A security audit of the Zcash protocol, conducted by Anthropic in collaboration with Mythos, has found no additional serious bugs. This conclusion offers critical reassurance to the community following a recent crisis involving a significant vulnerability.
On May 29, 2026, researcher Taylor Hornby identified a soundness bug in the zero-knowledge proof circuit powering Zcash’s Orchard shielded pool. The flaw had existed since the Orchard activation in May 2022. It potentially allowed for the minting of undetectable counterfeit ZEC coins.
Hornby utilized Anthropic’s Claude Opus 4.8 model to identify the flaw. Between June 2 and June 4, 2026, the Zcash network underwent an emergency upgrade, deploying both soft and hard forks. The patch was implemented before any confirmed exploitation occurred on-chain.
When Zcash founder Zooko Wilcox publicly disclosed the vulnerability on June 5, ZEC prices dropped between 30% and 50%, erasing billions in market capitalization. Due to Zcash’s privacy architecture, proving that no counterfeit coins were minted during the exposure window remains extraordinarily difficult.
The integration of AI-assisted code review into Zcash’s security infrastructure marks a strategic shift. If large language models can detect zero-knowledge proof circuit bugs that human reviewers missed for four years, the implications for smart contract security across the broader industry are significant. Shielded Labs and other ecosystem participants are now actively incorporating AI into their security audits.