More

    Agentic AI as the New Threat to Web3: What CISO Robinhood Talked About at Incrypted Marathon 2025

    News

    Published on:

    At the Incrypted Online Marathon event, which was part of Blockchain Week 2025, one of the speakers was David Schwed, CISO, Brokerage & Money at Robinhood. His presentation touched on the potential threats associated with Agentic AI in Web3 and possible ways to protect against them.

    Note that the marathon has already been watched by more than 25,000 people on YouTube and in the social network X (formerly Twitter). At the same time, the central event of Blockchain Week is still to come — Incrypted Conference 2025. Tickets for the main crypto event of the year can be purchased on the official website.

    Attack in 60 Seconds

    One of the key points of the presentation was that the Web3 sector may face a new wave of threats in the next couple of years — from fully autonomous AI agents. These systems will be able to independently identify vulnerabilities, develop exploits and perform attacks, including stealing funds from DeFi protocols, without any human involvement, Schwed noted.

    “Imagine an autonomous agent that finds a bug and completely empties the DeFi pool in 60 seconds,” the Robinhood representative emphasized.

    He added that the speed of such attacks makes them particularly dangerous, as traditional detection and response tools simply do not have time to work. In a number of cases, vulnerabilities in DeFi protocols have already been exploited in less than 10 minutes from the moment they were published in the code, the expert pointed out. In his opinion, with the emergence of AI systems, the time frame may become even shorter.

    Schwed also noted that Web3 projects often lack a mature cybersecurity strategy, especially in the early stages. Many startups are focused on speed of development and put off defense issues “for later.” At the same time, they interact with open infrastructure, use public repositories and contracts, which makes them vulnerable by default, the expert believes.

    Fiasco of Traditional Protection Measures

    The marathon speaker emphasized that classical approaches to information security are no longer adequate to the level of threats posed by AI systems. Code audits conducted once a quarter, manual testing and other standard practices, he said, are unable to detect and prevent attacks that can begin and end in minutes — or even seconds.

    “The traditional model is to react within hours. Agentic AI can act in seconds,” he noted.

    According to Schwed, AI solutions are already capable now:

    • track changes to public repositories;
    • analyze mempools in real time;
    • interpret logs, APIs, and user behavior;
    • extract data from social networks.

    All of this allows them to model the entire situation, look for weaknesses in the logic of smart contracts and automatically build an attack path, Schwed believes.

    He also mentioned that agents can not only attack, but also retrain on the fly. When faced with an error or limitation — adapt, change strategy and keep trying to carry out an attack. This effect of constant self-improvement makes them particularly dangerous, the speaker emphasized.

    In addition, coordinated attacks by multiple AIs can be scalable and parallel. Thanks to this, they can raid hundreds of projects simultaneously, the Robinhood representative pointed out.

    Defending in a New Way

    Schwed urged Web3 developers to start using Agentic AI for defense as well. Specifically, for continuous testing, CI/CD integration, and automated response. He suggested deploying internal red-team systems that would check the infrastructure 24/7 for vulnerabilities — not only in the running product, but also in the development phase.

    Among the specific suggestions:

    • implementing AI agents in pipelines to analyze pull-requests;
    • blocking suspicious code before release;
    • autonomous creation of tickets and proposals for fixing bugs and errors.

    The Robinhood representative also emphasized the importance of transparency of AI systems’ actions — from decision logging to the ability to explain to the regulator why the agent made this or that decision. According to Schwed, special attention should be paid to the issues of model drift, the possibility of “poisoning” of training data and compliance with the principle of trust in the organization.

    “You have to build a system in advance where you can show: here’s why the agent did this and not that,” he noted.

    Schwed believes that security in Web3 is not just about the product. It is a matter of culture, processes and organizational maturity. The expert is sure that the threats of the future require starting work on protection long before the project becomes public.

    Let us remind you that Incrypted Conference 2025 will be held on June 14, at the Exhibition and Convention Center “Parkovy”. The largest crypto event in Ukraine will gather more than 3000 participants, more than 30 speakers from around the world and more than 50 partners from the Web3, blockchain and cryptocurrency ecosystem.

    You can purchase tickets for the main Web3 event of the year on the official website.

    Related

    © Decrypt News. All Rights Reserved