Zcash dodges Mythos audit, dodges bugs — AI's "vulnerability apocalypse" still has humans on call

A security audit using Anthropic's Claude Mythos artificial intelligence model turned up no serious vulnerabilities in the Zcash protocol, founder Zooko Wilcox said in a Saturday X post. The review was requested by Shielded Labs, a Swiss-based non-profit that supports Zcash development, and found no "any more serious bugs" in the protocol, according to Wilcox.

The audit follows a June 3 incident in which Zcash developers temporarily suspended Orchard transactions after discovering a vulnerability in the shielded pool. Functionality was restored later that day through an emergency upgrade. The issue stemmed from a four-year-old forgery bug in the Orchard shielded pool, identified by security researcher Taylor Hornby with the help of Anthropic's Claude Opus 4.8 model. The Zcash Foundation said there was no evidence the vulnerability was exploited, no unauthorized value creation was detected, and user privacy was unaffected.

The use of AI in crypto security reviews is expanding even as it raises industry concerns. On Tuesday, Anthropic released the first public version of its Claude Mythos model, Fable 5. The company said last month that the Mythos model uncovered more than 10,000 high or critical-severity vulnerabilities in "systemically important software," a disclosure that prompted debate over whether the model should be publicly released. Anthropic said Fable 5 was "made safe for general use" and includes safeguards that reroute certain topics, including cybersecurity, to Claude Opus 4.8.

On Friday, Anthropic said it suspended access to its Fable 5 and Mythos 5 AI models following a US government export control directive citing national security concerns. Mitchell Amador, CEO of bug bounty platform Immunefi, told Cointelegraph that the spread of these models has tilted the cybersecurity playing field toward threat actors, fueling what he described as a "vulnerability apocalypse" and a resurgence in decentralized finance hacks. Crypto hacks reached $634 million in April, the highest monthly value since the Bybit hack resulted in about $1.4 billion in losses in February 2025, according to DefiLlama data.