I’m in Buenos Aires right now at the DeFi Security Summit, where I joined a panel on AI and Web3 security along with @blocksec (EigenLabs), @ChanniGreenwall (Olympix), @jack__sanford (Sherlock), and @nicowaisman (Xbow). What not long ago felt like a “distant future” is now being discussed as a very concrete roadmap for the coming years: both defensive and offensive AI‑powered technologies are going to advance rapidly, especially in vulnerability discovery. Everything auditors do today manually and through a patchwork of tools is gradually being bundled into more powerful and accessible automated stacks.
It’s important to look at reality soberly: the hope that we can reliably “fence off” models from undesirable use is illusory. Any sufficiently capable model is, by definition, dual‑use. Providers will add restrictions, filters, policies — but that’s not a fundamental barrier. Anyone with motivation and resources will spin up a self‑hosted model, assemble their own agentic stack, and use the same technologies without worrying about ToS. You can’t design security under the assumption that attackers won’t have access to these tools.
The economics of attacks are also far from straightforward. In the short term, attacks will get cheaper: more automation, more “wide‑area bombardment,” more exhaustive exploration of states and configurations without humans in the loop. But over the long run, as defensive practices and tools catch up, successful attacks will become more expensive: coverage will improve, trivial bugs will disappear, and effective breaches will require serious infrastructure, preparation, and expertise. This will shift the balance toward fewer incidents — but those that do happen will be far more complex and costly.
My main takeaway: we’ll have to revisit the entire security lifecycle, not just “cosmetically improve” audits. How we describe and understand risk profiles, how threat models evolve with AI in the picture, how we structure development, reviews, testing, deployment, on‑chain monitoring, incident response, and post‑mortems — all of this will need to be rethought. Traditional audits will remain a key piece, but they can no longer be the sole center of gravity. The reality is that AI symmetrically amplifies both defenders and attackers — and Web3 security will have to adapt its entire operating model to this asymmetric arms race.
982
10
Konten pada halaman ini disediakan oleh pihak ketiga. Kecuali dinyatakan lain, OKX bukanlah penulis artikel yang dikutip dan tidak mengklaim hak cipta atas materi tersebut. Konten ini disediakan hanya untuk tujuan informasi dan tidak mewakili pandangan OKX. Konten ini tidak dimaksudkan sebagai dukungan dalam bentuk apa pun dan tidak dapat dianggap sebagai nasihat investasi atau ajakan untuk membeli atau menjual aset digital. Sejauh AI generatif digunakan untuk menyediakan ringkasan atau informasi lainnya, konten yang dihasilkan AI mungkin tidak akurat atau tidak konsisten. Silakan baca artikel yang terkait untuk informasi lebih lanjut. OKX tidak bertanggung jawab atas konten yang dihosting di situs pihak ketiga. Kepemilikan aset digital, termasuk stablecoin dan NFT, melibatkan risiko tinggi dan dapat berfluktuasi secara signifikan. Anda perlu mempertimbangkan dengan hati-hati apakah trading atau menyimpan aset digital sesuai untuk Anda dengan mempertimbangkan kondisi keuangan Anda.