Odaily Interview with Yu Xian: Anthropic's Nuclear-Level New Model Leak, How Will It Impact Crypto Security Offense and Defense?

Original | Odaily (@OdailyChina)

Author | Azuma (@azuma_eth)

An unexpected data leak has given the world an early glimpse of Anthropic's upcoming blockbuster product.

Fortune reported last Thursday that Anthropic, the AI development company behind Claude, is training a new model called Mythos (internal codename suspected to be Capybara), which the company internally describes as "the most powerful AI model developed to date." Cybersecurity researchers who reviewed the materials revealed that the model was discovered in a draft blog post (now inaccessible) left in an unprotected, publicly searchable data cache. Anthropic confirmed the model's existence after being contacted by Fortune.

Anthropic describes Capybara as a new model tier. Compared to Claude's current most powerful tier, Opus 4.6, Capybara shows significant score improvements in tests for software coding, academic reasoning, and cybersecurity.

As early as last December, Anthropic conducted a test using AI to autonomously attack cryptocurrency smart contracts, proving that profitable, reusable AI autonomous attacks are technically feasible — see "Successfully Simulating a $4.6 Million Theft, AI Has Already Learned to Autonomously Attack Smart Contracts".

Now, with the emergence of a more powerful new model with specialized cybersecurity capabilities, what changes will occur in the cryptocurrency security landscape? To thoroughly answer these questions, Odaily specifically invited industry security expert and SlowMist founder Yu Xian (X: @evilcos) to provide insights.

AI Security Threats Are Arriving Faster Than You Think

At the beginning of the conversation, Yu Xian directly stated that many in the industry still view AI security threats as a "future tense," but the reality may be progressing faster than the industry imagines — AI's impact on crypto security is not about to come; it has already begun. In his view, AI's impact on cryptocurrency security primarily follows two major paths.

The first category is attackers actively using AI for malicious purposes. This includes the social engineering attacks that have already proliferated in the crypto industry over the past two years, such as remote scams on social media using deepfake videos and forged audio. It also includes more "technical" direct attack methods, such as training AI on public vulnerability samples, real attack cases, and exploitation details to develop methodologies for vulnerability discovery and exploitation — this is not limited to the smart contract field; any security aspect that can be trained and practiced based on historical experience could become a domain for AI.

The second category of risk is currently relatively easy to overlook but deserves more industry vigilance — projects themselves using AI for development, inadvertently introducing new security issues into their systems. As AI programming capabilities continuously improve, from a productivity enhancement perspective, more and more projects are beginning to rely on Vibe-Coding for code writing. While efficiency gains are indeed visible, the side effects are equally apparent. AI inevitably suffers from "hallucinations"; it may write vulnerabilities directly into the production environment due to issues like dependency pollution, incorrect package installations, or erroneous code library references.

This is not alarmist. In February of this year, the lending protocol Moonwell suffered a $1.78 million theft due to an error in its oracle price feed formula. The direct cause of the formula error was the project's reliance on Claude Opus 4.6 to write buggy code, setting the price of cbETH incorrectly at $1.12 when the actual price was around $2,200.

In an era where AI is reshaping the world in all aspects, it is not just a weapon in hackers' hands; it can also become a tool for projects to "plant landmines" themselves.

Which Projects Are Most Likely to Become Prey in the AI Era?

If AI has already entered both offensive and defensive sides, the next question is very practical: Who is more likely to get hit?

Yu Xian's judgment is straightforward: Projects with large amounts of capital will always be the top priority targets. The peculiarity of the crypto industry is that protocols directly carry real money, and due to decentralization concepts, contract fund statuses are often transparent to the outside world. For attackers, the input-output ratio is always the first principle. Therefore, as long as a protocol's TVL is sufficiently large, it naturally enters the key target list and will inevitably be continuously researched, scanned, and breached by attackers.

Apart from large-capital projects, another high-risk target category is newly launched projects with relatively obvious vulnerabilities. Although the capital scale of such projects is limited, they often become victims of "front-running attacks." With AI's support, the chain of batch scanning, automatic identification, and automatic exploitation is becoming increasingly mature. Some new projects may be simultaneously targeted by multiple attack teams shortly after launch, even before their capital scale fully expands, due to obvious or even low-level vulnerabilities. At this point, it's not about who is smarter, but who is faster. Whoever strikes first may reap the rewards first.

Yu Xian specifically mentioned another type of project worthy of caution — those long-running, established protocols that have lulled the market into a false sense of "it should be fine now." The most typical example is last year's incident involving the established protocol Balancer (see: "Established DeFi Falls: Balancer V2 Contract Vulnerability, Over $110 Million in Assets Stolen"). Many established projects have operated without incident for years and undergone multiple audits, leading teams and users to form an inertial belief that "the system is secure enough." But the reality is that the more a protocol is "assumed safe," the more likely it becomes a target for long-term research and strategic breakthrough by certain attack groups. If the project team's response slows down, governance processes become冗长, or the team happens to be on vacation or less attentive, the losses from an exploit could be even more severe.

