Claude Opus 4.8 Finds a $4.5 Billion Bug: The AI Era is Mass-Producing Hackers

Text | Sleepy

Someone used Claude Opus 4.8 to find a bug that erased $4.5 billion from a cryptocurrency's market value.

The starting point was a security audit. Zcash is an established privacy network that uses zero-knowledge proofs to protect transaction information; Orchard is the core arena for its privacy transaction capabilities.

On May 29, during a protocol audit commissioned by Shielded Labs, security researcher Taylor Hornby discovered a critical vulnerability in Orchard. It could allow an attacker to create tokens out of thin air that shouldn't exist—essentially, "infinite minting."

Zcash completed an emergency upgrade within days. The official team confirmed the vulnerability existed but could not confirm whether it had already been exploited to mint tokens. After the official statement was released on June 5, Zcash plunged by 50%.

Anthropic's Opus 4.8 was released on May 28. The next day, this vulnerability was found.

Not Mythos, but Opus

What's terrifying about the Zcash incident isn't that AI is powerful, but that it was powerful in such an ordinary way this time.

Before this, what truly frightened the security industry was Anthropic's Claude Mythos Preview. In April 2026, Anthropic released a cybersecurity capability assessment, stating that Mythos Preview was able to identify and exploit zero-day vulnerabilities in mainstream operating systems and browsers during testing. Some vulnerabilities were extremely obscure, lying dormant for over a decade; one OpenBSD bug could even be traced back 27 years.

The assessment also claimed that an engineer without a security background could task Mythos Preview to search for remote code execution vulnerabilities overnight and wake up the next day to a complete, usable exploit code.

This means a capability that only a handful of people could master over the long term in the past is becoming a service anyone can invoke at any time. This capability itself has no stance; the difference lies only in who uses it and for what purpose.

Anthropic understands this too. That's why they initiated Project Glasswing, initially giving Mythos Preview to a select few organizations for defensive security work. They also admitted that models of this caliber require stronger safeguards and stricter usage constraints before being made available to everyone.

Yet, in the Zcash incident, the tool the technical staff used wasn't that still-locked-away Mythos, but Opus 4.8—already released, already available, already integrated into the workflows of ordinary people.

AI entering the security field gives small teams the audit capabilities of large teams. It allows maintainers to find bugs faster, and also allows attackers to understand systems faster.

Moreover, the most dangerous one might not be the strongest model, but the one that is powerful enough, cheap enough, and common enough.

The more ordinary the model, the more people can pick it up. So the question is no longer *can* AI find vulnerabilities, but: when *everyone* can look, what happens?

When Bug Hunting Becomes a Mass Movement

After AI makes vulnerability discovery cheaper, two things will emerge.

One is fake: a flood of security reports that look plausible but don't hold up under scrutiny. The other is real: vulnerabilities that used to be hidden deep within systems, requiring experts weeks or even months to find, also start being uncovered faster.

The former will overwhelm maintainers; the latter will breach systems. The more troublesome part is, they will arrive simultaneously.

Cybersecurity once had an ideal narrative: white hats discover vulnerabilities, disclose them responsibly, vendors fix them, users benefit.

For a long time, the world did operate somewhat according to this narrative. But when AI lowers the threshold for "finding vulnerabilities," when everyone can use public models to look for bugs, what floods in are masses of people wanting to cash in on bounties or boost their reputation. Many among them simply copy a prompt, have the model generate a report that looks quite convincing. The report isn't necessarily true.

But whether true or false, maintainers have to take it seriously.

In February 2026, OpenSSF held a discussion on "AI-generated Spam Reports," specifically studying how open-source maintainers should deal with low-quality, AI-generated vulnerability reports. curl reported that by mid-2025, only about 5% of bounty submissions were genuine vulnerabilities, and about 20% seemed like AI-generated low-quality content. OpenSSF said such reports are like DDoS attacks, except they target human attention.

Open-source maintainers are not customer service centers. Many of them have no salary, no security team, no shift schedule. Yet a project might support countless commercial systems worldwide; companies saving massive costs by using open source might not pay the maintainers a single cent; but once something goes wrong, they all turn back and ask why you didn't fix it sooner.

curl later shut down its bug bounty program because people couldn't sustain it anymore. Security reports were supposed to be part of the defense line, but when the line gets flooded with garbage, it starts consuming the very people defending behind it.

