Crypto AI cyber risk

Vulnerability discovery is getting cheap. Blockchain coordination isn't getting faster.

May 7, 2026

Blockchains likely contain latent critical bugs. AI systems are rapidly improving at finding them. At the same time, public blockchain infrastructure is unusually difficult to patch quickly or quietly.

This is not a claim that cryptocurrencies are “doomed,” nor a prediction that every major protocol will experience catastrophic failures. The point is narrower and more structural: AI changes the economics of vulnerability discovery at the same time that many blockchain systems remain slow-moving coordination environments with highly transparent software distribution processes.⊕ Frontier AI labs and government evaluators are increasingly calling this category AI cyber capability or AI cyber risk — the extent to which AI systems can autonomously assist or execute offensive cyber operations.

That interaction may become one of the defining security problems for cryptocurrencies over the next few years.

The important point is not whether current models are already capable of autonomously compromising highly secure systems end-to-end. The important point is that measurable cyber capabilities across frontier models appear to be improving rapidly across successive generations.

Several recent evaluations from the UK AI Security Institute (AISI), Anthropic, Mozilla, and independent security researchers point in the same direction: AI systems are becoming substantially more effective at vulnerability discovery, exploit reasoning, patch analysis, and multi-step offensive workflows.

Software tends to become less bug-dense over time

Most large software systems begin highly bug-dense. Over time, several forces gradually reduce that density: real-world attacks, continuous production usage, repeated security audits, fuzzing and formal verification, code review, operational incidents, and sustained scrutiny from external researchers.

As software matures, the remaining vulnerabilities become progressively harder to find. The easy bugs disappear first. The remaining bugs tend to require deeper context, more specialized expertise, more sophisticated tooling, or much larger search efforts.

This dynamic is visible across mature open-source infrastructure. Linux, Firefox, Chrome, OpenSSL, SQLite, and similar projects have undergone decades of adversarial review while still occasionally producing serious vulnerabilities. The point is not that these projects are insecure — many are among the most secure software systems ever built. The point is that reducing bug density in large, complex systems is extremely difficult even under conditions of enormous scrutiny.

Historically, one practical bottleneck limiting exploitation was scarcity of expertise. Finding deep vulnerabilities in mature systems usually required highly specialized researchers with substantial context about the target architecture, deployment assumptions, networking model, compiler behavior, concurrency model, or cryptographic implementation details. Very few teams had that level of capability.

AI changes part of this equation. Modern AI systems can already assist with:

repository-wide code analysis,
vulnerability pattern matching,
patch-diff analysis,
fuzzing assistance,
exploit hypothesis generation,
symbolic reasoning over code paths,
and independent multi-step investigation workflows.

The important shift is not that AI autonomously discovers every critical vulnerability. The important shift is that AI substantially lowers the marginal cost of analyzing complex software systems at scale. A task that previously required a specialized security team working for weeks can increasingly be parallelized across many targets with AI-assisted workflows.

Recent results from Mozilla provide a concrete illustration of the trend. In March 2026, Mozilla and Anthropic disclosed that Claude Opus 4.6-assisted workflows discovered 22 Firefox vulnerabilities in roughly two weeks, including 14 high-severity bugs. Mozilla noted that this represented almost a fifth of all high-severity Firefox vulnerabilities remediated during 2025. More recently, Mozilla disclosed that Firefox 150 alone fixed 271 security bugs, including 180 classified as high severity.

This is notable because Firefox is among the most heavily scrutinized open-source software projects in existence. Browser engines have undergone decades of adversarial testing, fuzzing, exploit development, and security review. If AI-assisted workflows can materially accelerate vulnerability discovery even in software ecosystems this mature, it is difficult to assume that younger cryptocurrency infrastructure will be comparatively unaffected.

Figure

Mozilla Firefox high-severity bug disclosures, 2023–2026

visualization to be added

High-severity Firefox vulnerabilities remediated per release, before and after the introduction of AI-assisted workflows. Source: Mozilla disclosures.

