Anthropic is reportedly preparing to release a public version of its Mythos AI model, and crypto analyst The DeFi Investor is urging decentralized finance users to take precautions before that happens.
The concern stems from Mythos’s demonstrated ability to find software vulnerabilities. If a broadly accessible version becomes available, it could speed up how quickly attackers discover and exploit weaknesses in DeFi protocols.
What the DeFi Community Should Do
In a June 9 post on X, The DeFi Investor advised followers to revoke all token approvals, rely only on heavily audited dApps, and spread funds across multiple wallets to reduce single points of failure.
Token approvals are permissions that users grant to smart contracts, allowing those contracts to spend tokens on the user’s behalf. These approvals can accumulate quietly over time and create an ongoing attack surface if an approved contract later turns out to be vulnerable.
“What’s scary about Mythos is that it’s insanely good at finding severe vulnerabilities,” wrote The DeFi Investor. “Claude Opus 4.8 has also recently identified a critical bug for Zcash, and Mythos is supposed to be even better than Opus 4.8.”
The analyst warned that DeFi will face a major stress test in the coming months, and a recent Zcash incident illustrated the point.
A security researcher using AI discovered a bug in Zcash’s shielded Orchard pool that could have allowed attackers to mint new ZEC tokens indefinitely. The privacy coin lost more than 35% of its value in a single day as uncertainty mounted over whether the vulnerability had already been exploited. Prominent investor Arthur Hayes reportedly sold his entire ZEC position amid the panic.
Since April, Anthropic has limited Mythos access to about 50 organizations—including Amazon, Apple, Google, and Microsoft—under an initiative called Project Glasswing, intended to use the model’s capabilities for defensive purposes. Bloomberg reports Anthropic plans to expand access to about 150 additional organizations across 15 countries.
Still, multiple sources, including TFTC and journalist Alex Heath, have reported that the public release will include “substantial guardrails” and will not be as permissive as the version available to Project Glasswing partners.
An Ongoing Debate in DeFi
The DeFi Investor’s recommendations arrive amid a broader debate about the security and viability of decentralized finance.
In late May, OpenZeppelin co-founder Manuel Aráoz warned that “all of DeFi [is] unsafe,” saying he had advised users to withdraw funds from major protocols such as Aave, MakerDAO, and Compound. Aráoz argued that AI has shifted the security balance in favor of attackers, making it risky to leave funds in many protocols.
Recent months have seen several high-profile attacks. In April, KelpDAO and Drift Protocol suffered exploits that together amounted to more than $570 million in losses. More recently, hackers reportedly drained at least $30 million worth of Humanity Protocol’s H token from 17 wallets.
However, some industry voices caution against overstating the threat. Mark Zeller, founder of the Aave Chan Initiative, says fears about AI are exaggerated and notes that fewer than 10% of DeFi security failures over the past year were caused by code-level vulnerabilities.
Anthropic’s stance, according to Bloomberg, is that while AI will ultimately benefit defenders more than attackers, the transition period will be difficult and potentially dangerous for systems that haven’t adapted.