Frontier AI models are increasingly being used to identify software vulnerabilities, with the latest example involving Zcash. Researchers using Anthropic's Claude Opus 4.8 discovered a critical flaw in Zcash's Orchard privacy pool that could have allowed an attacker to mint unlimited ZEC tokens. The vulnerability went undetected for years, from May 2022 until June 1, 2026, when it was patched. Due to the privacy properties of Orchard, it remains unknown whether the exploit was ever used.
This discovery highlights a growing trend: AI models like Anthropic's Claude Mythos and Claude Opus 4.8, as well as OpenAI's GPT-5.5, are being deployed in vulnerability research across browsers, operating systems, and open-source software. Mozilla disclosed that Anthropic's models helped identify hundreds of vulnerabilities in the Firefox browser. Researchers have also used Mythos to exploit Apple's M5 chips.
Security experts warn that AI is lowering barriers to entry for vulnerability research, allowing more people to analyze code and develop exploits. Danny Jenkins, CEO of ThreatLocker, noted that AI is far better at reviewing code than most people and accelerating vulnerability discovery. The risk extends to crypto and DeFi, where over $840 million was stolen from projects in the first five months of 2026. As AI systems become more capable, the pace of vulnerability discovery is expected to increase, with defenders needing advanced AI tools to keep pace.