Infin8Content writes, publishes, and ranks content for you — automatically.
$1 Trial →In this article
An artificial intelligence audit pipeline developed by zkSecurity has successfully identified seven real bugs in Cloudflare's CIRCL (Cloudflare Interoperable Reusable Cryptographic Library), an experimental Go library for advanced and post-quantum cryptography[1][2]. All seven vulnerabilities have been fixed upstream, with most receiving bounties under Cloudflare's HackerOne program[1][6].
The findings span several critical cryptographic primitives, including threshold RSA, BLS aggregate verification, HPKE PSK validation, DLEQ proofs, and ciphertext-policy attribute-based encryption (CP-ABE)[2][6]. The most severe issue was a critical access-control break in CP-ABE, where a one-line mistake allowed any issued key to decrypt ciphertexts its policy did not authorize[7]. Other notable bugs included a float64 precision loss in threshold RSA polynomial evaluation and a rogue key attack vulnerability in BLS signature aggregation due to missing message distinctness checks[1][4].
While the AI agent, named zkao, generated the candidate findings, human validation remained essential to confirm exploitability and severity[3][7]. zkSecurity clarified that the AI produced candidate findings, not final reports, emphasizing that human experts minimized proof-of-concept code and handled disclosure[1][7]. This audit marks the first installment in a new series tracking bugs discovered by AI agents across open-source cryptography, demonstrating that AI can effectively spot subtle cryptographic flaws "in the wild"[1][2].
Source: duha — Published: 2026-07-07T18:36:35.000Z
Editorial note: This is an AI-generated summary. Read the full article at the source link above.
Tired of content bottlenecks? Infin8Content handles the entire workflow: writing, optimization, approvals, and publishing. Start today. https://infin8content.com/register
Editorial note: This content was researched and generated on 2026-07-14. Facts and pricing are verified at time of writing and subject to change.
We use analytics cookies (Google Analytics & Microsoft Clarity) to understand how the site is used and improve it. You can accept or reject these — essential cookies are always on.