What Survives Unreal Intelligence?
How USD.AI designs for failure, constrains attack surfaces, and survives in the age of superhuman AI adversaries.
July 1, 2026

“Mythos hacks the NSA, ‘not in weeks, but in hours,’ Director shaken”
Headlines like this one appear almost every day now. The speed at which AI is accelerating is breathtaking, but harrowing. New capabilities are announced by the frontier labs, who also prophesize doom and apocalypse if the government fails to regulate them into monopoly.
In mid-June 2026, Anthropic released Claude Fable 5, a safety-constrained version of its more powerful Mythos-class model, to the general public. Within days, the U.S. government imposed export controls, the first time this had been applied directly to an AI model, after learning of a narrow jailbreak that could bypass safeguards for specific cybersecurity tasks. Citing national security, the order barred foreign nationals, including some Anthropic employees, from access, forcing Anthropic to suspend Fable 5 and Mythos 5 globally. The controls were lifted on June 30, and Fable 5 access began restoring globally on July 1 with strengthened safeguards. Mythos 5 remains restricted to approved partners via Project Glasswing, with broader trusted access expected to require vetting.
Mythos’s cyber capabilities are astounding. In pre-release testing the model identified thousands of zero-day vulnerabilities across every major operating system and every major web browser. Many of these vulnerabilities were decades old. A particularly striking example: a critical bug in OpenBSD that had gone undetected for 27 years. By June 2026, security researchers had collectively found more than 10,000 high- or critical-severity security flaws.
Mythos is our first glimpse of what can be called Unreal Intelligence, systems that operate so far beyond human threat models that they turn the entire digital stack into an unknown unknown. And every part of the digital sphere is reverberating with its effects.

DeFi is currently weathering the most severe cycle of systemic exploitation in its short history. The total number of hacks is exploding as long-dormant contracts face their own mortality. It is a stark reminder that in finance, “immutable” doesn’t mean “invincible.” Code must be maintained or it grinds to dust.
What is so pernicious about this current round of exploits is that there is no way of knowing whether advanced AI was responsible for the hacks. Correlation, maybe. Direct knowledge is impossible. It is the unknown unknown of the AI boom.
We are six years removed from the heady days of DeFi Summer 2020. Looking back, it feels like a different lifetime, a naive, simple era where limitless design space drove “test in prod” as the rallying cry.
Back then, you could launch an uncollateralized stablecoin, backed with nothing but memes and vibes, and watch it balloon into billions. The industry had grand ideals about rebuilding the world financially, fueled by unlimited optimism and the reckless freedom to move fast and break things.
But that childhood is over. People depend on these systems with their savings. Catastrophic loss is no longer an option.
As DeFi competes with banks and multi-billion dollar private credit funds, it has to ask itself what exactly it is, and who it is building for.
Since 2022 every major DeFi “safe haven” has crumbled. Stablecoins don’t hold their peg, while supplying stables to money markets and arbitraging perp dexes is now viewed as a risky venture. Hiding in large incumbent protocols is not an option anymore, as they have suffered from their exposure to less secure projects.
For years, a sharp distinction defined the landscape: onchain “DeFi” was the rebel nation, operating outside established rules, while offchain “TradFi” remained the incumbent. This discourse was driven by inconsistent regulatory enforcement, alternating between opportunistic hostility and total neglect.
DeFi served the markets spurned by the establishment; TradFi sought to crush them.
By 2026, that era is behind us. With the GENIUS Act passed in 2025 and CLARITY arriving in 2026, the legal and regulatory ghosts of the previous decade have vanished. The question the industry faces has shifted from rebellion to competition: can financial technology outpace giant incumbents now that the political barriers have dissolved? The old distinctions are gone, leaving behind only “finance” as a singular, operational mode of output.
The transition to a hybrid, tokenized finance model requires a new calculus of risk. The naive assumption that code is law must give way to the recognition that code is a battlefield.
This doesn’t mean the end of onchain utility; it means the evolution of structure and a deeper respect for the ever-evolving arms race to secure billions of dollars against unknown enemies wielding capabilities only seen after the damage is done.
Donald Rumsfeld, who popularized the “unknown unknowns” concept, wrote in his memoirs:
The idea of known and unknown unknowns recognizes that the information those in positions of responsibility in government, as well as in other human endeavors, have at their disposal is almost always incomplete. It emphasizes the importance of intellectual humility, a valuable attribute in decision making and in formulating strategy. It is difficult to accept—to know—that there may be important unknowns. The best strategists try to imagine and consider the possible, even if it seems unlikely. They are then more likely to be prepared and agile enough to adjust course if and when new and surprising information requires it—when things that were previously unknown become known.
Protocol builders must therefore gameplan far beyond any current known threats to steward their code safely, while also designing systems to limit damage caused by exploits.
Here is how the USD.AI protocol anticipates and manages the threat of failure.
