Claude Opus Finds a $4.5 Billion Vulnerability: Reflections Behind the Collapse of Zcash

A security researcher used Anthropic's Opus 4.8 model to help discover a major vulnerability in the Zcash Orchard protocol, AI is reshaping the landscape of cybersecurity.
(Background summary: Anthropic released the latest model Claude Opus 4.8! Claude Code also added "Dynamic Workflows," enabling one person to match a hundred-person development team)
(Additional background: Anthropic open-sourced an AI security workflow: seven stages of automatic vulnerability finding, verification, and patch generation)

Table of Contents

Toggle

• Zcash Collapse: AI Uncovers $4.5 Billion Vulnerability
• Mythos Freeze: Anthropic Locks Down the Most Powerful Model
• Report Surge: AI-Generated Junk Floods Maintainers
• Vulnerability Collapse: Heartbleed Hidden for Two and a Half Years
• Discovery Gets Cheaper: Attack Costs Drop Simultaneously
• Talent Shortage of 4.8 Million: Security Industry Collapse Crisis

Someone used Claude Opus 4.8 to find a bug that caused a cryptocurrency’s market cap to evaporate by $4.5 billion. The event started with a security audit. Zcash is a well-established privacy network that uses zero-knowledge proofs to protect transaction information; Orchard is its core component for private transactions.

On May 29, security researcher Taylor Hornby, during a protocol audit commissioned by Shielded Labs, discovered a serious vulnerability in Orchard that could allow an attacker to create tokens out of thin air—i.e., "infinite issuance."

Zcash quickly completed an emergency upgrade within days, confirming the vulnerability existed but unable to verify if anyone had exploited it to mint tokens. After the official announcement on June 5, Zcash plummeted 50%.

Anthropic’s Opus 4.8 was released on May 28, and the very next day, this vulnerability was discovered.

This Zcash incident is terrifying, not because AI is too strong, but because it’s too ordinary this time.

Before this, the real concern in the security industry was Anthropic’s Claude Mythos Preview. In April 2026, Anthropic published an assessment of network security capabilities, stating Mythos Preview could identify and exploit zero-day vulnerabilities in mainstream operating systems and browsers during testing—some vulnerabilities were very stealthy, lurking for over a decade, including a bug in OpenBSD dating back 27 years.

The assessment also said that an engineer without a security background could have Mythos Preview working overnight to find remote code execution vulnerabilities, and by morning, produce a complete, usable attack code.

Zcash Collapse: AI Uncovers $4.5 Billion Vulnerability

This means a capability once possessed by only a few for long-term mastery is now a service anyone can call upon at any time. This ability itself has no stance; the difference lies in who uses it and for what purpose.

Anthropic understands this well. So it launched Project Glasswing, initially giving Mythos Preview to a small group of researchers for defensive security work. It also admits that models of this level require stronger protections and stricter usage constraints before being opened to everyone.

In the Zcash case, the technical personnel weren’t using Mythos, which is still locked; they used Opus 4.8, already released, available, and integrated into ordinary workflows.

AI’s entry into security enables small teams to have the auditing power of large teams. It helps maintainers find bugs faster, but also allows attackers to read systems more quickly.

Moreover, the most dangerous models may not be the strongest, but those that are sufficiently powerful, cheap, and widespread.

The more ordinary the model, the more people can wield it. So the question is no longer whether AI can find vulnerabilities, but: what happens when everyone can find them?

Once discovering vulnerabilities becomes cheaper, two things will emerge.

One is fake: a flood of seemingly credible but unverifiable security reports. The other is real: vulnerabilities hidden deep within systems, previously only discoverable by experts over weeks or months, now being uncovered faster.

Mythos Freeze: Anthropic Locks Down the Most Powerful Model

The first will drown maintainers; the second will break systems. Even worse, they often arrive simultaneously.

Cybersecurity traditionally follows an ideal narrative: white hats find vulnerabilities, responsibly disclose, vendors fix, users benefit.

In many cases, this narrative has held true. But when AI lowers the barrier to "finding vulnerabilities," and everyone can use publicly available models to hunt bugs, what floods in are many people seeking bounties or reputation. Many just copy prompts, generate seemingly decent reports. These reports may not be real.

