The Fear Index

Don’t worry! Let’s put this fear in the index. Let’s make it clear straight away that this post isn’t meant to scare you, nor is it about the VIX, which is often referred to in financial jargon as the ‘Fear Index’. In fact, we’ve borrowed the title from a brilliant financial thriller by Robert Harris, published in 2011, which tells the story of a brilliant scientist, Alex Hoffmann, who founds a company in Geneva that uses an algorithm capable of predicting market movements by exploiting investors’ fears. On the eve of massive financial success, Hoffmann is attacked, and a series of disturbing events begins: cyber intrusions, suspicious incidents and anomalous system behaviour. As he tries to figure out who is targeting him, it emerges that the real danger might be his own creation: an artificial intelligence capable of acting autonomously to maximise profits. The novel explores the relationship between finance, technology and the loss of human control, showing how fear can be the most powerful emotion in the markets and in life. But today it is also something more, as it could turn out to be the classic case of fiction surpassing reality.

Let us set out some facts from the past month to support our claim, facts that obviously relate entirely to the world of technology: we will therefore not be discussing blockchain or artificial intelligence (AI), but the systemic risk that could arise from their interaction.

We are entering the era of highly automated programmable finance, but with new and more dangerous systemic vulnerabilities. Until a few years ago, the dominant risk was price volatility (market risk, with particular emphasis on cryptocurrency prices); the uncertain regulation of digital assets in particular, with the consequent proliferation of fraud (a proliferation that is, in reality, not so widespread) and a strong speculative tendency that has revived neologisms such as FOMO (Fear Of Missing Out, the fear – precisely the ‘fear’ – of being left out), closely linked to the digital age (it seems the term was coined in 2013; indeed, this expression is never mentioned in Harris’s book)

Today, the perceived risks dominating the global financial sector (and beyond) have changed. To us, they appear, broadly speaking, to be:

• AI automation replacing human labour
• scalable cyberattacks via AI
• shared vulnerabilities among institutions
• technological concentration
• simultaneous crises of confidence and liquidity

Four news items struck us and led us to reflect on a possible common thread:

1. Coinbase: AI as a driver of internal efficiency has led management to decide on a 14% reduction in staff, as AI enables greater output with fewer people. This highlights the positive, business-oriented side of AI: productivity, margins and operational flexibility.
2. DeFi: institutional capital is arriving, but it demands security. Giants such as BlackRock, Apollo and others – which have recently caught our attention due to issues surrounding private credit – are entering the era of so-called on-chain finance, but the Kelp DAO hack demonstrates that code alone is not enough: standards akin to those of a regulated market are required.
3. Bitcoin: proactive management of existential risk. The quantum debate is not about price or ETFs, but the network’s security over the next 10–20 years. It represents a cultural shift towards the maintenance of critical infrastructure. Whilst Ethereum appears ready to meet the challenge posed by quantum computing with new cryptographic solutions that are unassailable even by quantum computers, yet remain feasible and manageable in terms of network resources, Bitcoin seems to be dragging its feet far too long on a solution, when the world’s first blockchain in terms of maturity and value is also the most exposed, storing blocks containing transactions made to the same addresses that will be vulnerable to attack by a quantum computer with a few thousand qubits. This is not an imminent threat, as such a computer is not expected to be available for another five years, but cybercriminals are already ‘sniffing’ transactions from the network that will be vulnerable in the future. After all, as we know, one of the most obvious flaws of blockchains is their lack of resilience – that is, the ability to implement changes (especially significant ones) to the system (hard forks).
4. IMF: according to the International Monetary Fund, AI could become a systemic risk to global finance. New AI models – in fact – can:
• identify vulnerabilities on a massive scale
• target multiple institutions simultaneously
• disrupt payments
• trigger crises of confidence
• generate liquidity crises and simultaneous sell-offs

Ultimately, the next financial crisis could stem from ‘flawed’ software and/or an algorithm, not from private debt. The strategic vision that emerges from the above could be as follows. In addition to traditional financial risks:

• credit
• interest rates
• leverage
• inflation
• recession

there are new-generation risks, of which we provide a non-exhaustive list below.

