Why AI Security Tools Reshape Crypto Due Diligence Standards

The Cost Collapse of Smart Contract Audits

The launch of Mythos, an AI system designed to autonomously discover vulnerabilities in code, marks a structural shift in crypto security economics. As Alexander Urbelis, chief information security officer at ENS Labs, stated: "It pushes the price of a basic audit toward zero." Work that once required weeks and significant expense could eventually be completed in minutes. This collapse in cost is not incremental—it is a discontinuity. For years, comprehensive audits have been a budget constraint, often limiting security reviews to well-funded projects. Now, AI-powered tools make sophisticated vulnerability discovery accessible to virtually any developer. The immediate consequence: the industry's baseline for reasonable due diligence is about to be rewritten.

From Point-in-Time to Continuous Monitoring

David Schwed, COO of blockchain security firm SVRN, argues that the real shift is not just cheaper audits but the emergence of continuous security monitoring. "The real shift is continuous auditing with suggested remediations at a fraction of the cost, instead of a point-in-time review you can only afford once," he said. Traditional audits are snapshots—a single review before deployment. AI systems can run persistently, scanning code changes in real time. This changes the risk calculus for protocols that update frequently. Continuous monitoring reduces the window of exposure between deployments, a critical advantage in fast-moving DeFi environments. For institutional investors, this capability could become a prerequisite for capital allocation.

New Liability Standards and Legal Exposure

As AI security tools become ubiquitous, the legal landscape is shifting. Urbelis warns: "A clean AI report will be seen as no defense. A plaintiff may well argue it the other way: the tool existed, it was cheap, and you should have caught it." This inversion of liability could have profound implications. Developers who skip AI-assisted audits may face negligence claims. Conversely, relying solely on AI without human oversight may also be inadequate. The standard of care is evolving from "did you hire an auditor?" to "did you use all reasonably available tools?" Legal teams should prepare for a new wave of disputes centered on whether AI tools were deployed and interpreted correctly.

AI's Blind Spots: Social Engineering and Key Compromise

Despite the promise, AI cannot prevent many of crypto's largest losses. Urbelis points to the Drift compromise, which resulted from a months-long social engineering campaign. "The smart contract did exactly what it was told," he said. "The authority behind the instruction was what was compromised and abused." Similarly, Schwed cites Ronin and Bybit, where compromised keys and manipulated signing processes were central. "No code scanner stops an authorized signer from approving a transaction they can't verify," he said. These incidents highlight that AI addresses only one vector—code vulnerabilities. Operational security, credential management, and social engineering remain critical. Executives must avoid the false sense of security that AI tools can create.

Market Implications: Winners, Losers, and Strategic Bets

The convergence of AI security and tokenized real-world assets (RWA) is reshaping market dynamics. Combined exchange volumes fell 3.45% to $4.41 trillion in May 2026, the lowest since September 2024. Yet RWA perpetual futures volumes rose 10.4%, hitting a new all-time high. This divergence signals a shift toward institutional-grade, automated infrastructure. Winners include blockchain security firms that integrate AI (like SVRN) and RWA tokenization platforms. Losers are traditional cybersecurity firms without crypto expertise and smaller exchanges facing consolidation. For investors, the strategic bet is on platforms that combine AI-driven security with continuous monitoring and RWA exposure. The next 12 months will likely see a wave of M&A as incumbents scramble to acquire AI security capabilities.

Source: CoinDesk