Protocol-Level Exploits and Infinite Mint Scenarios
The most severe theoretical failure mode for any stablecoin protocol is an infinite mint event. In a world where AI systems like Mythos are uncovering software flaws faster than humans can reason about them, protocol designers must assume that unknown vulnerabilities exist somewhere in the stack.
The question is not whether bugs are theoretically possible. The question is how many attack vectors exist and how much damage each vector can realistically cause.
At USD.AI, the protocol has been intentionally simplified to make the answer as narrow as possible.
Reducing the Attack Surface
There are two categories of attack vectors.
The first are operational or centralized risks. These include compromises of multisig signers, hardware wallets, or administrative keys. These risks are managed through operational security controls including multisig thresholds and timelocks.
USDai and StakedUSDai are governed by a two-day timelock controlled by a dedicated multisig. Only the protocol team can schedule, cancel, or execute administrative operations. A malicious upgrade therefore requires both a multisig compromise and enough time for detection and intervention.
The second category consists of permissionless attack vectors. These are the scenarios that matter most because they assume an attacker is simply another user of the protocol.
Under LoanRouterV2, ordinary users can only perform four actions:
- Deposit USDai
- Withdraw USDai
- Stake USDai into StakedUSDai
- Redeem StakedUSDai.
The previous permissionless lending platform and external price oracle dependencies have been removed. LoanRouterV2 is fully permissioned and no longer relies on manipulable oracle inputs for stablecoin accounting.
As a result, there are remarkably few ways for an attacker to interact with the protocol at all.
Infinite Mint Scenarios
The standard deposit and redemption interfaces cannot create assets from nothing.
Minting USDai requires depositing an equivalent amount of PYUSD. Minting StakedUSDai requires depositing USDai according to a deterministic share price. Once oracle dependencies are removed, users cannot manipulate these exchange ratios.
This leaves one remaining protocol component with mint authority: the LayerZero bridge.
Cross-chain messaging systems necessarily possess the ability to burn assets on one chain and mint them on another. By design, they hold the power of finite or infinite minting.
Consequently, the LayerZero bridge remains the protocol’s largest theoretical vulnerability.
What Happens if LayerZero Fails?
The Resolv exploit earlier this year showed what a hypothetical bug allowing attackers to bypass LayerZero message verification could permit. Attackers arbitrarily minted rsETH on a destination chain and then used it to drain liquidity pools in lending markets.
Several layers of containment exist: outbound mint limits of $10 million per hour; inbound mint limits currently being added through migration to LayerZero’s Stablecoin OFT Adapter; a 3-of-3 Decentralized Verifier Network for message verification composed of LayerZero Labs, Nethermind, and Canary; and emergency pause powers that allow the protocol to halt token operations on any supported chain.
With these guardrails in place, even in the event of an exploit, the expectation is that damage would be minimal and containable.
Importantly, StakedUSDai is even more resilient. Monthly redemption windows and limited secondary-market liquidity significantly constrain an attacker’s ability to extract value. In such scenarios, secondary-market prices may temporarily dislocate while protocol NAV remains intact.
Integration Vulnerabilities
When USDai or StakedUSDai are deployed into protocols such as Fluid or Pendle, users become exposed to the security assumptions of those platforms.
If an integration suffers an exploit, the assets deployed within that specific venue may be compromised. However, these integrations do not provide recursive access into the USD.AI treasury, loan collateral, or protocol accounting systems.
An exploit in a third-party protocol may impair users participating in that venue, but it does not grant attackers access to the underlying GPU-backed collateral or the broader USD.AI balance sheet. NAV would be preserved even if a third-party integration were destabilized.
Borrower Compromise
Borrowers carry some risk, but it has little operational impact on the protocol if they are exploited. The protocol limits their functional abilities to a few specific operations, essentially receiving funds and repaying loans.
Borrowers do not control the NFTs and tokens that represent their collateral. These are minted directly into protocol-controlled accounts and transferred into collateral contracts for the duration of the loan. The NFTs are an onchain tracking instrument, not bearer claims on physical equipment. If a borrower’s wallet were compromised, the NFTs could be burned, reissued, or administratively managed if extraordinary circumstances require intervention.
The worst outcome of a borrower wallet exploit would be limited to a loss of operational balances, such as debt service reserve accounts. A borrower can experience a catastrophic wallet compromise while the protocol itself remains fully collateralized and operational.
Beyond Immutable
The uncomfortable truth of the Age of Mythos is that no protocol can honestly claim perfect security. Unknown unknowns exist by definition.
The protocols that survive will not be the ones that assume they are invulnerable. They will be the ones that expect failure, constrain impact, continually update and maintain code, and retain the operational flexibility to respond faster than attackers can extract value.
USD.AI was built around that assumption.
USD.AI finances the compute infrastructure powering frontier AI systems while simultaneously designing its protocol under the premise that those same systems may eventually discover vulnerabilities no human has yet imagined.
The future belongs to protocols that can coexist with superhuman adversaries, not pretend they do not exist.