Anthropic released Claude Fable 5 on Tuesday, and within hours, crypto security researchers started asking an uncomfortable question: what happens when the industry’s billion-dollar attack surface meets an AI that can scan code faster than any human team?
The new model is the first public release in Anthropic’s Mythos class, which the company describes as its most powerful yet. Powerful enough, apparently, that Anthropic split it into two versions. The public Claude Fable 5 includes stronger reasoning and coding abilities while attempting to block dangerous uses. A less restricted variant, Claude Mythos 5, is available only to vetted cybersecurity and critical infrastructure users because it can find and chain zero-day vulnerabilities into working attacks.
DeFi has already hemorrhaged more than $840 million to exploits in 2026’s first five months. The uncomfortable truth emerging from this week’s AI release is that the industry’s defenses may not be ready for adversaries who think at machine speed.
The Speed Problem Anthropic Cannot Solve
Anthropic built safety filters into Fable 5. The system tries to detect high-risk requests and routes them to a weaker model, Claude Opus 4.8. According to the company, this fallback triggers in fewer than 5% of sessions. More than 1,000 hours of external bug-bounty testing found no universal bypass.
But Anthropic is refreshingly honest about the limits. The company acknowledged in a blog post that the system is unlikely to be foolproof and that it expects motivated attackers to keep trying. “The uplift from Mythos-level capabilities is valuable to many adversaries,” the firm wrote, noting that those who could financially gain from cyberattacks will be “motivated to try to circumvent our safety measures.”
Charles Guillemet, chief technology officer at hardware-wallet maker Ledger, put it more bluntly in an email to CoinDesk. “Current AI guardrails raise friction,” he said. “They are not a reliable control against a determined adversary.”
The distinction matters. Safety filters that slow down casual misuse do nothing against a state-sponsored group or a financially motivated criminal operation willing to invest time in bypasses. And in crypto, the payoff for a successful bypass can be nine figures.
Why Crypto Is Uniquely Vulnerable
Guillemet’s core insight is that the threat from AI models like Fable 5 is not about inventing novel attack vectors. The danger lies in acceleration. A reasoning model can “diff every commit, grep every config, and enumerate every misconfiguration at machine speed,” he said, referring to standard software development tasks that human security auditors perform manually.
Consider what that means practically. A human auditor might take weeks to review a protocol’s codebase, identify potential weak points, trace the logic of multi-signature schemes, and construct a viable exploit path. An AI operating at machine speed could potentially compress that timeline to hours or less.
Crypto amplifies this risk because software failure converts to financial loss almost instantly. In traditional finance, a discovered vulnerability might allow unauthorized account access, but extracting funds typically requires navigating banking rails, compliance checks, and reversible transactions. In DeFi, a successful exploit can drain a protocol’s entire treasury in a single block. The derivatives markets and lending protocols that form the backbone of decentralized finance are particularly exposed because they hold concentrated liquidity.
The Human Error Pattern
Here is the uncomfortable data point that makes the AI threat even more concerning: this year’s largest DeFi losses did not come from sophisticated smart-contract exploits. They came from human error and operational failures.
DefiLlama data shows more than $840 million lost in the first five months of 2026. The two biggest incidents tell a story that should worry anyone assuming smart-contract audits will save them.
A North Korea-linked group drained approximately $285 million from Drift Protocol, but they did not find a clever contract bug. They ran a six-month social-engineering campaign until they won admin access. The attack required patience, deception, and eventually compromised credentials, not a zero-day vulnerability.
The second-largest incident saw roughly $292 million siphoned from Kelp DAO through a single-verifier flaw. Again, not a contract bug in the traditional sense, but an operational architecture weakness that allowed an attacker to bypass intended security controls.

On Tuesday itself, Humanity Protocol lost over $30 million when a hacker gained access to three of six private keys stored on a single employee’s laptop. No AI-generated exploit code required. Just a compromised endpoint.
The pattern is clear. The largest losses stem from social engineering, bad signing flows, exposed keys, and human error. These are exactly the categories where an AI reasoning model could provide massive uplift to attackers without ever writing a line of malicious smart-contract code.
What Fable 5 Changes for Attackers
A model like Fable 5 does not need to hand over a finished exploit to be dangerous. Guillemet’s analysis suggests the value comes from reconnaissance and optimization at speeds humans cannot match.
Imagine an attacker targeting a mid-sized DeFi protocol. Today, they might spend weeks researching the team, mapping the organizational structure, identifying employees with privileged access, finding social media footprints, and crafting personalized phishing approaches. An AI assistant could compress the research phase dramatically, cross-referencing public information, identifying the most vulnerable entry points, and even drafting convincing social-engineering messages.
Or consider the technical reconnaissance phase. An attacker wants to know if a protocol’s multi-signature wallet has any operational weaknesses. Human analysis might involve reading documentation, tracing on-chain transactions, and building a mental model of how signing ceremonies actually work. A reasoning AI could parse the same information in minutes, flagging anomalies like inconsistent signing patterns, single points of failure in key storage, or time windows when the number of required signers drops due to availability issues.
The market implications are significant. Protocols that assumed their security posture was adequate because human attackers would need months to find weaknesses may discover that timeline has collapsed to days.
The Filter Fallacy
Anthropic’s approach to safety is not naive. The company explicitly designed different access tiers, restricting the most capable version to vetted security professionals. The public model routes suspicious requests to a weaker backend. Over 1,000 hours of adversarial testing found no universal jailbreak.
But the company’s own language reveals the limits of this approach. Anthropic said it expects determined, well-funded attackers to keep trying because the capability is valuable. The firm explicitly acknowledged the filters are “not a reliable control against a determined adversary.”
This creates an asymmetric situation. Defensive security teams get access to powerful AI tools that can help them find vulnerabilities first. But attackers operate without oversight, can afford to invest time in bypass techniques, and only need to succeed once. The economics favor offense.
The crypto industry’s track record suggests most protocols will not invest sufficiently in AI-augmented defense before attackers demonstrate AI-augmented offense. The fear and greed index may capture market sentiment, but it does not capture the growing technical risk beneath the surface.
Preparing for Machine-Speed Adversaries
What can protocols actually do? The pattern in 2026’s largest exploits points toward operational security rather than smart-contract hardening.
Key management practices need to assume that attackers can identify and target key holders faster than before. The Humanity Protocol breach involved three of six keys on a single laptop. That operational setup might have seemed acceptable when human reconnaissance took months. It becomes indefensible when AI can map an organization’s key management topology in days.
Signing flows need adversarial review with AI-capable opponents in mind. If a protocol’s multi-sig has time windows where effective control drops to fewer signers, AI-augmented attackers will find those windows faster.
Social-engineering defenses need to improve. The Drift Protocol attack took six months of patient relationship building. AI tools that can help attackers craft more convincing, more personalized approaches could compress that timeline. Protocols need out-of-band verification for any privileged access changes, period.
The guides on seed phrase security and hardware wallet comparisons matter more now than ever for individual holders. Institutional-grade key management matters even more for protocols holding user funds.
Anthropic’s Fable 5 release lands in a crypto market that lost $840 million in five months largely through human error, not contract bugs. The next billion-dollar hack may not require a novel exploit. It may just require an attacker who can find the existing weaknesses faster than defenders can fix them.
Related Reading
References
Nothing in this article constitutes investment advice. Cryptocurrency carries risk, always do your own due diligence.




