Frontier AI models can find the biggest errors in cryptocurrencies. Experts warn that the industry is not ready

A security researcher using Anthropic’s Claude Opus 4.8 discovered a critical vulnerability in Like cash Orchard Privacy Compound within days, exposing a vulnerability that had endured four years of review by top zero-knowledge cryptographers.

Disclosure sent Like you to retreat nearly 38% on Thursday and sparked broader cryptocurrency industry concern about frontier AI models that have become more efficient at finding vulnerabilities than most humans.

“The importance is not that AI can find errors,” said Ben Goertzel, founder and CEO SingularityNETHe said Decryption. “The type of error that can be found now has changed.”

Rather than simply pointing out obvious coding errors, leading models are increasingly able to consider whether programs behave the way their designers intended, he said.

In May, Taylor Hornby, a security researcher hired by Shielded Labs, discovered a critical vulnerability in Zcash’s Orchard circuit with the help of Claude from Anthropic. Opus 4.8. Hidden in two lines of code, the bug arose from a check that appeared to validate transaction inputs but did not actually apply the intended rules, potentially allowing an attacker to create a fake ZEC within the protected pool without being detected. Hornby built a vulnerability to verify the vulnerability before reporting it to developers. The emergency fix was deployed on June 1.

as well as panic What hit Zcash and the broader cryptocurrency market on Thursday and Friday was the fact that the flaw remained undetected for more than four years.

For Goertzel, this discovery is important not only because AI discovered a vulnerability, but also because it points to a new paradigm for security research.

“I think it’s an early sign of a shift that will be difficult to overstate,” he said. “The security research model of a group of venerable human specialists doing slow, literal, deep audits is not going away, but it is ceasing to be the whole game.”

Goertzel said the Orchard vulnerability belongs to a class of subtle logic errors that frontier AI models are increasingly able to detect, including smart contract errors, access control failures, and situations in which software behaves differently than its designers intended. As these capabilities improve, he added, security research is shifting toward a model in which human specialists oversee continuous AI-driven review that can analyze code bases on a much larger scale than traditional audits.

Zcash’s response itself may offer a preview of that future, Goertzel said.

“Shieldled Labs hiring a researcher specifically to track down flaws at the protocol level using a parametric model before a malicious actor can, I think that’s the model rather than the exception,” Goertzel said. “Proactive, AI-enhanced, and adversarial review by design become stakes on the table, and protocols that don’t adopt them will increasingly learn about their vulnerabilities from the attacker rather than from a friend.”

According to Shawn Ren, CEO of… Desert AI and a professor of computer science at the University of Southern California, advances in artificial intelligence are also reshaping the balance between attackers and defenders, as frontier models can quickly test attack strategies, learn from the results, and uncover vulnerabilities.

“In order to build a better defense, we have to use these frontier AI models as potential attackers to test these systems,” Ren said. Decryption.

Blockchain networks are particularly vulnerable because their open source code can be directly analyzed by frontier AI models, which can quickly test attack strategies and identify vulnerabilities faster than traditional security reviews, Ren said.

“If you think about frontier modeling laboratories like OpenAI, Anthropicand Google DeepMind“They have early access to the most powerful unpublished models and can perform a lot of experiments on public network systems like blockchain, so they have power at hand. If someone with malicious intent gains access to these capabilities, they can launch attacks and create vulnerabilities,” he said.

That window may be closing faster than many expect, according to Danny Jenkins, CEO and co-founder of the cybersecurity company. ThreatLockerAI-assisted vulnerability detection is improving faster than many organizations can secure the software they already rely on.

“We have this huge gap that will take years and years to cross,” Jenkins said. Decryption. “All of this software will have all these vulnerabilities, and we won’t have fixes or updates for it for a long time, and people will be able to find these vulnerabilities very quickly.”

AI isn’t fundamentally changing vulnerability research so much as it is dramatically accelerating it, Jenkins said. Tasks that used to require security researchers to manually review code and reverse engineer software can now be performed in seconds with modern models.

“Before the advent of artificial intelligence, cybersecurity threats and exploits were increasing every year,” he said. “Post-AI, it’s gotten faster, and I think it’s gotten faster for two reasons. One is that you can now use AI to help find vulnerabilities and exploits, and the number of people with the ability to do that has increased dramatically. You don’t have to be a script kid now.”

Despite these risks, Goertzel said cryptocurrencies may also be in a better position than other industries to adapt because their code is open, and their communities are highly focused on security.

“The crypto company is near the door, but it’s also the part of the room that can see the door coming,” he said.