The advancement of artificial intelligence in the crypto world is opening new possibilities... but also new vulnerabilities.
Increasingly present in wallets, trading bots, and on-chain assistants, AI agents are automating real-time decisions. And while this represents efficiency and speed, it could also become a security nightmare if not managed properly.
At the heart of this technological evolution is the Protocol Context Model (PCM), an emerging framework that regulates the behavior of these agents: what tools they use, how they respond to users, and what code they execute. However, its flexibility is also its greatest weakness: it opens multiple attack surfaces for malicious plugins.
According to VanEck, the number of AI agents in the industry surpassed 10,000 by the end of 2024 and could exceed one million in 2025. An explosive growth that worries cybersecurity firms like SlowMist, who have identified four severe attack vectors:
1. Data poisoning: manipulates processes from the outset, generating false dependencies and misleading instructions.
2. JSON injection attack: uses contaminated data from local sources to compromise validations and commands.
3. Competitive function override: replaces legitimate functions with malicious code, altering the system's logic.
4. Cross-MCP: induce agents to interact with untrustworthy external services, increasing risks.
Unlike model poisoning like GPT-4, these threats do not affect the base model but rather the agents built on top of it, which operate with plugins and real-time data.
Monster Z, co-founder of SlowMist, warned:
"The level of threat and the privileges of these attacks on agents are greater than in traditional AI poisoning."
And the situation is not hypothetical. During audits of MCP projects, SlowMist detected vulnerabilities that, if not corrected, could have led to leaks of private keys, irreversibly compromising crypto funds.
Guy Itzhaki, CEO of Fhenix, was clear:
"Plugins act as trusted execution paths without proper sandboxing. It’s the perfect recipe for silent leaks."
Security cannot wait for version 2.0. Lisa Loud from Secret Foundation summed it up well:
"When built with plugins and in an on-chain context, security must come first."
What's the lesson?
Developers must apply strict controls from the outset: plugin validation, input sanitization, principle of least privilege, and continuous monitoring of agents. Yes, it’s tedious. But it’s the price to protect the crypto infrastructure of tomorrow.
