CertiK CEO has issued a critical warning that mass deployment of AI agents without proper isolation and verification poses a catastrophic cybersecurity threat to the cryptocurrency industry. The concern centers on AI agents already gaining access to files, email, databases, local cryptographic keys, wallets, and financial services—creating vulnerabilities exploitable through text-based attacks rather than traditional malware.
The primary attack vector identified is prompt injection, wherein malicious actors embed harmful instructions within PDFs, emails, or websites that AI agents process as legitimate commands. Once triggered, compromised agents can override their original parameters to execute unauthorized transactions or exfiltrate sensitive data. CertiK has already identified hundreds of malicious plugins, counterfeit installers, and fake dependencies targeting AI infrastructure, evasions that conventional antivirus systems fail to detect because the attack mechanism bypasses traditional code-based signatures.
The platform has documented a surge in short-lived on-chain exploit schemes, with scammers launching fraudulent contracts lasting minutes to hours specifically designed to target AI trading bots rather than human users. To address these escalating threats, CertiK leadership advocates immediate industry-wide adoption of zero-trust architecture for AI infrastructure, requiring individual verification of all tools, commands, and connections before execution.