AI Found a Zcash Bug That Could've Minted Unlimited ZEC

The latest generation of frontier AI models are no longer just chatting with users, generating images, or writing code. Researchers are increasingly using systems such as Anthropic's Claude Mythos and Claude Opus 4.8 and OpenAI's GPT-5.5 to identify software vulnerabilities, raising concerns about what happens when those capabilities become widely available. Crypto investors got a wake-up call about the rising threat from powerful AI this week when Zcash developers disclosed that Claude Opus 4.8 helped discover a critical vulnerability that could've enabled an attacker to mint unlimited ZEC. Due to the network's design, there's no current way to know for sure whether counterfeit ZEC was, in fact, minted—and that uncertainty led to the price of ZEC crashing late this week. Experts warn that many more vulnerabilities could be found in the coming weeks and months as AI software gets more capable—and those tools become more accessible. Here's a look at the growing threat, and how it's already impacted the crypto world.

Early AI models were primarily used as coding assistants, helping developers write, explain, and debug software. As the technology improved, researchers began using the same systems for code review, software auditing, and vulnerability research. The transition from coding assistant to security tool coincided with a broader shift in how AI was being used inside software development. After the launch of Claude Code in 2025, Anthropic reported a sharp increase in AI-generated code across its engineering teams, reflecting a move from models that suggested code to systems capable of writing and running it.

Security professionals say the implications extend beyond helping developers write code. "AI is far better at reviewing code than most people and finding potential vulnerabilities in it," Danny Jenkins, CEO and co-founder of ThreatLocker, told Decrypt. Jenkins said current AI systems are already accelerating vulnerability discovery, while newer models such as Mythos could significantly expand those capabilities, calling it an imminent "big problem." "It will be only a matter of time until someone bad gets access to it," he said.

According to Jenkins, AI is also lowering the barriers to entry for vulnerability research, allowing more people to analyze code, identify weaknesses, and develop exploits. As access to increasingly capable systems expands, he expects the pace of vulnerability discovery to increase. "Pre-AI, cybersecurity threats and exploits were increasing every year," he said. "Post-AI, it's become even faster, and I think it's become faster for two reasons. One is that you can now use AI to help find vulnerabilities and exploits, and the number of people who have the ability to do this has massively grown. You don't have to be a script kiddie now."

As AI systems became more capable, companies began applying them to cybersecurity. On Tuesday, Anthropic expanded access to Project Glasswing, giving 150 companies and institutions access to Claude Mythos to help identify and remediate software vulnerabilities before the model is released more broadly. In April, Mozilla later disclosed that Anthropic's models helped identify hundreds of vulnerabilities that it fixed in the Firefox web browser, while researchers at Calif used Mythos Preview during work that produced one of the first public exploits targeting Apple's M5 chips.

Stanislav Fort, a former researcher at Google DeepMind and Anthropic and now founder and chief scientist of security firm Aisle, said concerns about AI-powered vulnerability discovery are valid, but often misunderstood. "The naive response is to try to gatekeep access to powerful models. I think this is essentially security by obscurity, and security by obscurity is one of the worst ideas in the field," Fort told Decrypt. "The capability for zero-day discovery is already widely distributed across models that no one can restrict. Trying to bottle it up at the frontier doesn't elimin