Machine intelligence exposes flaw in Zcash protocol, says creator Eli Ben-Sasson

A critical vulnerability in Zcash’s privacy protocol sat undetected for four years. It took an AI model to finally spot it.

Eli Ben-Sasson, co-founder of Zcash, revealed that researcher Taylor Hornby, working with Anthropic’s Claude Opus 4.8, identified a soundness bug in the Orchard shielded payment circuit on May 29. The flaw could have allowed unlimited counterfeiting of ZEC, the protocol’s native token, without detection.

What went wrong, and how AI caught it

The bug traced back to an under-constrained circuit element within Zcash’s Orchard zero-knowledge proof system. That element allowed arbitrary false inputs to be fed into elliptic curve multiplication operations, effectively bypassing the mathematical checks that are supposed to guarantee transaction integrity.

Orchard has been live since its activation in 2022. That means this vulnerability existed in production for roughly four years, surviving multiple rounds of human auditing.