machine that releases money when preset conditions are met. Anthropic’s new Mythos model is now being described as able to read that code and flag flaws fast enough that crypto firms are scrambling to assess the risk. (anthropic.com) Anthropic said on April 8 that Claude Mythos Preview had found and helped patch thousands of previously unknown software vulnerabilities, including bugs across major operating systems and web browsers. The company limited access to the model through Project Glasswing instead of releasing it broadly. (anthropic.com) Anthropic’s own technical writeup said Mythos can discover more high-severity bugs than earlier language models and can turn known but unpatched weaknesses into working exploits. The company said more than 99% of the vulnerabilities it found were still unpatched, which is why it withheld operational detail. (anthropic.com) Crypto outlets have started applying that capability to decentralized finance, where smart contracts hold pools of user funds and execute trades without a bank or broker. CryptoSlate reported on April 15 that security researchers see “hundreds of millions to billions” of dollars of exposure if an artificial intelligence system can identify contract flaws before human auditors do. (cryptoslate.com) That concern is sharper in decentralized finance because smart-contract code is usually public and on-chain transactions are hard to reverse once funds move. A bug that sits unnoticed in open code can become an instant theft path if a model can scan thousands of contracts at once. (cryptoslate.com) Major crypto exchanges are reportedly trying to get access before attackers do. DL News reported that Coinbase and Binance have sought Mythos access from Anthropic, framing the model as both a defensive scanner for exchange infrastructure and a possible “AI super-attacker” if it leaks or is misused. (dlnews.com) Anthropic’s launch partners do not include Coinbase or Binance. The company named Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, and said it had also extended access to more than 40 other organizations that build or maintain critical software. (anthropic.com) Financial regulators are now treating Mythos as more than a crypto story. Bloomberg reported on April 16 that the European Central Bank scheduled a call with chief risk officers at eurozone lenders to discuss the model’s potential to exploit weaknesses in financial systems. (bloomberg.com) Some researchers say the alarm may outrun the evidence. TechCrunch reported on April 9 that Anthropic’s decision to restrict Mythos also raised questions about whether the company was emphasizing worst-case scenarios, even as Anthropic said the model was too capable at finding software exploits for general release. (techcrunch.com) For crypto developers, the immediate task is simpler than the rhetoric: audit code faster than machines can break it. Anthropic is giving selected defenders a head start, and exchanges and decentralized finance teams now have to assume attackers are racing on the same clock. (anthropic.com)