In 2019, sophisticated hackers spent weeks targeting Coinbase employees with emails from compromised Cambridge University accounts. The attackers patiently built trust before deploying a pair of chained zero-day exploits—a term that describes undiscovered software vulnerabilities—that took aim at the Firefox browser. One exploit sought to break into the browser, and the other sought to execute malicious code on the host machine. At the time, it was among the most advanced attacks ever directed at the corporate sector.
The Coinbase security team caught it within hours after an employee report and automated alerts fired simultaneously. This allowed us to identify the malicious behavior. Response times measured in minutes, no customer funds lost. But I think about that incident differently now. The attacker needed weeks of social engineering and rare zero-days to get one shot at us. An AI-driven adversary wouldn’t need weeks. It might not even need hours. And that’s the world I’m preparing for today.
The last few months have made something clear that security teams across industries have been quietly preparing for: AI is and will continue to change how cyberattacks occur. Since the form of this change is still taking shape, the hardest part of my job right now is planning for threat models that don’t fully exist yet.
Frontier AI models, such as those being built by Anthropic, OpenAI, and others, have crossed a capability threshold in cybersecurity that would have seemed speculative eighteen months ago. These systems can read a codebase the way an experienced auditor reads a codebase, but with the speed, memory and focus of a machine. One recent model found a 27-year-old bug in OpenBSD, one of the most audited codebases on the planet. That’s a structural shift in what’s possible.
Today, that shift favors the defender.
Security is, in large part, a context problem. Defenders usually know more about their own systems than attackers: the code, logs, architecture, and history. Give a strong model that context and it can become a powerful tool for finding weaknesses faster and more thoroughly. At Coinbase, we already use AI across security work, including application security, launching simulated attacks on our own system (a process known as red teaming), and infrastructure hardening. In environments where defenders can deploy these tools first and at scale, they should win.
But where attackers and defenders share equal context, the problem is more significant.
One example is Decentralized Finance (DeFi), where code runs in the open. Attackers have the same access a smart contract audit does. It becomes a race of model capability and focus to see who will find bugs first. AI will also lead to a compression of the normal attack timeline, taking something that would have spanned weeks and compressing it to hours. This is likely to make exploits faster, cheaper and more frequent.
AI threatens the backbone of global software
The issue here, of course, extends well beyond DeFi and into the open source code that forms the backbone of the world of software. Much of that code is in the open on platforms such as GitHub, available for review by attacker and defender alike. In security, we call this kind of risk a supply chain attack. They’re not new, they are incredibly hard to detect and defend against, and they are about to get faster and easier than ever before.
The frontier models that can find long hidden bugs like the OpenBSD one today require enormous hardware to run. Anthropic and its peers are releasing these capabilities carefully, giving defenders a head start. That’s the right approach, and it’s a real benefit to the ecosystem. But it’s a temporary one.
These models are getting cheaper to run. Researchers are improving efficiency, experimenting with ways to run larger models with less hardware, and steadily pushing performance forward.
What might cost $10 million in hardware to run today could cost closer to $100,000 a year or two from now. Models like Mythos are unique today, but history is clear that open-weight equivalents will follow. When that happens, capabilities available now limited to a handful of labs will be within reach of any well-resourced attacker group.
This is what security teams should be planning for now.
Incidents are going to move faster. Supply chain attacks will become much more common; lateral movement, privilege escalation, data exfiltration, exploitation of discovered vulnerabilities will happen at a speed that human responders will struggle to match. The scariest part of all is that’s all imagining an AI assisted attack as a regular attack, just faster. We fundamentally don’t know the ways AI will change the attack and defense side of cybersecurity in the coming years.
Preparing for threats you can’t fully specify is uncomfortable, but it’s not new. It’s most of what security work actually is. What is new is the speed.
So what should companies do?
Companies that want to address these threats can start by using AI aggressively on the defensive side. There is no virtue in falling behind on tools your adversaries will eventually have. Don’t wait on vendors or a third party. Instead, make a point to experiment, and demand that your people engage with AI as much as possible.
That alone isn’t enough. Companies need to manage their third parties with the same intensity, especially the software libraries they depend on. Simple steps like version pinning or requiring a cool-down period before new library releases are available to developers can go a very long way toward blunting the supply chain attacks that are about to become far more common.
Most critically, rebuild your incident response around the assumption that the attacker is operating at machine speed, because soon enough, they will be. “Assume compromise” has been an ongoing slogan in security for years, but AI makes it viscerally real. The attacker on your network may not pause to sleep, strategize, or second-guess. Your playbooks need to account for that.
And through all of this, resist the temptation to treat any specific model release as the problem to solve. A year later, there will be a more capable model, and the cycle will reset. The goal isn’t to defend against one tool. It’s to build an organization that adapts faster than the threat evolves.
The last decade taught me that the crypto industry evolves faster than any sector I’ve ever worked in. The next decade, shaped by AI, will be faster still. This is not a fight defenders win once. It’s an arms race. Attackers will eventually get many of the same tools defenders have. What we can do, and what we have to do, is stay ahead long enough to matter. You may lose some battles along the way, the important thing is not to lose the war.
