Zcash audit by Anthropic finds no serious bugs, says Zooko

Zooko Wilcox says a security audit of the Zcash protocol conducted by Anthropic in collaboration with Mythos turned up no additional serious bugs. For a project that just spent the better part of a week in crisis mode over a critical vulnerability, that’s the kind of news the Zcash community desperately needed to hear.

The vulnerability that shook Zcash

On May 29, 2026, researcher Taylor Hornby, working for Shielded Labs, identified a soundness bug in the zero-knowledge proof circuit powering Zcash’s Orchard shielded pool. The vulnerability had been sitting there, undetected, since Orchard’s activation back in May 2022. That’s four years of exposure.

The bug could have allowed someone to mint counterfeit ZEC coins that would be completely undetectable on-chain.

Hornby found the flaw with assistance from Anthropic’s Claude Opus 4.8 model. Between June 2 and June 4, 2026, the Zcash network underwent an emergency upgrade that included both a soft fork and a hard fork. The patch was deployed before any confirmed exploitation occurred on-chain.