AI Meets Cryptography 2: What AI Found in OpenVM's ZkVM

·Hacker News··

We turned zkao (our AI auditor) on OpenVM, a state-of-the-art zkVM, and it found a critical soundness bug: the pairing check accepted a prover-supplied witness without proper subfield checking, which lets a malicious prover forge any pairing equality. It is fixed in OpenVM 1.6.0 and tracked as CVE-2026-46669. This is the second post in our series on bugs our agents found across open source cryptography.

Read full article →

Related Articles

Mozilla: The state of open source AI
rellem · Hacker News · 3h ago
EEG shows brain can simultaneous encode two speech streams
giuliomagnifico · Hacker News · 11h ago
Grok Build is open source
skp1995 · Hacker News · 1d ago
How Our Rust-to-Zig Rewrite Is Going
jorangreef · Hacker News · 1d ago
Detecting LLM-Generated Texts with “Classical” Machine Learning
uneven9434 · Hacker News · 1d ago