Claude Opus 4.8 Discovers $4.5 Billion Bug, AI Era Witnessing Mass Production of Hackers

Article by Sleepy

Someone found a Bug using Claude Opus 4.8, causing a cryptocurrency's market capitalization to plummet by $4.5 billion.

The incident originated from a security audit. Zcash is a well-established privacy network that uses zero-knowledge proofs to protect transaction information, and Orchard is the core location of its privacy transaction capability.

On May 29, security researcher Taylor Hornby discovered a severe vulnerability in Orchard during a protocol audit commissioned by Shielded Labs, which could allow an attacker to arbitrarily create tokens that should not exist, leading to "infinite issuance."

Subsequently, Zcash completed an emergency upgrade within a few days. The official confirmation acknowledged the existence of the vulnerability but could not confirm whether anyone had already exploited it for token issuance. Following the official statement released on June 5, Zcash plummeted by 50%.

Anthropic's Opus 4.8 was released on May 28, and the next day, this vulnerability was discovered.

Not Mythos, but Opus

The Zcash incident was terrifying not because of AI strength but because this time it was too ordinary.

Prior to this, what the security industry truly feared was Anthropic's Claude Mythos Preview. In April 2026, Anthropic released a network security capability assessment stating that in testing, Mythos Preview could identify and exploit zero-day vulnerabilities in mainstream operating systems and browsers. Some vulnerabilities were extremely hidden, lurking for over a decade, with one OpenBSD bug that could be traced back 27 years.

The assessment also mentioned that an engineer without a security background could let Mythos Preview run overnight to find remote code execution vulnerabilities. They could wake up the next day to see a complete set of usable exploit code.

This signifies that an ability that was previously only mastered by a few is turning into a service that anyone can call upon at any time. The ability itself is neutral; the distinction lies in who is using it and for what purpose.

Anthropic understood this as well. That's why they initiated Project Glasswing, initially giving Mythos Preview to a few organizations for defensive security work. It also acknowledged that models of this caliber require stronger protections and stricter usage constraints before being opened to everyone.

In the case of Zcash, the technicians were not using the still-locked Mythos but the already released, already usable, and already in the workflow of ordinary people Opus 4.8.

AI entering the security field has given small teams the auditing capabilities of large teams. It allows maintainers to find bugs faster and also enables attackers to understand the system more quickly.

Moreover, the most dangerous model is not necessarily the strongest one but rather the one that is strong enough, cheap enough, and common enough.

The more common a model is, the more people can pick it up. So the issue is no longer whether AI can find vulnerabilities but rather: what happens when everyone can find them.

When Bug Hunting Becomes a Popular Sport

After AI makes vulnerability discovery cheaper, two things will emerge.

One is the fake - a large number of security reports that look like real, but cannot withstand verification. The other is the real - vulnerabilities that were previously hidden deep in the system and would take experts weeks or even months to find are now being uncovered more quickly.

The former will overwhelm maintainers, while the latter will break through the system. The more troublesome part is that they will arrive simultaneously.

Cybersecurity used to have an ideal narrative: white hats discover vulnerabilities, disclose them responsibly, vendors fix them, and users benefit.

Many times in the past, the world did indeed operate according to this narrative. However, when AI lowers the threshold for "vulnerability discovery" and when everyone can use public models to find bugs, what floods in are a large number of people looking to claim bounties and build reputations. Many of them simply copy a piece of code to generate a seemingly decent report. The report may not be genuine.

But whether true or false, maintainers must take them seriously.

In February 2026, OpenSSF held a discussion on "AI Junk Reports," specifically studying how open-source maintainers should deal with low-quality, AI-generated vulnerability reports. curl previously reported that by mid-2025, only about 5% of bounty submissions were real vulnerabilities, with approximately 20% appearing to be low-quality content generated by AI. OpenSSF stated that these reports are akin to DDoS attacks, except they target human attention.

Open-source maintainers are not a customer service center. Many of them are unpaid, lack a security team, and do not have a schedule. Yet a project may underpin countless commercial systems worldwide, with companies that save significant costs through open source not necessarily compensating maintainers; however, when issues arise, they will turn around and ask why the problem was not fixed earlier.

Curl later shut down its bug bounty program because the team couldn't handle it anymore. A security report was originally part of the defense line, but when the report was filled with junk content, this defense line would instead drain the person standing behind it.

