AI Auditor zkao Uncovers Critical Soundness Bug in OpenVM's zkVM

AI Meets Cryptography 2: What AI Found in OpenVM's ZkVM

11duha💬 0
AI Auditor zkao Uncovers Critical Soundness Bug in OpenVM's zkVM

We deployed our AI auditor, zkao, to scan OpenVM's zkVM and discovered a critical soundness bug in the openvm-pairing library. While standard LLMs struggled with the codebase's complexity, zkao identified a flaw allowing malicious provers to forge pairing equalities. This finding was validated by our team, assigned CVE-2026-46669, and quickly fixed in OpenVM 1.6.0, proving that specialized AI workflows can catch vulnerabilities in complex cryptographic systems that naive approaches miss.

"You can have a provably secure module A and a provably secure module B whose composition is still not secure."

More from this day · 2026-07-17