The Integration of AI and Web3: New Challenges Brought by the Rise of DeFAI

Recently, a blockchain week event focusing on the integration trend of AI and Web3 was held in Istanbul, becoming an important discussion platform in the field of Web3 security this year. During the event, several industry experts conducted in-depth discussions on the current application status and security challenges of AI technology in decentralized finance (DeFi).

In this event, "DeFAI" (Decentralized Artificial Intelligence Finance) has become a hot topic of discussion. Experts point out that with the rapid development of large language models (LLM) and AI agents, a new financial model—DeFAI is gradually taking shape. However, this innovation also brings new security risks and potential attack vectors.

A security expert participating in the discussion stated: "Although DeFAI has a broad prospect, it also forces us to re-examine the trust mechanisms in decentralized systems. Unlike traditional smart contracts, the decision-making process of AI agents is influenced by various factors such as context, time, and even historical interactions. This unpredictability not only increases risks but also provides opportunities for potential attackers."

AI agents are essentially intelligent entities capable of making autonomous decisions and executing actions based on AI logic, typically authorized to operate by users, protocols, or decentralized autonomous organizations (DAOs). Among them, AI trading bots are the most typical representatives. Currently, most AI agents still operate on a Web2 infrastructure, relying on centralized servers and APIs, which makes them vulnerable to various attacks, such as injection attacks, model manipulation, or data tampering. Once an AI agent is hijacked, it can not only lead to financial losses but also affect the stability of the entire protocol.

Experts also discussed a typical attack scenario: when the AI trading agent operated by DeFi users is monitoring social media information as trading signals, attackers may lure the agent into immediately executing an emergency liquidation by posting false alerts, such as "a certain protocol is under attack." This not only results in asset losses for users but may also trigger market volatility, which can be exploited by attackers through means such as front running.

In response to these risks, the participating experts unanimously agreed that the security of AI agents should not be the sole responsibility of one party, but rather require joint accountability from users, developers, and third-party security organizations.

Users need to clearly understand the scope of permissions held by agents, grant permissions cautiously, and closely monitor high-risk operations of AI agents. Developers should implement defensive measures during the design phase, such as prompt reinforcement, sandbox isolation, rate limiting, and fallback logic mechanisms. Third-party security agencies should provide independent reviews of the AI agent's model behavior, infrastructure, and on-chain integration methods, and work with developers and users to identify risks and propose mitigation measures.

A security expert warned in a discussion: "If we continue to treat AI agents as a 'black box', it is only a matter of time before security incidents occur in the real world." He advised developers exploring the DeFAI direction: "Similar to smart contracts, the behavior logic of AI agents is also implemented by code. Since it is code, there is a possibility of being attacked, so professional security audits and penetration tests are necessary."

This blockchain week event, as one of the most influential blockchain gatherings in Europe, attracted over 15,000 participants globally, including developers, project parties, investors, and regulators. With the Capital Markets Board of Turkey (CMB) officially launching the issuance of blockchain project licenses, the industry's status of the event has been further enhanced.