AI gave more people the ability to submit vulnerability reports, but it didn't give more people the ability to judge their authenticity. Being able to have a model generate a report doesn't mean understanding it; being able to run verification code doesn't mean being able to articulate its true impact.

And what's even more critical is that we actually live in a world where AI *can* find countless vulnerabilities for real.

Our Past Peace Was Good Luck

The biggest illusion the internet creates is that if something works, it must be reliable.

Phones can make payments, subway scanners work, hospital appointments can be booked; a cloud drive might even hold a photo you took ten years ago, long forgotten by you but not by it. These things work every day, so we default to thinking they have no problems at all. People's trust in technology is often not trust, but laziness to doubt.

But code is like an old building constantly being added onto. Underneath lie old protocols, old libraries; stacked on top are temporary requirements and "just ship it first"; piled at the very top is legacy code nobody dares to delete. The lights in the building are on, the elevator still goes up and down, and the property management says everything's fine. But nobody knows if there are cracks in the walls.

Heartbleed is a classic example. A vulnerability in OpenSSL allowed attackers to read private keys and passwords from server memory. It wasn't discovered and fixed until 2014. Before that, it had been dormant for over two years, during which time over 60% of the world's active websites ran on affected servers. For two years, most of the internet was practically naked, and nobody knew.

Then there's sudo's Baron Samedit. When Qualys disclosed it in 2021, they pointed out this vulnerability had existed in sudo for nearly a decade, and sudo is one of the most commonly used privilege tools in the Unix/Linux world.

There are many similar examples. Looking at them together, one suddenly realizes: it's actually quite lucky we've been surfing the internet safely until today.

Why weren't these vulnerabilities discovered for so long?

The answer is simple: the cost of finding vulnerabilities was too high.

The cost isn't just money, but time and patience. You have to read code, set up environments, understand protocols, reproduce edge cases, write verification code, assess impact scope, and also distinguish false positives. Sometimes you run a program all night with no results, follow a path to the end only to find it leads nowhere. In reality, security researchers and hackers often torture themselves with fragmented details.

Many vulnerabilities could hide for so long in the past not because they were mysterious, but because there were too few people willing, capable, and persistent enough to keep looking.

What AI changes is precisely this cost structure.

In the past, there were too many nooks and crannies, and too few flashlights. Now flashlights are being mass-produced.

But the same flashlight that illuminates cracks also shows where to strike. The moment it makes "discovery" cheaper, it also makes "attack" cheaper. Someone using it today to submit a low-quality report to an open-source project could use the same method tomorrow to scan a company's systems; someone thinking about bug bounties today might be thinking about on-chain funds tomorrow.

Behind Normal Internet Browsing

We don't feel the existence of "internet security" until something really goes wrong.

You open Alipay, scan, pay, the money arrives—the whole process maybe takes less than three seconds. You don't think about how many risk control rules, device fingerprints, behavioral recognition systems, anti-black-market operations, vulnerability responses, and emergency plans are behind it.

In May 2026, Ant Security Response Center (AntSRC) launched a "Hunter Action" bug bounty program. The test scope covered businesses including Alipay, Huabei, Jiebei, Ant Fortune, MYbank, Ant Digital, and Ant International. For high-risk and critical vulnerabilities in payment transaction, fund-related, and billing-related products, rewards were up to 5 times higher, reaching up to 71,500 RMB.

Big tech companies also know they can't rely solely on internal teams to find all problems, so they must integrate external white hats into formal processes. Security is more like a long collaborative chain: someone discovers an attack, someone verifies, classifies, fixes, releases, and someone must specifically watch not to accidentally harm normal users. Break any link in this chain, and it fails.

In Alibaba Cloud's security posture report from October 2025, it stated that the cloud platform defends an average of 6.245 billion attacks for customers daily, blocks 27,500 malicious IPs; that month, it monitored and intercepted 102,800 DDoS attacks, with a peak of 2100 Gbps.

