Artificial intelligence is rewriting the rules of cyber warfare and cybersecurity. What once required an entire team of specialized hackers—with reconnaissance, exploitation, and deployment modules—can now be executed by a single person equipped with the right AI tools. This was warned by Jimmy Su, Chief Security Officer of Binance, in an exclusive interview with CriptoNoticias for the podcast Separating money and the State.
«What you used to need a team to do, can now be done by one person with the right AI tools«Said Su. “That scales the attacker’s ability tremendously.”
His career positions him as one of the most authoritative voices in the sector: PhD in Computer Science from UC Berkeley, experience in responding to nation-state attacks from FireEye, and since 2020 responsible for protecting 280 million users on Binance.
The attack cycle is compressed
According to Su, the most disruptive change that AI has brought is not only the sophistication of the attacks, but the speed with which they are deployed. “AI is now capable of automating the stages of the attack, from exploration to deployment,” he explained. “The time between when a vulnerability is detected and when it is exploited has been drastically shortened.”
This compression of the offensive cycle represents a critical challenge for defensive teams: Time windows for detecting and patching vulnerabilities narrow as the cost of attacking falls.
North Korea, the most dangerous actor
Su identified the North Korea-linked group (DPRK) as the most serious threat to the cryptocurrency ecosystem today. According to the Arkham team, 70% of attacks on decentralized finance (DeFi) platforms so far in 2026 were caused by the Lazarus group, linked to the North Korean government.
What makes this threat especially dangerous is its versatility: the group operates with attack modules that range from technical exploitation of vulnerabilities to organizational infiltration through false identities. AI has enhanced this second way significantly..
“They’ve been able to make resumes and interviews much more realistic,” Su said. “And they have also been able to make the first approaches to their targets using AI to generate completely real-seeming conversations with victims.”
The tactic consists of infiltrating cryptocurrency projects and companies as fake developers or collaborators, gaining the trust of the team, accessing the infrastructure and, from the inside, executing the theft.
An arms race without pause
The dynamic Su describes is that of a classic arms race, but with escalation cycles shorter than ever. “During the history of cybersecurity, there has always been a game of cat and mouse,” he acknowledged. “With AI, we’ve seen advancements in the last six months that have been incredible.”
The sword, however, is double-edged. If AI amplifies the offensive capacity, it also enhances the defensive. Binance uses proprietary and commercial models to analyze suspicious resumes for patterns of fake sources, monitor real-time transactions across multiple chains, and scale threat intelligence shared with other exchanges and security agencies.
“AI is very good at scaling our intelligence at scale,” Su said. “And it works 24×7, so in that sense it is the soldier who is helping both sides.”
What can the user do?
For individual users, Su recommended concrete measures: using a device dedicated exclusively to cryptocurrency transactions, separate from social media and messaging; and create a unique email address per service you sign up for, so that any unexpected message from that address is an immediate red flag.
“Being paranoid is a job for professionals,” he clarified. “We are trying to use that knowledge to protect the user, because that is always our first priority.”