A security researcher reported using Claude Opus 4.8 as part of an AI-driven audit that identified a vulnerability in Orchard. The result required expert guidance and selective prompting to reproduce reliably.

Investigation context

The audit focused on Orchard, a private pool within the Zcash protocol, where cryptographic subsystems were analyzed for implementation flaws. The researcher examined targeted code regions rather than relying on broad, unspecific prompts.

Role of the model and reproducibility

According to reporting, the vulnerability surfaced during runs that specifically directed the model to inspect certain cryptographic constructs and execution paths. The issue did not manifest in every invocation and required precise task formulation to uncover.

Expert contribution

Taylor Hornby led the work and combined manual review with outputs from Claude Opus 4.8, emphasizing that AI-assisted discovery depended on domain expertise and disciplined methodology. Earlier model versions could reveal the same flaw if prompts were purposefully focused.

Conclusions and implications

The case demonstrates that large language models can assist in finding complex cryptographic bugs, while reproducible discovery still hinges on human expertise and careful prompt design. The finding underscores the complementary nature of AI tools and specialist auditors in protocol security assessments.