Why cryptocurrencies may be especially exposed

Cryptocurrency systems are unusually complex. Even relatively small protocols often combine distributed consensus, cryptography, networking, execution engines, custom virtual machines, economic incentive systems, governance mechanisms, bridges, cross-chain messaging, and highly adversarial runtime environments.

Many systems are also comparatively young relative to traditional infrastructure software. ⊕ Ethereum is young compared to Linux or major browser engines. Many rollups, bridges, sequencers, and smart-contract systems are substantially younger still. This does not imply that crypto systems are poorly engineered. It does imply that many systems likely remain relatively bug-dense compared to software that has undergone decades of operational hardening.

The consequences of failure are also different. A browser vulnerability may compromise user devices. A server vulnerability may leak data. A blockchain infrastructure vulnerability can instead create consensus failures, chain halts, invalid state transitions, asset theft, bridge failures, or network splits. In many cases, the bug is not merely a software problem but a coordination problem involving validators, exchanges, infrastructure providers, wallets, governance systems, and users simultaneously.

At the same time, cryptocurrency systems remain one of the most aggressively targeted software ecosystems in the world. Recent months have already shown a significant increase in large-scale exploits and operational attacks across the industry. Importantly, many incidents increasingly combine traditional software exploitation with operational compromise, social engineering, governance manipulation, infrastructure targeting, or multi-stage attack planning. This is exactly the category of workflow where AI-assisted offensive capability may matter most.

The patching problem

Traditional software ecosystems have several advantages when responding to critical vulnerabilities. Many systems support rapid or automatic software updates. Vendors can distribute patches quickly across large user populations. In some cases, users may not even realize their systems have already upgraded.

Open-source security teams also often rely on staged disclosure: identify the vulnerability, prepare a patch, distribute updates quietly, wait for adoption, and disclose details later once the ecosystem is protected. This process is imperfect, but it often works because patch distribution is relatively fast and because many systems can update without requiring explicit ecosystem-wide coordination.

Public blockchains are structurally different. Critical upgrades may require coordination across validators, node operators, exchanges, RPC providers, wallets, bridges, governance participants, infrastructure companies, custodians, and downstream applications.

For consensus bugs or VM-level vulnerabilities, patch adoption speed can become constrained by governance processes, operational risk management, ecosystem coordination, and the simple reality that globally distributed infrastructure upgrades slowly. This creates a different security environment from traditional software deployment.

There is also a second issue: public upgrades expose information. ⊕ Certain Zcash upgrade discussions around trusted-setup assumptions and related security concerns are often cited as examples of how difficult vulnerabilities could sometimes be mitigated before the broader ecosystem fully understood the underlying issue. Historically, some projects were able to partially obscure security-sensitive fixes by embedding them inside larger upgrades or operational changes.

The important point is not the specifics of any single protocol, but that coordinated disclosure strategies historically benefited from the fact that only a small number of researchers could rapidly infer the exact vulnerability being fixed from a patch diff. That assumption weakens in an environment where AI systems can analyze patch diffs extremely aggressively.

A future attacker workflow may look something like:

monitor protocol repositories,
detect security-relevant diffs,
compare semantic execution changes,
infer the likely vulnerability class,
generate exploit hypotheses,
test exploitability against unpatched nodes,
and execute attacks before ecosystem-wide adoption occurs.

The core issue is not simply more bugs. The issue is compression of the interval between vulnerability discovery, vulnerability understanding, patch publication, patch analysis, and exploitation. Public blockchain ecosystems are unusually exposed to this compression because their upgrade processes are transparent and comparatively slow.

Smart contracts and visible upgrades

Smart contracts introduce related but slightly different problems.

Upgradeable smart contracts can often respond faster than base-layer infrastructure because upgrades may be controlled by multisigs, governance systems, or admin keys. However, the upgrade itself is usually visible on-chain or visible in public repositories before execution. If the structure of the patch strongly implies the underlying vulnerability, attackers may attempt to exploit the contract before the upgrade finalizes. In some cases, visible upgrade transactions themselves may create opportunities for adversarial behavior around timing or transaction ordering.

Non-upgradeable contracts face the opposite problem. Vulnerabilities may be difficult or impossible to patch directly, leaving migration, pause mechanisms, wrappers, or social coordination as the only remaining mitigation tools.

AI-assisted vulnerability discovery increases pressure on both sides of this tradeoff.

Infrastructure risk may matter more than application risk

The highest-impact vulnerabilities are likely to occur in shared infrastructure layers rather than isolated applications. Examples include consensus clients, execution clients, virtual machines, proving systems, bridges, shared cryptographic libraries, wallet infrastructure, sequencers, and RPC infrastructure.

These systems concentrate risk because large parts of the ecosystem depend on them simultaneously. Modern crypto ecosystems are also deeply composable: a low-level vulnerability can propagate upward into many applications that inherit the same assumptions about state validity, execution correctness, or bridge integrity.

As AI-assisted security research scales, the incentive structure naturally concentrates attention toward the most economically valuable shared infrastructure targets.

AI cyber capability is still early

The current generation of models is unlikely to represent the endpoint of this trend.

Recent evaluations by the UK AI Security Institute described frontier models such as Anthropic’s Mythos Preview as representing a measurable increase in cyber capability relative to previous generations. In one evaluation, AISI reported that the model successfully completed a multi-step cyberattack simulation end-to-end — a capability threshold that earlier systems struggled to achieve reliably.

The more important implication is not Mythos itself, but the trajectory. Cyber capability evaluations increasingly suggest that model performance is improving across generations in a relatively continuous way rather than appearing as isolated jumps. Models are becoming better at persistence, planning, tool usage, exploit reasoning, and long-horizon technical workflows.

Figure

UK AISI cyber-capability progression across frontier models

visualization to be added

UK AISI cyber-capability evaluations across recent frontier model generations. Source: AISI public model evaluations.

If this trend continues, the relevant question for open-source infrastructure may not be whether AI systems can assist sophisticated vulnerability discovery, but how quickly software ecosystems can adapt once such capabilities become widely available.

Open questions

One consequence of AI-assisted vulnerability discovery is that software ecosystems may begin diverging more sharply based on upgrade speed. Some systems can patch and distribute updates rapidly. Others require lengthy coordination processes, governance voting, operational reviews, or ecosystem-wide synchronization. Projects on the slower end of this spectrum may become increasingly exposed if the cost of vulnerability discovery and patch analysis falls faster than the speed of ecosystem coordination improves.

Several open questions follow:

What does responsible disclosure look like in fully transparent open-source ecosystems where AI systems can aggressively analyze every patch diff?
Can slow-moving decentralized governance processes coexist with much faster vulnerability discovery cycles?
Will some protocols require new emergency upgrade mechanisms?
How should ecosystems balance transparency against security-sensitive disclosure timing?
Does open-source software distribution itself need to evolve under AI-assisted patch analysis?
What happens when exploit development becomes substantially cheaper while coordination costs remain fixed?

These questions are not unique to crypto. Open-source infrastructure more broadly may face similar pressures. Cryptocurrency systems may simply encounter them earlier because they combine transparent codebases, adversarial environments, large financial incentives, and comparatively slow coordination layers in a single stack.

Conclusion

The important shift is not merely that AI systems may find more vulnerabilities. The more important shift is that AI changes the relative speed of several previously separate processes: discovering vulnerabilities, understanding vulnerabilities, inferring vulnerabilities from patches, and operationalizing exploits.

Public blockchain ecosystems remain comparatively slow at coordinating upgrades across globally distributed participants. That mismatch may become increasingly important.

The result is not necessarily catastrophic failure across cryptocurrency systems. More likely, different architectures, governance models, and upgrade mechanisms will respond with very different levels of resilience. Systems that can coordinate and distribute fixes rapidly may adapt reasonably well. Systems that depend on slow governance, highly visible patch processes, or difficult ecosystem-wide coordination may face substantially more pressure in an environment where vulnerability discovery and patch analysis continue accelerating.

Get in touch

If you’re working on disclosure, coordination, or upgrade mechanisms for blockchain ecosystems — or studying AI cyber capability evaluations — I’d like to compare notes. DM @iamnotnicola on X.