AI Meets Cryptography 2: What AI Found in OpenVM's ZkVM
Security researchers used an AI auditor to identify a critical soundness bug in OpenVM's guest library, which was subsequently assigned a CVE and patched. The experiment highlights the challenges of using LLMs to audit complex cryptographic systems.
This is the second post in the series. In case you have not read the first one on Cloudflare's CIRCL , it has more context on why we run these experiments and how our pipeline is set up. In this post, we pointed zkao , our AI auditor, at OpenVM's zkVM , and it found a critical soundness bug in its guest library openvm-pairing that lets a malicious prover forge any pairing equality. Note that this is not a soundness bug in the zkVM's proving system itself; it only affects code that uses the vulnerable library.
Get the full story
Sign up for Headlinne to unlock AI insights, political bias analysis, and your personalized news feed.
Create free accountAlready have an account? Sign in