Zcash founder: AI audit found no further protocol bugs

Zooko Wilcox posted on X that an audit using Anthropic’s Claude Mythos model, commissioned by Swiss non-profit Shielded Labs, did not identify ‘any more serious bugs’ in the Zcash protocol after a recent fix.

Developers temporarily halted Orchard shielded-pool transactions on June 3 to apply an emergency upgrade that restored functionality the same day.

The flaw traced to a four-year-old forgery bug in the Orchard pool. Security researcher Taylor Hornby located the issue with assistance from Anthropic’s Claude Opus 4.8 model. The Zcash Foundation reported no evidence the bug was exploited, no unauthorized value creation, and that user privacy remained intact.

Shielded Labs requested the AI review to provide additional assurance after the vulnerability was found. The audit report, Wilcox’s post noted, flagged no further serious protocol errors.

Anthropic released a public version of its Mythos family called Fable 5 and previously reported that Mythos had uncovered more than 10,000 high- or critical-severity vulnerabilities in system software during testing. The company said Fable 5 routes some cybersecurity queries to Claude Opus 4.8. Anthropic later suspended access to Fable 5 and Mythos 5 in response to a US export control directive citing national security concerns.

The use of advanced AI models for vulnerability hunting has increased their use by developers while raising concerns about misuse by attackers. Mitchell Amador, CEO of bug bounty platform Immunefi, called the trend a ‘vulnerability apocalypse.’

Industry data show crypto hacks reached $634 million in April, the highest monthly total since a February 2025 breach that led to about $1.4 billion in losses.

During the Zcash response, developers and supporting organizations combined human review, community testing and AI-assisted analysis. Rapid emergency upgrades and clear communication with users and node operators restored operations and informed stakeholders.