Analysis

AI-driven social engineering collapses the marginal cost of high-fidelity deception, shifting the primary attack surface in crypto from cryptography to human and software supply chains. Expect a measurable reallocation of security spend away from protocol hardening toward identity, attestation, and recovery primitives — a multi-year tailwind for vendors that can cryptographically bind human intent (voice/video watermarking, device attestation, multi-party seed custody). Second-order winners will be custody providers and enterprise security stacks that remove humans from high-risk flows (threshold signatures, MPC, HSMs, secure enclaves) even if they charge 3–5% AUM fees; losers include retail-first exchanges and wallet UX vendors that trade convenience for recoverability, which will face both higher customer churn after high-profile losses and accelerating regulatory scrutiny within 6–18 months. Insurance economics will reprice rapidly: expect carriers to increase premiums or carve exclusions for “social-engineering losses,” forcing custodians to internalize more capital or buy bespoke reinsurance. Catalysts and reversal risks are concrete and short-cycle — an obvious catalyst is a high-profile, >$100M fraud using AI deepfakes (days–weeks of market reaction); reversals could come from rapid adoption of standardized attestation protocols or mandatory insurance frameworks (6–24 months) that restore trust. The most underappreciated dynamic is composability of risk: AI will seed identical exploit patterns across codebases, so a single vulnerability discovery can cascade; hedges should therefore focus on correlated operational failure rather than idiosyncratic protocol risk.