AI Finds Crypto Bugs: Why Zcash’s Surprise Leak Matters

New AI tools that once only helped people write code are now spotting serious security holes in software. The latest generation of models, such as Anthropic’s Claude Mythos and OpenAI’s GPT‑5. 5, can read code faster than most humans and point out weaknesses that could be exploited by attackers. Crypto projects are feeling the pressure. In early June, developers of Zcash said that Claude Opus 4. 8 helped them discover a flaw in the Orchard privacy pool that could let someone create unlimited fake ZEC tokens. Because the system can’t prove whether such counterfeit coins were ever issued, investors panicked and ZEC’s price fell sharply. Security experts warn that more bugs will surface as AI becomes easier to use. “AI is far better at reviewing code than most people, ” says one industry leader, noting that newer models could make vulnerability hunting almost automatic. If malicious actors gain access to these tools, the risk grows quickly. The trend started with coding assistants that helped developers write snippets. As models improved, they were applied to code review and auditing. A few years ago, a company called Anthropic released Claude Code, which boosted AI‑generated code in its teams. Today, the same technology is being used to find zero‑day exploits.Defenders are also adopting AI. Anthropic opened a program called Project Glasswing, giving 150 companies early access to Claude Mythos for finding and fixing bugs before the model is released publicly. Mozilla later revealed that Anthropic’s models helped it patch hundreds of vulnerabilities in Firefox, and researchers used Mythos Preview to create an exploit for Apple’s M5 chips. Some experts argue that trying to lock up powerful AI is a poor strategy. “Security by obscurity is one of the worst ideas in the field, ” says a former DeepMind researcher. Instead, he suggests making defensive tools widely available so that open‑source maintainers can keep pace with attackers. Microsoft has joined the race, launching MDASH to hunt for hidden Windows flaws. Meanwhile, the crypto world is already paying the price. In 2026, DeFi protocols lost more than $840 million in just five months, with April alone accounting for over $600 million. AI‑driven “vibe hacking” is making it easier to automate reconnaissance, credential theft, and malware development. Despite the rise in attacks, some analysts note that overall incident rates have not spiked beyond past peaks. “The good news is defenders can use the same tools, ” says a security CTO, adding that AI‑assisted monitoring is becoming essential for keeping up. In short, as AI becomes a powerful ally in finding software bugs, it also lowers the barrier for attackers. The crypto industry must keep up by adopting AI defensively and ensuring that the tools are available to those who need them most.