Artificial intelligence helps discover technical vulnerabilities, and Zcash is the latest example of this

The latest generation of frontier AI models are no longer limited to chatting with users, creating images, or writing code. Researchers are increasingly using systems like Anthropic’s Claude Mythos and Claude Opus 4.8 and OpenAI’s GPT-5.5 to identify software vulnerabilities, raising concerns about what happens when these capabilities become more widely available.

Cryptocurrency investors received a wake-up call about the growing threat from powerful AI this week when Zcash developers revealed that Claude Opus 4.8 helped… Discovering a critical security vulnerability It would have enabled the attacker to mint an unlimited number of ZEC. because of Network designthere is no current way of knowing whether a counterfeit ZEC has actually been minted or not – and this uncertainty has led to the price of ZEC Crashed late this week.

Experts warn that many more vulnerabilities could be found in the coming weeks and months as artificial intelligence programs become more capable and these tools become more accessible. Here’s a look at the growing threat and how it has already affected the world of cryptocurrencies.

Early AI models were used professionally as coding assistants, helping developers write, explain, and debug programs. As technology improved, researchers began using the same systems for code review, software auditing, and vulnerability research.

The move from programming assistant to security tool has coincided with a broader shift in how AI is used within software development. After the launch of Cloud Code in 2025, it became Anthropic I mentioned A sharp increase in AI-generated code across its engineering teams, reflecting the move from models that suggest code to systems capable of writing and running it.

Security professionals say the implications extend beyond helping developers write code.

“AI is much better at reviewing code than most people and finding potential vulnerabilities in it,” Danny Jenkins, CEO and co-founder of ThreatLockerHe said Decryption. Existing AI systems are already accelerating vulnerability discovery, while newer models like Mythos can significantly expand these capabilities, Jenkins said, calling it an imminent “big problem.”

“It will only be a matter of time until someone bad gets access to it,” he said.

According to Jenkins, AI is also lowering barriers to entry into vulnerability research, allowing more people to analyze code, identify vulnerabilities, and develop exploits. As access to increasingly efficient systems expands, the pace of vulnerability discovery is expected to increase.

“Before the advent of artificial intelligence, cybersecurity threats and exploits were increasing every year,” he said. “Post-AI, it’s gotten faster, and I think it’s gotten faster for two reasons. One is that you can now use AI to help find vulnerabilities and exploits, and the number of people with the ability to do that has increased dramatically. You don’t have to be a script kid now.”

As AI systems become more powerful, companies are starting to apply them to cybersecurity. Tuesday Anthropy Expanded Access to Project Glasswing, giving 150 companies and organizations access to Claude Mythos to help identify and remediate software vulnerabilities before the model is released more widely.

In April, Mozilla later It has been detected Anthropic models helped identify hundreds of vulnerabilities that were fixed in the Firefox web browser, while researchers in California used Mythos Preview during work that produced one of the first public exploits. Targeting Apple M5 chips.

Stanislaw Furth, a former researcher at Google DeepMind and Anthropic and now founder and chief scientist at a security company corridorConcerns about AI-powered vulnerability discovery are valid, but often misunderstood, he said.

“The naive response is to try to come up with robust models,” Forte said. “I think that’s basically security by ambiguity, and security by ambiguity is one of the worst ideas out there.” Decryption. “Zero-day detection capability is already widely distributed across models that no one can constrain. Trying to limit it to the borders does not eliminate risk; it only delays it while also slowing down the defenders who need these tools most.”

The biggest risk, Forte said, is that defenders, especially open source maintainers, may lack access to the same advanced AI tools available to attackers.

He added: “This imbalance is the real danger.” “The answer is not to restrict, but to democratize the defense group.”

Anthropic isn’t the only one pushing AI models aimed at cybersecurity. In May, Microsoft introduced Nothinga vulnerability detection system that the company said helped identify previously unknown Windows vulnerabilities.

Risk to encryption

Cryptocurrencies and decentralized finance (DeFi) are starting to feel the impact of AI-driven bug hunting. Blockchain projects have always been attractive targets because there is a lot of money at stake and because a lot of the code is publicly available. As artificial intelligence improves at detecting software flaws, open source cryptocurrency projects could become easier targets for both security researchers looking for bugs and attackers looking to exploit them, Jenkins said.

In one of the clearest examples of how advanced AI models can help researchers uncover vulnerabilities that have escaped years of human review, independent security researcher Taylor Hornby said: It has been detected Critical vulnerability in Zcash’s Orchard privacy pool which he discovered with Claude’s help Opus 4.8.

The flaw could have allowed the attacker to generate an unlimited amount of data Fake ZEC, and went undetected for years before being corrected. Whether this exploit has actually been used at the moment remains unknown.

“The vulnerability existed from the time Orchard was activated in May 2022 until an emergency fix was deployed on June 1, 2026,” Shielded Labs, the organization behind Zcash’s development, wrote in a disclosure post. “Given the privacy characteristics of Orchard and the nature of the error, there is no definitive way to determine whether this exploit occurred using encryption alone.”

The attack comes at a time when DeFi protocols are already facing one of their worst years exploited. More than $840 million was stolen from DeFi projects in the first five months of 2026, including more than $600 million in April alone via attacks on projects including Kilbdawand Drift protocol.

The appearance of the so-called “Skies piracy“, where attackers use AI coding agents to automate reconnaissance, credential theft, malware development and other tasks, raising concerns that AI is lowering barriers to carrying out sophisticated cyberattacks.

According to Natalie Newson, lead blockchain investigator at Web3 security platform CertiK, while April was an unusually severe month for cryptocurrency attacks, the broader trend remains more stable and below the peak number of incidents seen in years past.

“April 2026 was a bad month for cryptocurrency exploits, and there were only three days without an exploit in which at least $10,000 was stolen,” she said. “However, when we look at the broader picture, it can be said that the number of incidents (excluding phishing) has been fairly flat and remains below the peak in 2023.”

While AI makes DeFi exploits easier to execute, according to Blockaid CTO Raz Niv, the biggest risk is not that AI replaces hackers but that it amplifies them, allowing attackers to focus on more complex techniques while AI handles routine tasks.

“The good news is that advocates can use the same tools,” he said. “AI-assisted monitoring and simulation has become essential for security teams trying to keep up with progress.”