Zcash founder Zooko Wilcox says an AI-powered security audit of the privacy-focused cryptocurrency found no serious vulnerabilities in its core protocol. The review was conducted using Anthro
Zcash founder Zooko Wilcox says an AI-powered security audit of the privacy-focused cryptocurrency found no serious vulnerabilities in its core protocol. The review was conducted using Anthropic’s Claude Mythos model, at the request of Shielded Labs, a Swiss non-profit that supports Zcash development.
Wilcox made the claim in an X post on Saturday, adding that the audit did not uncover “any more serious bugs” in the Zcash protocol. The announcement arrives after a separate, well-documented emergency response earlier this month involving Zcash’s Orchard shielded pool.
In his Saturday statement, Zooko Wilcox tied the latest protocol-level review to Anthropic’s Claude Mythos. According to Wilcox, the audit—requested by Shielded Labs—did not reveal “any more serious bugs” in the Zcash protocol.
This matters for Zcash participants because the protocol is designed to preserve user privacy via shielded mechanisms, where security failures can create both technical and trust risks. While no audit can guarantee absolute safety, an explicit “no serious vulnerabilities” finding is still significant for a system that handles sensitive transaction data through cryptographic constructions.
Just before the latest audit claim, Zcash developers took urgent action around the Orchard shielded pool. On June 3, they temporarily suspended Orchard transactions after discovering a vulnerability affecting that privacy layer.
Functionality was restored later that day through an emergency upgrade, limiting the duration during which users could not transact through Orchard. The vulnerability was ultimately described as stemming from a four-year-old forgery bug in the Orchard shielded pool, discovered by security researcher Taylor Hornby with the help of Anthropic’s Claude Opus 4.8 model.
In a statement, the Zcash Foundation said there was no evidence the vulnerability was exploited and that it detected no unauthorized value creation. It also said user privacy was unaffected—an outcome that matters in a privacy-preserving system, where even some non-exploit failures could potentially leak information or weaken confidentiality.
The Zcash sequence also highlights a broader industry shift: AI models are increasingly being used to locate vulnerabilities in complex systems. At the same time, the same capabilities can concern security professionals and regulators because they may also be leveraged by adversaries.
Anthropic recently released the first public version of its Claude Mythos model, named Fable 5, according to coverage on Cointelegraph earlier this week. Anthropic previously said the Mythos model uncovered more than 10,000 high or critical-severity vulnerabilities in “systemically important software,” a claim that helped fuel debate about whether such models should be broadly accessible.
Anthropic also told users that Fable 5 was “made safe for general use,” including safeguards that reroute some cybersecurity-related topics to a different model, Claude Opus 4.8. However, just days later, Anthropic said it suspended access to its Fable 5 and Mythos 5 models, citing a US government export control directive tied to national security concerns.
The practical tension for the crypto sector is straightforward: faster vulnerability discovery can strengthen defenses, but accelerating the “find and exploit” cycle can also raise the odds of real-world compromises. In a recent interview with Cointelegraph, Mitchell Amador, CEO of bug bounty platform Immunefi, warned that rapid advancements are shifting the cybersecurity landscape toward threat actors—describing a “vulnerability apocalypse” that has contributed to renewed DeFi hacking pressure.
Cointelegraph also cited DefiLlama data showing that crypto hacks totaled $634 million in April, the highest monthly figure since the Bybit hack led to roughly $1.4 billion in losses in February 2025.
For Zcash users, the key question is whether the emergency Orchard fixes fully address the class of problems implied by the forgery bug discovery—and whether ongoing protocol reviews can prevent similar issues from resurfacing. In the near term, observers will likely watch for follow-up documentation around the June upgrade and any additional security processes, especially as AI models continue to be used in both discovery and verification.
This article was originally published as Anthropic’s Mythos AI Reports No New ‘Serious’ Zcash Bugs on Crypto Breaking News – your trusted source for crypto news, Bitcoin news, and blockchain updates.
