“It’s a change in degree that could probably lead to a change in nature,” Urbelis said. “Machines have been chasing bugs for years. But now we’re talking about a fuzzer that has the ability to reason.”
Rather than simply identifying technical bugs, systems like Mythos could infer what the code was supposed to do and compare it to what it actually does. In crypto, where smart contract code is public and bug bounties can have large budgets, this capability could significantly increase the industry’s ability to identify vulnerabilities before launch.
David Schwed, COO of blockchain security company SVRN and founder of Yeshiva University’s cybersecurity master’s program, described this shift as even more significant.
“These models now operate in the same way as a human attacker,” Schwed said. “They iterate, they take the next step based on what they see in real time. The old tools were just complicated deterministic flows.”
But Schwed argued that the most important change may not have been the discovery of the vulnerability itself. This may be the emergence of continuous security monitoring.
“The real change is an ongoing audit with suggested fixes at a fraction of the cost, instead of a one-off review that you can only afford once,” he said.
If security reviews become inexpensive and continuous, researchers say industry expectations could evolve along with it.
