On May 29, the framework surfaced a logical inconsistency that human auditors—across multiple formal audits since Orchard's activation in May 2022—had missed . Hornby did not merely document a theoretical weakness; he used the AI-assisted approach to write a working exploit that successfully minted counterfeit ZEC in a local test environment
. The speed of the discovery—within one day of the model's public release—underscored a step-change in what AI-augmented security research could achieve
.
It is important to emphasize that the breakthrough was a collaboration between a skilled human expert and a frontier model. The AI provided systematic reasoning and pattern recognition across a massive codebase; the human researcher framed the problem, built the auditing harness, and validated the findings .
The vulnerability was a critical soundness bug in the Orchard shielded-pool circuit, the primary privacy mechanism for Zcash's shielded transactions . In a zero-knowledge proof system, "soundness" means it should be computationally impossible to create a valid proof for a false statement. The Orchard circuit contained an under-constrained element that broke this property.
Specifically, a value deep in the Halo2 gadgets crate was left un-anchored to a real base point, effectively letting mathematically invalid inputs pass an elliptic-curve check . In simpler terms, a check that was supposed to validate transaction inputs was not enforcing the rules it appeared to enforce
. The result: an attacker could forge valid zero-knowledge proofs that authorized the creation of unlimited counterfeit ZEC within the shielded pool.
Because Orchard transactions are private by design, the counterfeit coins would be indistinguishable from legitimate ones on-chain . There would be no way to audit the blockchain and see the fake supply. The bug had been live since Orchard's introduction in May 2022, meaning it persisted undetected for roughly four years
.
Crucially, because of Orchard's privacy properties and the nature of the flaw, Shielded Labs stated that there is no cryptographic method to determine whether the vulnerability was ever exploited in the wild . This uncertainty became a central source of post-disclosure anxiety.
Wilcox confirmed that the patch was successfully deployed before the public announcement, meaning that no known funds were lost to exploitation following the disclosure . The coordinated "patch first, disclose second" approach followed standard vulnerability management practice, but the speed required—from discovery to network-wide hard fork in three days—was extraordinary.
After the emergency fix, Shielded Labs requested Anthropic run a separate full-protocol audit using its restricted frontier model, Mythos. That audit confirmed no additional critical vulnerabilities existed in the protocol as of June 12, 2026 . The comprehensive review helped partially restore confidence, though the core uncertainty about pre-patch exploitation remained.
Markets reacted harshly to the public disclosure on June 4. ZEC's price dropped roughly 40–50% in the following days, with reports describing the coin as going from "far higher levels just weeks earlier" into a tailspin . Multiple sources cite a range of declines between 31% and 50%, with the most commonly referenced magnitude being approximately 40–50%
.
The selloff reflected panic on several fronts. First, the sheer severity of the bug—infinite, undetectable counterfeiting in a major privacy coin—undermined fundamental trust in the protocol's security guarantees. Second, the fact that an AI model found a flaw that years of human-led formal audits missed raised unsettling questions about the vulnerability surface of other cryptocurrencies, including Ethereum . Third, the permanent uncertainty over whether the bug had already been exploited left a trust deficit that a technical fix alone could not close
.
Traders reassessed the security of one of crypto's most prominent privacy networks, and the repricing was swift and severe .
The Zcash incident is widely viewed as a watershed moment for AI's dual-use potential in critical software security .
The defensive value is clear. An AI model, combined with expert human direction, found a catastrophic bug that human auditors missed for four years—and did so within one day of the model's release . This demonstrates that frontier AI can dramatically improve the speed, depth, and completeness of security audits for complex cryptographic systems. The follow-up Mythos audit that cleared the rest of the protocol suggests a future where AI-driven continuous auditing becomes standard practice for high-stakes infrastructure
.
Hornby's approach—building a custom agentic framework rather than simply prompting the model—also showed that the most powerful defensive applications come from integrating AI into systematic security workflows, not treating it as a standalone oracle.
The offensive implications are equally stark. The same capability that found this bug can be weaponized by malicious actors to discover and exploit zero-day vulnerabilities at machine speed . If a black-hat group had applied similar techniques to Zcash before a white-hat researcher did, they could have silently minted unlimited counterfeit coins, drained liquidity, and vanished—all before any patch was deployed.
Bloomberg described the event as showing "the magnitude of the AI-hacking threat" . Bloomberg and other outlets noted that the incident raised urgent questions about whether current responsible disclosure norms are calibrated for vulnerabilities discovered at AI speed
. When an AI can find a critical flaw in hours, the window for coordinated patching before hostile exploitation collapses.
Security researchers have cautioned that this is not a theoretical worry. The Zcash incident is the first publicly confirmed example, but it almost certainly will not be the last .
Perhaps the most troubling aspect of the entire episode is the unresolvable uncertainty. Because Zcash is a privacy coin, there is no way to cryptographically prove whether the bug was exploited during its four-year lifespan . The development team judged exploitation to be "unlikely," but they acknowledged they literally cannot confirm it
. This creates a lasting trust problem—not just for Zcash, but for any privacy-preserving system where a flaw could have been silently exploited before discovery.
The Zcash incident marks the end of the era in which cryptographic protocol security could rely solely on periodic human audits. AI-assisted vulnerability discovery is now a demonstrated capability, with all the asymmetric power that implies.
For protocol developers, the implications are clear: integrating frontier AI models into continuous security review pipelines is no longer optional—it is an imperative, because adversaries will certainly do the same. For the AI community, the event reinforces the need for thoughtful deployment of capabilities that can easily be repurposed for offense. And for the broader crypto ecosystem, it serves as a stark reminder that even the most rigorously reviewed systems can harbor catastrophic flaws that a well-directed AI can surface in hours.