What we usually call "normal internet browsing" is actually a narrow path security engineers carved out for us from a sea of anomalies. The internet has never been quiet.

Open-source maintainers have no budget, no shift schedules, no emergency teams; big companies can buy these things. But even big companies can only rely on a long, fragile chain of human collaboration to suppress anomalies to a level ordinary users don't notice.

And this long, fragile collaborative chain was already operating at full capacity even before AI intervened on a large scale. Now you pour in multiplied vulnerabilities and reports; are there enough people on the defensive side?

After Finding a Vulnerability, Who Fixes It?

ISC2's 2024 Cybersecurity Workforce Report estimates there are about 5.5 million cybersecurity professionals actively working globally, with a talent gap of 4.8 million, a year-on-year increase of 19%. It specifically explains this "gap" is not the number of job postings, but the difference between the personnel organizations believe they need to be adequately protected and the realistically available personnel.

These numbers mean one simple thing: there are many vulnerabilities, and not enough people.

And it's not just a headcount shortage; it's a shortage of people who can handle complex tasks. ISC2 also mentions that 67% of respondents said their organization has a cybersecurity staffing shortage, and 58% believe this shortage poses significant risk to their organization. 31% said their security team has no entry-level employees, 15% said they have no junior employees with 1–3 years of experience. Many organizations not only lack people now but also lack the pipeline to cultivate the next generation.

This is more troublesome than being unable to hire. Not being able to hire is today's problem; having no junior employees means you won't be able to hire in the future either.

A domestic report, the "AI Era Cybersecurity Industry Talent Development Report," also provides a set of data: in 2025, among surveyed practitioners, 46.2% had a pre-tax annual salary between 200,000 and 300,000 RMB. The market is willing to pay for core talent because people who can truly handle complex threats and make judgments during incidents are extremely scarce. The report also shows that 56.5% of practitioners said AI has shifted more of their focus to analyzing complex threats, and 33.0% indicated they are moving from execution roles to strategy formulation.

This point is crucial.

What we lack most right now are the people who can understand a vulnerability in the middle of the night, judge its impact, coordinate upstream and downstream, and write a patch. Security has never been an industry relying on flashes of inspiration; it's dirty, hard work. Dissect the term "cybersecurity," and inside you'll only find false positives, blame, endless patches, endless meetings, and that phone call that wakes you up at 3 AM.

The Plague Bacillus Never Disappears

Camus wrote a novel called *The Plague*.

The story takes place in an ordinary small city in North Africa. A plague suddenly breaks out, the city gates are closed, everyone is trapped inside. Daily life shatters overnight. People panic, then become numb, and eventually get used to it. Until the plague finally recedes, the gates reopen, and laughter returns to the streets.

At the end of the novel, Camus writes: "According to medical records, the plague bacillus never dies or disappears; it can lie dormant for decades in furniture, clothing, bedding; it waits patiently in rooms, cellars, suitcases, handkerchiefs, and wastepaper. Perhaps the day will come when, for the bane and enlightenment of men, the plague will rouse its rats again and send them to die in some well-contented city."

I've always felt this passage is well-suited to describing network vulnerabilities.

They aren't born on the day they are discovered. They have been lying in the code all along; in the past, nobody heard them breathing, so we mistook silence for safety.

The daily routines we've grown so accustomed to that we no longer question—they all run on code. Code carries old debts. Those debts weren't urgent to repay in the past because there were few debt collectors. After AI arrived, debt collectors suddenly multiplied.

The scary part isn't just that there will be more hackers. On the other side of the system, the people who handle problems haven't multiplied proportionally.

This is the most agonizing aspect of the AI security era. Capabilities diffuse on their own; responsibility does not. Finding a vulnerability becomes increasingly cheap, but fixing it still costs as much as before. Destruction can be replicated countless times by scripts, but trust can only be rebuilt slowly, system by system, team by team.

AI won't destroy the internet overnight. What it does is more like turning on the lights. We finally see that digital life has never been a self-operating natural order, but rather the daily work of people suppressing risks to a level we don't feel.

In the future, what will truly be expensive isn't finding vulnerabilities. It's whether there will still be enough people willing to fix them, one by one.