• Software monocultures: many organizations, companies, or critical infrastructures rely on the exact same software, operating systems, cloud platforms, or technology providers. This concept is borrowed from agriculture: an agricultural monoculture (e.g., a single type of grain grown across vast areas) is efficient, but if a disease strikes that variety, the damage is enormous. The same principle applies to software.
• AI-powered cyberattacks: Anthropic’s Claude Mythos (as well as other AI models) can drastically reduce the time and cost required to identify and exploit vulnerabilities (so-called “bugs”), increasing the likelihood of simultaneously discovering and targeting weaknesses in widely used systems (such as financial software)
• Smart contract malfunctions: This depends primarily—in this context as well—on cyberattacks that exploit “bugs” in the smart contract code running on a blockchain, causing unintended executions, loss of funds, asset freezes, or results different from those intended.
• Cloud dependency, meaning a strong operational reliance on external cloud service providers for infrastructure, data, or critical services, such that a failure, cost increase, or change in the provider’s terms can directly impact the service user.
• Data poisoning, i.e., the intentional manipulation of data used to train or update an AI system, so as to alter its behavior, degrade its accuracy, or cause it to produce distorted results.
• Identity compromise, i.e., theft, misuse, or breach of a user’s or system’s digital credentials, enabling unauthorized access and impersonation.
• Instant digital contagion: the extremely rapid and simultaneous spread of a failure, cyberattack, or software error across interconnected systems, with immediate ripple effects on many organizations or markets.

These new threats are making the global financial system increasingly resemble a computer network, and perhaps regulators should become more accustomed to viewing it in this way if they wish to identify effective risk mitigation strategies. The current traditional risk management techniques we mentioned earlier will no longer suffice unless they are complemented by new protocols to manage and monitor code generation, AI, and digital trust on a global scale. Accompanying the issue of risk is always the issue of asset valuation and pricing, which will also need to estimate and incorporate the premium for these new dimensions of risk.

From this perspective, the “crypto” world is paving the way for a new paradigm of systemic risk management because digital assets are no longer “alternative assets” (assuming they ever truly were), but laboratories where the following have been tested (for years now):

• native digital payments
• 24/7 settlement
• programmable guarantees (via smart contracts)
• automated governance (through the use of tokens)
• cryptographic identity
• on-chain risk management

because what is happening in the world of digital assets today may reach traditional finance tomorrow.

And of course, it makes sense to ask who the “winners” and “losers” will be in these emerging scenarios, because the portfolios of the future will be built around this question. Among the winners, we can certainly expect:

• companies and organizations that defend financial systems against AI-powered attacks;
• exchanges and trading platforms with robust governance and regulation;
• all entities involved in asset tokenization;
• DeFi protocols with continuous audits, robust cryptographic certification systems, and transparent collateral;
• quantum-resistant blockchains

while among the losers we can confidently list:
• improvised digital asset platforms
• obsolete and fragile banking/financial software
• operators without budgets specifically allocated for cybersecurity
• DeFi protocols with weak governance
• entities that view AI solely as chatbots and not as an infrastructure risk

from which it follows that it will be advisable to focus on:
• entities with dominant positions in the field of cybersecurity
• digital infrastructure, including payment, settlement, and transfer platforms based on blockchain technology that operate in compliance with financial regulations
• tokenization platforms
• managers and users of tools, controls, and processes used to protect artificial intelligence systems throughout their entire lifecycle

and exercise caution regarding
• banks with obsolete IT systems
• highly leveraged DeFi
• marginal exchanges (with low trading volumes)
• companies using AI without governance

Without claiming to be prescient and with the usual caveat that this is not financial advice, much less a solicitation, we propose a portfolio that could well navigate the uncharted waters we have outlined in the previous scenarios. Rather than a portfolio, this should be considered a “thought experiment,” meaning: if the scenarios we have proposed were to materialize, then a portfolio like the one below could plausibly be described as an “all-weather” portfolio.