AI has enabled more people to submit vulnerability reports, but it has not enabled more people to determine the authenticity of vulnerabilities. Being able to have a model generate a report does not mean understanding that report; being able to run a piece of validation code also does not mean clearly articulating how significant its impact is.

What's even more fatal is that we actually live in a world where AI can indeed discover numerous vulnerabilities.

Our Past Security Was Good Luck

The biggest illusion the Internet gives people is that anything that works must be reliable.

You can make payments with your phone, scan QR codes in the subway, make appointments at the hospital; even a photo of you from ten years ago is still stored in the cloud, a memory you have forgotten but it has not. These things work every day, so we assume they have no issues at all. People's trust in technology is often not trust; it is simply a reluctance to question.

However, code is like an old building that is constantly being built upon, with old protocols and libraries underneath, temporary requirements and "deploy first, ask questions later" piled on top, and ancestral code that no one dares to delete on the upper floors. The lights are on in the building, the elevator is going up and down, the property management says everything is normal. But no one knows if there are cracks in the walls.

Heartbleed is a classic example. A vulnerability in OpenSSL that allowed attackers to read the server's memory with private keys and passwords was not discovered and fixed until 2014. Before that, it had lurked for over two years, and at that time, over 60% of active websites globally were running on affected servers. For two years, half of the Internet was essentially exposed, and no one knew.

Then there's sudo's Baron Samedit. When Qualys disclosed it in 2021, they pointed out that this vulnerability had existed in sudo for almost ten years, and sudo is one of the most widely used privilege tools in the Unix/Linux world.

There are many similar examples. Looking at them together, you suddenly realize that we have been able to surf the Internet securely to this day, which is actually quite fortunate.

Why weren't these vulnerabilities discovered for so long?

The answer is simple: the cost of finding vulnerabilities is too high.

The cost is not just money, but also time and patience. You have to read the code, set up the environment, understand the protocols, reproduce boundary conditions, write validation code, assess the impact, and also distinguish false positives. Sometimes a program runs all night with no results, you hit a dead end after following a path, only to realize it's a dead end. Security researchers and hackers in reality are often torturing themselves with a bunch of broken details.

Many past vulnerabilities were able to remain hidden for so long not because they were so mysterious, but because there were too few people willing, capable, and determined to keep looking.

What AI has changed is precisely this cost structure.

In the past, there were too many nooks and crannies and not enough flashlights. Now the flashlights are being mass-produced.

Yet with the same flashlight, you can see the cracks as well as the places to strike. The moment it made "discovery" cheaper, it also made "attack" cheaper. Someone who uses it today to submit a low-quality report to an open-source project could use the same method tomorrow to scan a company's systems; today they may be thinking about a bug bounty, but tomorrow it might be on-chain funds they have their eyes on.

The Reality Behind Normal Web Surfing

Before a real incident occurs, we do not feel the existence of "Internet security".

When you open Alipay, scan a QR code, make a payment, and receive the funds, the whole process may take less than three seconds. You wouldn't think about how many risk control rules, device fingerprints, behavior recognitions, darknet countermeasures, vulnerability responses, and emergency plans are behind the scenes.

In May 2026, Ant Security Response Center (AntSRC) conducted a "Hunter Action" vulnerability reward event, with the scope covering Alipay, Huabei, Jiebei, Ant Wealth, NetEase, Ant International, and other businesses. For high-risk and critical vulnerabilities in payment transactions, fund products, and billing products, up to 5 times the reward was offered, with a maximum reward of 71,500 yuan.

Major companies also understand that they cannot rely solely on internal teams to discover all issues, so they must integrate external white hat organizations into the formal process. Security is more like a long chain of collaboration: someone discovers an attack, someone else verifies, classifies, fixes, and deploys patches, and there must be someone specifically watching to avoid accidentally harming legitimate users. If any part of this chain breaks, it won't work.

In Alibaba Cloud's security posture report in October 2025, it was mentioned that the cloud platform defends customers against an average of 6.245 billion attacks per day, blocks 27,500 malicious IPs, monitors and intercepts DDoS attacks 102,800 times in that month, with a peak of 2,100 Gbps.

