The recent launch of Anthropic’s Claude Fable 5 AI model has drawn attention to the vulnerabilities within the decentralized finance (DeFi) sector, which has already suffered significant financial losses this year due to security breaches. With over $840 million lost to hacks in 2023, experts warn that the introduction of advanced AI tools may exacerbate existing security challenges.
Released on Tuesday, Claude Fable 5 is described as Anthropic’s most powerful model to date, featuring enhanced reasoning and coding capabilities. The company has made two versions available: a public model designed to block high-risk uses and a more advanced variant, Claude Mythos 5, which is restricted to vetted users in cybersecurity.
According to Anthropic, the Mythos model can identify zero-day vulnerabilities—previously unknown software flaws—and assist in transforming these bugs into potential attacks. The AI attempts to intercept high-risk requests, redirecting them to a less powerful model, Claude Opus 4.8, in fewer than 5% of sessions. Despite these safety measures, Anthropic acknowledges that determined attackers may still find ways to circumvent them.
“The uplift from Mythos-level capabilities is valuable to many adversaries—for instance, those who could financially gain from cyberattacks,” the firm stated in a blog post.
Charles Guillemet, Chief Technology Officer at hardware-wallet maker Ledger, expressed skepticism about the effectiveness of current AI safeguards. He noted that while AI may not create new types of hacks, it significantly reduces the time required to execute them. Guillemet emphasized that the speed at which vulnerabilities can be identified and exploited poses a substantial risk to the crypto industry.
The DeFi sector has been particularly vulnerable to attacks this year, with April alone witnessing losses exceeding $600 million, marking it as the worst month on record. Notably, the two largest incidents involved complex social engineering tactics rather than straightforward smart-contract exploits. One such incident saw a North Korea-linked group siphoning approximately $285 million from Drift Protocol after a prolonged campaign to gain administrative access.
Another significant breach involved the exploitation of a flaw in Kelp DAO, resulting in a loss of around $292 million. Recently, Humanity Protocol also reported a loss of over $30 million due to a private-key compromise, highlighting the persistent threat posed by human error and operational failures.
“These exploits remain rooted in social engineering and human error,” Guillemet remarked.
As AI tools like Claude Fable 5 become more prevalent, the challenge for defenders is to secure every aspect of their systems. Guillemet pointed out that while AI can accelerate the identification of vulnerabilities, it does not eliminate the necessity for rigorous security measures. Private keys, for instance, should be stored in secure environments to prevent unauthorized access.
Conversely, some in the industry are leveraging AI defensively. Pendle, a DeFi yield protocol, has utilized Anthropic’s models to enhance its security posture, employing AI to map its codebase and conduct stress tests on smart contracts. The developers argue that the focus should not solely be on smart contracts, which are relatively short and manageable, but rather on the broader security landscape.
In summary, while advanced AI models like Claude Fable 5 offer potential benefits for both attackers and defenders, the DeFi sector must remain vigilant. The next significant cyber incident may not introduce new tactics but could instead exploit familiar vulnerabilities at an accelerated pace.
The launch of Anthropic's Claude Fable 5 AI model raises concerns about cybersecurity in the DeFi sector, which has already faced substantial losses this year. Experts warn that while AI can enhance security measures, it also enables attackers to exploit vulnerabilities more rapidly, emphasizing the need for robust security protocols.