But whether real or fake, maintainers must take them seriously.

In February 2026, OpenSSF held a discussion on "AI Junk Reports," studying how open-source maintainers should respond to low-quality, AI-generated vulnerability reports. curl reported that by mid-2025, only about 5% of bounty submissions were genuine vulnerabilities, and about 20% looked like AI-generated low-quality content. OpenSSF said these reports are like DDoS attacks—attacking attention itself.

Open-source maintainers are not customer service centers. Many work without salaries, security teams, or on-call schedules. Large companies can buy these resources, but even they rely on long chains of human collaboration to keep abnormal activity below the threshold of normal users’ perception.

This long, fragile chain was already at capacity before AI’s large-scale involvement. Now, with exponentially more vulnerabilities and reports, can the defenders keep up?

ISC2’s 2024 cybersecurity workforce report estimates about 5.5 million cybersecurity professionals worldwide, with a shortage of 4.8 million—up 19% year-over-year. It explains that this "shortage" isn’t just about job postings but the gap between the number of people organizations believe they need for adequate protection and the actual available personnel.

The message is simple: there are many vulnerabilities, and not enough people.

And not just people, but capable people who can handle complex tasks. ISC2 also notes that 67% of respondents say their organizations face cybersecurity staffing shortages, 58% believe this poses significant risks, 31% say their security teams lack entry-level staff, and 15% report no junior staff with 1–3 years of experience. Many organizations not only lack personnel but also lack pathways to cultivate the next generation.

Talent Shortage of 4.8 Million: Security Industry Collapse Crisis

This is more problematic than just not being able to hire. Not hiring today means no one to hire in the future.

China’s "AI Era Cybersecurity Industry Talent Development Report" also provides data: in 2025, 46.2% of surveyed practitioners earned annual salaries between 200k and 300k yuan. The market is willing to pay for mid-level talent because those who can handle complex threats and make judgments during incidents are extremely scarce. The report also shows that 56.5% of practitioners say AI has allowed them to focus more on analyzing complex threats, and 33.0% are shifting from execution to strategy.

This is crucial.

What we most lack now are those who can understand a vulnerability at midnight, judge its impact, coordinate upstream and downstream, and write patches. Security has never been about flashes of insight; it’s dirty, tiring work. Breaking down "cybersecurity," it’s full of false alarms, scapegoats, endless patches, endless meetings, and that call at 3 a.m. that wakes you up.

Camus wrote a novel called "The Plague."

Set in a small North African town, a plague suddenly erupts, the city gates close, everyone is trapped inside. Daily life shatters overnight. People first panic, then become numb, then get used to it. Until the plague finally recedes, the gates reopen, and the streets are filled with laughter again.

Camus ends the novel saying: "According to medical records, the plague bacillus will never die out completely, nor disappear; it can survive for decades in furniture, clothes, bedding; patiently waiting in rooms, cellars, suitcases, handkerchiefs, and waste paper. Perhaps one day, the plague will awaken its rats again, burying them in some happy city, causing suffering once more, and teaching us a lesson."

I think this description fits well with network vulnerabilities.

They’re not born only on the day they’re discovered. They’ve long been lying in the code, unheard, so we mistake silence for safety.

We’ve grown used to a routine where we no longer doubt. All of it runs on code. Old debts in code aren’t paid because few are chasing them. After AI arrives, suddenly, many are.

What’s terrifying isn’t just more hackers. It’s that the people handling problems on the other side of the system aren’t increasing proportionally.

This is the greatest struggle of the AI security era. Capabilities spread on their own; responsibility does not. Finding a vulnerability becomes cheaper, fixing it remains as costly as before. Destruction can be copied endlessly by scripts, but confidence can only be slowly rebuilt, system by system, team by team.

AI won’t destroy the internet overnight. It’s more like turning on the lights. We finally see that digital life has never been an automatic natural order, but a group of people constantly lowering risks to levels we can’t perceive.

In the future, what will truly be expensive isn’t discovering vulnerabilities, but whether there are enough people willing to fix them one by one.