Our usual "normal web surfing," is actually a narrow path that security engineers have snatched from a massive amount of anomalies for us. The Internet is never quiet.

Open source maintainers have no budget, no schedule, no emergency response team; major companies can buy these things. But even for major companies, they still have to rely on a long chain of human collaboration to suppress anomalies to a level where ordinary users don't notice.

And this long and brittle chain of collaboration was already running at full capacity before AI had a large-scale involvement. Now, if you pour in vulnerabilities and reports by multiples, are the people defending this end enough?

After Finding Vulnerabilities, Who Will Do the Fixing?

The ISC2's 2024 Cybersecurity Workforce Study estimates that there are approximately 5.5 million cybersecurity professionals globally, while the talent shortfall has reached 4.8 million, a 19% increase from the previous year. It specifically explains that this "shortfall" is not about how many positions are posted on job boards but the gap between the number of people organizations believe they need to be adequately protected and the actual available workforce.

The meaning behind these numbers is simple: there are plenty of vulnerabilities, but not enough people.

And it's not just a lack of heads; it's a lack of people capable of handling complex tasks. The ISC2 also mentioned that 67% of respondents said their organization faces a shortage of cybersecurity personnel, with 58% believing this shortage poses a significant risk to the organization. 31% said their security team lacked entry-level employees, and 15% said they did not have junior staff with 1-3 years of experience. Many organizations not only lack personnel but also lack a pipeline to develop the next generation of talent.

This is more troublesome than not being able to hire people. Not being able to hire people is a problem for today; not having junior staff means you won't be able to hire people in the future.

The domestic "AI Era Cybersecurity Industry Talent Development Report" also provides a set of data: by 2025, among the surveyed professionals, 46.2% have a pre-tax annual salary between 200,000 and 300,000 yuan. The market is willing to pay for core talent because individuals who can truly handle complex threats and make judgments during incidents are extremely rare. The report also shows that 56.5% of professionals say AI has allowed them to focus more on analyzing complex threats, while 33.0% indicate they are transitioning from the operational level to strategic planning.

This point is crucial.

What we lack most now are people who can read a vulnerability in the middle of the night, assess its impact, coordinate upstream and downstream, and write a patch. Security has never been about a sudden stroke of genius; it is dirty and exhausting work. If you break apart the phrase "cybersecurity," inside, there are only false alarms, scapegoating, never-ending patches to apply, endless meetings to attend, and that phone call waking you up at 3 a.m.

The Plague Bacillus Never Disappeared

Camus wrote a novel called "The Plague."

The story takes place in an ordinary small town in North Africa. A sudden plague outbreak occurs, the city gates close, and everyone is trapped inside. Daily life falls apart overnight. People first panic, then become numb, and eventually adapt. Until the plague finally recedes, the city gates reopen, and the streets are once again filled with laughter and joy.

Camus said at the end of the novel: "According to the records of medical books, plague bacteria will never die out, nor will they disappear. They can survive for decades in furniture, clothes, and bedding; they patiently wait in rooms, cellars, suitcases, handkerchiefs, and waste paper. Perhaps one day, the plague will once again awaken its rats, causing them to die in some happy city, inflicting disaster on people again, and allowing them to learn their lesson anew."

I have always felt that this passage is very suitable to describe a software vulnerability.

It was not born on the day it was discovered. It has long been lying in the code, and no one heard its breathing in the past, so we mistook silence for security.

We have grown accustomed to the everyday things we no longer doubt, all running on code. There are old debts in the code, debts that were not urgently repaid in the past because there were few debt collectors. After AI arrived, suddenly more debt collectors appeared.

What's terrifying is not just that there will be more hackers. On the other side of the system, the people dealing with these issues have not increased proportionally.

This is where the AI ​​security era struggles the most. Abilities will diffuse on their own, but responsibility will not; discovering a vulnerability is becoming cheaper, but fixing it is still as expensive as before. Destruction can be replicated by scripts countless times, but trust can only slowly accumulate back in one system, one team at a time.

AI will not destroy the Internet overnight. What it does is more like turning on the lights. We finally see that digital life is not a self-running natural order, but a group of people lowering risks to a level we cannot feel day after day.

In the future, what will truly be expensive is not finding the vulnerabilities. It is whether there are enough people willing to fix each vulnerability one by one.

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia