Get the latest tech news

AI Meets Cryptography 2: What AI Found in OpenVM's ZkVM


We turned zkao (our AI auditor) on OpenVM, a state-of-the-art zkVM, and it found a critical soundness bug: the pairing check accepted a prover-supplied witness without proper subfield checking, which lets a malicious prover forge any pairing equality. It is fixed in OpenVM 1.6.0 and tracked as CVE-2026-46669. This is the second post in our series on bugs our agents found across open source cryptography.

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of cryptography

cryptography

Photo of openvm

openvm

Related news:

News photo

AI Meets Cryptography 1: What AI Found in Cloudflare's Circl

News photo

Obfuscation: Building the final boss of cryptography (Part I)

News photo

WolfGuard: WireGuard with FIPS 140-3 cryptography