How Should Projects and Users Defend Themselves?

During the conversation, Yu Xian repeatedly emphasized that projects should more proactively embrace AI. The reason is simple: external attackers are arming themselves with AI, and if you remain stuck in the mindset of "relying only on traditional manual audits, the system has been running fine for a long time," you are essentially fighting a war with a huge information gap.

From the perspective of productivity development, "using AI to write code" is an inevitable trend. But the problem is, you cannot only want to enjoy the efficiency gains brought by AI without establishing matching security processes — the more deeply AI is introduced into the R&D process, the stricter the cross-review and manual verification mechanisms must be before launch. For example, using multiple AI models for cross-validation or involving roles with real security experience and understanding of engineering reliability in the final review.

Simply put, it's about "don't be complacent, be more diligent." Especially for projects with already high TVL and large amounts of user funds deposited in their protocols, they should actively combine the strongest current model capabilities and security team capabilities to upgrade security strategies around their existing systems. Even if not entirely reliant on AI, they should at least understand what tools their opponents are using and how to respond. This will also be a plus in terms of user perception. A project willing to publicly embrace AI security upgrades and continuously conduct risk re-evaluations will at least let the market know it is not using past achievements as an excuse for laziness.

Compared to projects that have the capacity to build systems, allocate budgets, and upgrade processes, ordinary users are actually in a more passive position facing the AI security offensive/defensive upgrade. Yu Xian stated bluntly on this point: "For the vast majority of retail users, this matter (protecting themselves) is indeed very difficult."

Those truly capable of reacting quickly and minimizing losses when risks occur are often not ordinary retail users in the general sense, but individuals who already possess strong information acquisition and on-chain operational capabilities. They may have built their own monitoring and alert mechanisms, even using AI to automatically receive attack alerts. Once an anomaly occurs in a pool or protocol, they can withdraw funds and shift positions at the first moment, achieving a certain degree of loss minimization. More aggressive ones might even profit by following market sentiment during security incidents.

But such individuals are essentially no longer ordinary users; they are "scientists" in the crypto context. For the majority of users lacking monitoring capabilities, reaction speed, and professional judgment, once a real attack occurs, they are often the ones left holding the bag at the end.

The reality is indeed harsh. The AI era will not automatically bring a fairer security environment; instead, it may further amplify the information gap, tool gap, and reaction speed gap between professional users and ordinary users. From the perspective of ordinary users, what they can do may only be to minimize their exposure time and position size in high-risk protocols, reduce blind trust in complex interactions, and maintain basic skepticism towards narratives that "seem already secure."

More Powerful Models Are Coming; Will They Bring Greater Threats?

This is one of the most interesting questions in this interview. Intuitively, a model stronger in coding, reasoning, and cybersecurity, if truly deployed, seems only to make potential attackers more dangerous. But Yu Xian's answer is that this is actually a good thing.

In Yu Xian's view, the industry's biggest misconception is understanding such threats as "something that may happen in the future." But the reality is that many stronger capabilities already exist today; it's just that the outside world cannot see them (like Mythos was only accidentally known to the public this time), or those truly capable teams are more low-key than the market imagines.

In other words, the emergence of more powerful models like Mythos does not necessarily mean risks are born from zero to one, but rather makes the industry more clearly realize that many attack capabilities once only imagined are already being researched, validated, and even used in reality. Yu Xian mentioned in the interview that from vulnerability discovery to vulnerability exploitation are two different stages, and regarding these two matters, top model companies and some more vertical, low-key teams (e.g., teams conducting full-scale private training of AI specifically for smart contract security) have likely already accumulated considerable achievements.

In Yu Xian's logic, stronger models are not purely bad news but a more thorough screening mechanism. If a project cannot withstand the challenges brought by AI, then perhaps it should not continue to grow in the future, because AI will increasingly and fairly expose problems originally concealed by luck, inertia, and information asymmetry. The projects that truly survive are not those "temporarily not hit," but those "able to withstand attacks even in the AI era."

This means AI's impact on the crypto industry is more like an accelerated shakeout. Vulnerabilities will be discovered faster, risks will be exposed earlier, and attacks will become more frequent. Projects with weak security capabilities,粗糙 processes, and slow responses will only be淘汰 faster in the future.

In the long run, this may not be a bad thing. Because while AI amplifies the attack surface, it also raises the survival standards for the entire industry. It will force projects to upgrade their R&D processes, security systems, and response mechanisms, and push the industry to completely move out of the era of "wild growth."