“It’s a change in degree that could likely cause a change in kind,” Urbelis said. “Machines have hunted bugs for years. But now we’re talking about a fuzzer that has the capacity to reason.”
Rather than simply identifying technical bugs, systems like Mythos could infer what code was intended to do and compare that against what it actually does. In crypto, where smart contract code is public and bug bounties can have big budgets, that capability could significantly expand the industry’s ability to identify vulnerabilities before launch.
David Schwed, COO of blockchain security firm SVRN and founder of the cybersecurity master’s program at Yeshiva University, described the shift as even more significant.
“These models now operate the way a human attacker does,” Schwed said. “They iterate, they take the next step based on what they’re seeing in real time. The older tooling was just complicated deterministic flows.”
But Schwed argued the bigger change may not be vulnerability discovery itself. It may be the emergence of continuous security monitoring.
“The real shift is continuous auditing with suggested remediations at a fraction of the cost, instead of a point-in-time review you can only afford once,” he said.
If security reviews become inexpensive and continuous, researchers said the industry’s expectations could change alongside them.
Leave a Reply