AI Will Break Software, but Hardware Wallets Will Win

Every leap in AI capability is a leap for both sides. Defenders get smarter threat detection, better auditing, faster response times. Attackers get the same advantages applied in reverse: smarter reconnaissance, better social engineering, faster exploitation of vulnerabilities. The difference is that defenders need to be right every time. Attackers only need to be right once.

We’ll discuss how AI-assisted attacks threaten financial organizations and the tools that keep your money safe.

Project Glasswing

Anthropic locked Mythos down inside Project Glasswing, a coalition of roughly 40 organizations, including JPMorgan, Goldman Sachs, Amazon, Apple, Microsoft, and CrowdStrike, who are now using it exclusively for defensive security work. The company committed $100 million in API credits to these partners, alongside $4 million in direct donations to open-source security organizations.
 

The traditional banking sector is treating Claude Mythos as a systemic event. Central banks are calling emergency meetings, and Wall Street is pulling the model into its security stack.
 

Bank of England Governor Andrew Bailey warned publicly that Mythos could crack the whole cyber risk world open. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened a meeting with Wall Street CEOs specifically to discuss the model. Goldman Sachs CEO David Solomon told analysts his bank is hyperaware of the enhanced capabilities of these new models.

If that's the trad-fi’s response, what is the crypto industry doing about this new threat?

$771 Million Lost in 2026

The crypto industry has lost $771.8 million to hacks and exploits in just the first four months of 2026, across 47 separate incidents. April alone accounted for $606 million in losses, making it the worst single month for crypto theft since the Bybit hack in February 2025.
 

Two incidents accounted for most of April's damage: the $293 million KelpDAO exploit and the $285 million Drift Protocol breach. Both were infrastructure-layer attacks, and we can’t fully confirm if AI played a role.

CertiK’s senior investigator, Natalie Newson, identified four primary threat categories for 2026: 

• AI-powered phishing and deepfake social engineering, 
• Supply chain attacks on wallet browser extensions,
• Cross-chain infrastructure vulnerabilities
• Signature-based wallet draining attacks.

Mythos just has to execute existing threat categories faster, cheaper, and at scale. The Trust Wallet supply chain breach in December 2025 didn't require AI. But imagine that same attack pattern automated, running continuously against every browser extension in the Chrome Web Store.

What can Claude Mythos do?

Let's be clear about Mythos’s capabilities, because coverage has ranged from measured to apocalyptic.

Claude Mythos is simply a general-purpose frontier AI model with unusually strong coding, reasoning, and agentic execution capabilities. Its cyber capabilities emerged as a downstream consequence of general improvements in reasoning and code generation.
 

On expert-level Capture the Flag cybersecurity challenges (tasks that no AI model could complete before April 2025), Mythos succeeds 73% of the time. The AISI built something harder to capture the real threat: "The Last Ones," a 32-step corporate network attack simulation spanning reconnaissance, lateral movement, credential theft, privilege escalation, and full network takeover. Mythos is the first model to complete it from start to finish.
 

What about the economics? Mythos' performance scales with compute budget. During testing, it was given up to 100 million tokens of inference compute. Performance continued to improve without reaching a plateau, with the only constraint being the number of tokens an attacker is willing to use.

The crypto industry’s weaknesses

DeFi protocols are smart contracts; software deployed on public blockchains where the source code is visible to anyone. Transparency enables trustless interaction, but it also means every line of code is available for inspection by Mythos-class models. 

These models can identify subtle vulnerabilities that static analysis tools miss and reason about multi-step exploit chains in which they can manipulate an oracle in one contract to create an arbitrage condition in another, draining a liquidity pool in a third.

DeFi and smart contracts

The deeper structural problem is that DeFi can't respond as quickly as traditional finance. A deployed smart contract is immutable by design, so when a vulnerability is found, the options are either to slowly migrate to a new contract or to implement emergency pauses (controversial).
 

AI also compresses the discovery-to-exploitation timeline to hours or minutes, but the remediation timeline is in days or weeks. This mismatch is why the April 2026 Aave contagion event played out the way it did. One exploit at KelpDAO cascaded into $5 billion in panic withdrawals across the entire lending ecosystem within hours. AI-assisted hacking threatens the composability that makes DeFi work, because every protocol's risk profile now includes the risks of every other protocol it interacts with.

Software wallets

A significant portion of the crypto market also stores private keys in browser extensions that share the same runtime as every other piece of software on the machine.

A browser extension wallet is a JavaScript application running inside a browser, inside an operating system, on a device connected to the internet. The private key is stored as data in a software process, sharing memory, runtime, and system resources with every other app on the device.

We’re not criticizing any specific wallet's code quality. This is an architectural reality in which a software wallet's security is tied to the security of every system it interacts with. AI will get systematically better at finding flaws in every one of those systems.

CryptoSlate's analysis found that personal wallet compromises accounted for 44% of total crypto losses in 2024. Wallets combining hardware key storage with air-gapped signing had incident rates below 5%, compared to over 15% for software-only wallets.

How Hardware Wallets will make a difference

The attack models that make AI so dangerous against software wallets: autonomous reconnaissance, chained exploitation, patch-to-exploit pipelines, and supply chain compromise, focus on a target that exists as a software process reachable over a network.

A hardware wallet is not a better version of a software wallet. It's entirely different, with a fundamentally different threat model. Let’s use Tangem as an example. A Tangem card contains a secure element chip certified to resist certain invasive and non-invasive attacks. When you activate the card, a True Random Number Generator inside the chip creates your private key. By design, that key never leaves the chip unencrypted. It cannot be extracted, read, or transmitted.

Signing operations happen inside the secure element. The result is a signed transaction that is transmitted via NFC. You could point Claude Mythos at the entire internet and let it run for a year, but it still won’t reach a private key stored in a secure element. There is simply no network path or software process to compromise.

Does the AI threat make hardware wallets mainstream?

The old framing was that hardware wallets are for people with enough crypto to justify the cost and inconvenience. If you're holding $500 in ETH, a browser extension is good enough. 

The assumption was that the probability of being targeted was proportional to the size of your holdings. Sophisticated attacks targeted high-value wallets, so small holders flew under the radar. AI-assisted hacking undermines that assumption by enabling attacks to scale horizontally.
 

A human attacker chooses targets selectively because their time is finite. A Mythos-assisted attack pipeline will run against everything. When the cost of scanning for vulnerable browser extensions, generating phishing payloads, or exploiting known CVEs drops to pennies per attempt, the attacker stops worrying about whether a wallet is worth targeting. Instead, they ask how many wallets they can drain per hour.

The price of a Tangem card set is modest relative to what people routinely spend on phone cases and screen protectors. But it protects every asset they’ll ever store on it against the fastest-growing category of cyber threat in history.
 

So the question we ask today is, what’s the cost of getting a hardware wallet compared to the amount of crypto you hold today? Will your current key storage system survive the next two years of AI capability growth?