Anthropic this week launched its Claude Mythos AI to the public, a model purpose-built to sniff out software vulnerabilities. The move is already shaking up the DeFi sector, where smart-contract bugs can cost users hundreds of millions. Security researchers and protocol teams are now wrestling with a single question: does this tool make crypto safer, or does it arm bad actors with a faster way to drain liquidity pools?
What Claude Mythos brings
Unlike general-purpose large language models, Claude Mythos was trained specifically on codebases, bug bounties, and exploit writeups. Anthropic says it can identify logic flaws that traditional static analyzers miss — including race conditions, reentrancy attacks, and price-oracle manipulation patterns. The company posted benchmarks showing the AI outperforming existing vulnerability scanners on a test set of real-world DeFi contracts.
The public release means anyone can now run it against live protocols. That includes white-hat teams — but it also includes anyone else.
DeFi's exposure problem
DeFi developers have long relied on audits and bug bounties to catch flaws, but the process is slow and expensive. A single audit run can cost tens of thousands of dollars and take weeks. Claude Mythos, by contrast, can scan a contract in minutes. The catch: its output is not a guaranteed fix — it flags potential issues, leaving developers to confirm and patch them.
Some in the community worry that faster scanning also means faster exploitation. If an attacker runs the AI on an unaudited protocol and finds a critical bug before the team does, the window for a hack narrows from days to hours.
Defense vs. offense
Experts are divided. On one side, security firms see the model as a force multiplier for audits — a tool that helps human reviewers cover more ground. On the other, independent researchers point out that the same capability makes it trivial to probe every new DeFi launch for low-hanging fruit.
Neither side has offered a concrete fix yet. Some have called for Anthropic to gate access — requiring verification that the user is affiliated with a security firm — but the company has not announced any restrictions. The debate has been loud enough that several major DeFi projects have paused their public testnet launches this week to evaluate their exposure.
Unanswered questions
Anthropic has not said whether it will track misuse of Claude Mythos or share exploit reports with affected protocols. The company said only that it will continue to update the model's safety guardrails over time.
For now, the industry is watching for the first real-world test. Whether the AI tips the balance toward better defenses or faster exploits depends on who runs it first — and what they find.
