Anthropic's Claude Finds No New Threats In Zcash

Zcash founder @zooko has confirmed that a follow-up security audit of the $ZEC protocol, conducted using Anthropic's Claude Mythos model, found no further serious vulnerabilities. The review was commissioned by Shielded Labs, a Swiss-based non-profit that supports Zcash development, and comes in the immediate wake of one of the most significant security scares in the project's history.
A Crisis That Started With a Four-Year-Old Bug
The audit was triggered by events in late May, when security engineer Taylor Hornby, engaged by Shielded Labs specifically to identify protocol vulnerabilities, discovered the flaw on May 29. Working with Anthropic's Claude Opus 4.8 model, Hornby conducted a targeted review of the Orchard circuit and wrote a complete exploit which, when tested locally, generated unlimited, undetectable counterfeit ZEC.
The flaw had quietly existed since 2022, roughly four years undetected, and in theory could have allowed a malicious actor to mint unlimited counterfeit ZEC inside the shielded pool with no on-chain signature. Hornby reported the issue to the Zcash Open Development Lab, which coordinated an emergency response across wallets, exchanges, and node operators before shipping a fix on June 2. On June 3, the Zcash Foundation completed a network upgrade that restored Orchard functionality using corrected cryptographic circuits.
Developers said there was no evidence the flaw had been exploited and that the overall ZEC supply remained intact. The Zcash Foundation stated that they found no evidence of exploitation, unauthorized asset creation, or privacy breaches.
Mythos Audit Offers Further Reassurance
Zcash founder Zooko Wilcox said a security audit by Anthropic's Claude Mythos AI model found no serious vulnerabilities in the protocol. Requested by Shielded Labs, the audit did not find "any more serious bugs," according to a post by Wilcox.
Looking ahead, one proposed upgrade is Ironwood, which would allow Zcash users to independently verify the circulating supply. Zooko added that the upgrade will also include additional security improvements, AI-assisted audits, and a new pool for shielded ZEC. Stakeholders have already agreed on the consensus rule changes, with plans to launch by the end of July 2026.
The use of an advanced AI model to surface a bug that had survived roughly four years of human review is notable. It points to a shifting landscape in which AI-assisted auditing can help uncover deep cryptographic flaws that traditional methods missed. For the Zcash community, the Mythos finding offers a measure of reassurance, even as the broader work of security hardening continues.
Sources:
Bitcoin.com News: Zcash Patches Critical Bug Enabling Unlimited Counterfeit ZEC Minting
CoinDesk: Zcash Plummets 38% as Shielded Labs Reveals a Major Bug
CryptoNews: Anthropic's Mythos AI Finds No More 'Serious' Bugs in Zcash