On May 29, 2026, security researcher Taylor Hornby of Shielded Labs uncovered a critical vulnerability in Zcash’s Orchard shielded pool using a custom audit agent powered by Anthropic’s Claude Opus 4.8. The flaw allowed a malicious prover to double-spend shielded notes by producing different nullifiers for the same note, effectively inflating ZEC within the pool without leaving any on-chain trace. The bug had existed since Orchard went live in May 2022, giving a potential exposure window of roughly four years. Once disclosed, it triggered an emergency response across the Zcash ecosystem and a sudden sell-off that crashed ZEC’s price by about 60%, wiping out over $4 billion in market capitalization.
Hornby’s agent framework, called “zcash-full-stack-auditor,” was pointed at the halo2 implementation and the Orchard circuit, searching for soundness and zero-knowledge issues. Around 6 p.m. on May 29, one audit agent flagged the double-spend vulnerability. Hornby then used Claude to build proof-of-concept code against a similar circuit before testing the exploit on Zcash’s local regtest environment. The regtest test doubled the value of an Orchard note until the wallet balance exceeded 10 million ZEC – proving the exploit would have worked on mainnet. The full PoC took about six hours with Claude Code’s assistance. The vulnerability was patched shortly after discovery, but the incident highlighted how frontier AI models can drastically reduce the time needed to investigate highly complex blockchain code.
Just days later, Anthropic publicly released Claude Fable 5, its latest Mythos-class AI model. Fable 5 is the first to top 90% on the company’s internal benchmark for long analytical tasks and set state-of-the-art marks in software engineering, complex reasoning, and code analysis. While the model promises to supercharge security audits, experts warn that it could also lower the barrier for malicious actors to find vulnerabilities in smart contracts and other DeFi infrastructure. The Zcash discovery serves as a stark real-world example of how capable such tools already are, and the arrival of an even more powerful public model raises fresh concerns about the dual-use nature of AI in crypto security.
