Fun panel and I agree with @balakhonoffâs takeaway that a lifecycle security approach is especially important in the age of AI
Iâm in Buenos Aires right now at the DeFi Security Summit, where I joined a panel on AI and Web3 security along with @blocksec (EigenLabs), @ChanniGreenwall (Olympix), @jack__sanford (Sherlock), and @nicowaisman (Xbow). What not long ago felt like a âdistant futureâ is now being discussed as a very concrete roadmap for the coming years: both defensive and offensive AIâpowered technologies are going to advance rapidly, especially in vulnerability discovery. Everything auditors do today manually and through a patchwork of tools is gradually being bundled into more powerful and accessible automated stacks.
Itâs important to look at reality soberly: the hope that we can reliably âfence offâ models from undesirable use is illusory. Any sufficiently capable model is, by definition, dualâuse. Providers will add restrictions, filters, policies â but thatâs not a fundamental barrier. Anyone with motivation and resources will spin up a selfâhosted model, assemble their own agentic stack, and use the same technologies without worrying about ToS. You canât design security under the assumption that attackers wonât have access to these tools.
The economics of attacks are also far from straightforward. In the short term, attacks will get cheaper: more automation, more âwideâarea bombardment,â more exhaustive exploration of states and configurations without humans in the loop. But over the long run, as defensive practices and tools catch up, successful attacks will become more expensive: coverage will improve, trivial bugs will disappear, and effective breaches will require serious infrastructure, preparation, and expertise. This will shift the balance toward fewer incidents â but those that do happen will be far more complex and costly.
My main takeaway: weâll have to revisit the entire security lifecycle, not just âcosmetically improveâ audits. How we describe and understand risk profiles, how threat models evolve with AI in the picture, how we structure development, reviews, testing, deployment, onâchain monitoring, incident response, and postâmortems â all of this will need to be rethought. Traditional audits will remain a key piece, but they can no longer be the sole center of gravity. The reality is that AI symmetrically amplifies both defenders and attackers â and Web3 security will have to adapt its entire operating model to this asymmetric arms race.
813
3
Le contenu de cette page est fourni par des tiers. Sauf indication contraire, OKX nâest pas lâauteur du ou des articles citĂ©s et ne revendique aucun droit dâauteur sur le contenu. Le contenu est fourni Ă titre dâinformation uniquement et ne reprĂ©sente pas les opinions dâOKX. Il ne sâagit pas dâune approbation de quelque nature que ce soit et ne doit pas ĂȘtre considĂ©rĂ© comme un conseil en investissement ou une sollicitation dâachat ou de vente dâactifs numĂ©riques. Dans la mesure oĂč lâIA gĂ©nĂ©rative est utilisĂ©e pour fournir des rĂ©sumĂ©s ou dâautres informations, ce contenu gĂ©nĂ©rĂ© par IA peut ĂȘtre inexact ou incohĂ©rent. Veuillez lire lâarticle associĂ© pour obtenir davantage de dĂ©tails et dâinformations. OKX nâest pas responsable du contenu hĂ©bergĂ© sur des sites tiers. La dĂ©tention dâactifs numĂ©riques, y compris les stablecoins et les NFT, implique un niveau de risque Ă©levĂ© et leur valeur peut considĂ©rablement fluctuer. Examinez soigneusement votre situation financiĂšre pour dĂ©terminer si le trading ou la dĂ©tention dâactifs numĂ©riques vous convient.