OpenAI has joined Anthropic in assisting Zcash security teams reviewing risks tied to the recently disclosed Orchard vulnerability, with Zcash cryptographer Sean Bowe saying there were “no new issues to report.” The update follows a Shielded Labs discussion by Jason McGee and Zooko Wilcox that sought to separate questions about possible exploitation, recoverability of legitimate Orchard funds, supply verification, and the search for any remaining counterfeiting vulnerabilities.
OpenAI Joins Anthropic in Zcash Bug Review
Sean Bowe, a Zcash cryptographer, said in an X post that OpenAI had provided assistance to teams working to protect Zcash users from the Orchard-related class of bugs. “We’re very grateful that OpenAI has provided our teams with assistance to protect Zcash users from these nasty bugs as well. We also have no new issues to report!” Bowe wrote, responding to an earlier post from Zooko Wilcox, a Zcash co-founder and Shielded Labs contributor.
Wilcox had previously thanked Anthropic for supporting a security review requested by Shielded Labs. “Thanks, Anthropic, for helping protect Zcash users. At Shielded Labs’s request, they ran a security audit of Zcash with Mythos. It did not find any more serious bugs in the Zcash protocol,” he wrote. Wilcox added that “Shielded Labs and others are continuing security hardening work,” signaling that the review process remains active even after the latest checks found no additional serious protocol issues.
We’re very grateful that OpenAI has provided our teams with assistance to protect Zcash users from these nasty bugs as well. (We also have no new issues to report!) https://t.co/rmxTDYw5wX
— Sean Bowe (@ebfull) June 15, 2026
The involvement of OpenAI and Anthropic places advanced AI-assisted review tools into an already sensitive security process for Zcash, a privacy-focused cryptocurrency whose shielded pools are designed to obscure transaction details. In a post titled “Four Questions About the Orchard Vulnerability,” Jason McGee and Wilcox wrote that discussions around the vulnerability had combined several distinct issues, making it harder for users to understand the practical implications. They framed the central questions as whether Orchard had been exploited, whether legitimate funds would be recoverable, whether supply inflation could be independently verified, and whether other counterfeiting bugs might remain undiscovered.
Orchard Audit Finds No New Serious Issues
McGee and Wilcox said the question of prior exploitation remains unresolved, while stating that they believe exploitation is unlikely. “Unknown. We believe prior exploitation is unlikely, though we cannot rule it out with certainty,” they wrote. They cited the vulnerability’s discovery by Taylor Hornby, working for Shielded Labs, as part of a deliberate search using advanced AI-assisted security research techniques and custom tooling, rather than an accidental find.
The Shielded Labs post also said Zcash developers, led by the Zcash Open Development Labs team, coordinated with mining pools after the vulnerability was discovered to temporarily freeze the Orchard pool and deploy a fix. On user funds, McGee and Wilcox wrote that recoverability depends in part on whether counterfeiting occurred. “We think so, because we think that the vulnerability was never exploited. If that is correct, all legitimate Orchard funds remain fully recoverable,” they wrote. They added that if counterfeit funds had been migrated before legitimate funds, some users could be unable to recover all legitimate Orchard funds, though they described that scenario as unlikely.
The more fundamental issue is supply verification. McGee and Wilcox wrote that users cannot currently independently verify that no more than the correct amount of ZEC is circulating within the shielded pool, but said the proposed Ironwood network upgrade is designed to restore that ability by sealing the Orchard pool. “No new funds can enter it, and funds can no longer circulate within it. The only remaining path is out through the existing turnstile, which prevents more ZEC from leaving the Orchard pool than the amount that legitimately entered it,” they wrote. The post said Shielded Labs and other teams, including work involving Anthropic’s unreleased Mythos AI model before Mythos was suspended, have not identified additional counterfeiting vulnerabilities so far, while further assurance work with the Tachyon Project and others is continuing.
AI Transparency Note: This article was prepared with the assistance of an AI system based on the sources listed and was reviewed, edited, and approved by a human editor before publication. All quotes, data points, and factual claims are intended to be grounded in the cited source material; however, errors cannot be ruled out entirely.