AI models spark a “vulnerability apocalypse” in crypto security

Immunefi CEO Mitchell Amador says new AI models are behind a “vulnerability apocalypse” that is driving the 2026 resurgence of DeFi hacks. Speaking at the WAIB Summit in Monaco, he pointed to recent releases such as Claude Opus 4.8 and ChatGPT 5.5 as shifting the cybersecurity playing field toward attackers. Industry data cited in the report shows crypto hacks surged in April 2026, with losses exceeding $634 million— the highest monthly total since the Bybit-driven losses that helped push losses toward about $1.4 billion in Feb 2025, according to DefiLlama. Amador argues the next 3–4 years are critical for crypto to survive: defenders must use the same AI capabilities to build “impregnable” codebases. He adds the timeline could shrink to under two years if the ecosystem adopts more “crowdsourced security solutions,” and turns AI tools to advantage. The comments followed concerns after Anthropic’s Claude Mythos model (including Fable 5) raised fears it could accelerate exploit development. Anthropic said safeguards reroute cybersecurity-related topics to Claude Opus 4.8. The article also highlights a recent incident: on April 19, an attacker drained about 116,500 restaked Ether (rsETH), roughly $290M–$293M, from Kelp DAO’s LayerZero-powered rsETH bridge. LayerZero said Kelp DAO’s 1/1 decentralized verifier network (DVN) configuration created a single point of failure and that it had advised against that setup.
Bearish
The report frames AI models as an accelerant for exploitation, aligning with April 2026’s high hack losses (> $634M) and a fresh large DeFi bridge breach (Kelp DAO rsETH via LayerZero). For traders, that combination increases perceived tail risk for DeFi and infrastructure tokens, which can compress risk appetite and raise demand for hedges/safer majors. In the short term, such narratives often trigger cautious positioning around DeFi yields, bridges, and restaking exposures, especially when specific architectural weaknesses (e.g., single verifier path / 1/1 DVN) are highlighted. In the medium term, the market could stabilize if credible defensive improvements and crowdsourced security processes gain traction. Still, until that defensive adoption is proven at scale, the expectation is more frequent vulnerabilities and patching cycles—historically similar to post-exploit periods where liquidity migrates away from the impacted sectors. Overall, increased attack surface and uncertainty around AI-driven hacking outweigh the speculative upside, making the likely near-term market impact bearish.