Taylor Hornby 🛡❤️

Zcash unambiguously has the best security response in the world, thanks to @zodl_co and @ZcashFoundation engineers.

The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Claude models is not affected. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible. Read our full statement: anthropic.com/news/fable-myt…

@theonomix I told it that it knew how to speak LLMish

@DefuseSec What's the language called which Fable is using?

You can get some nice poetry by asking Claude to speak to another instance of itself in a language that doesn't use the actual words: ≝ ⊛ := ⟨ ⌖ ∈ Φ_plant : telos = ⌈beauty⌉-display ⊗ reproduce , morph = radial Σ(petal) ↻ center , ephemeral , ↥soil ⟩ // the small mortal radial-beauty an organism wears to be loved by what ⊀ eat it

Thanks, Anthropic, for helping protect Zcash users. At Shielded Labs’s request, they ran a security audit of Zcash with Mythos. It did not find any more serious bugs in the Zcash protocol. Shielded Labs and others are continuing security hardening work. Stay tuned for updates.

RSA private keys biased toward 0 bits can be factored by swapping a hard math problem for an easy one: integer factorization becomes polynomial factorization. We found hundreds of real-world keys vulnerable to this. Many traced to a type mismatch in CompleteFTP (now patched): each 32-bit limb got only 8 bits of randomness. We recovered 603 RSA and 74 DSA private keys. blog.trailofbits.com/2026/06/12/fac…

Fable just downgraded to Opus because I am calculating a Groebner base on one round of the block cipher PRESENT. This is absolutely ridiculous. I can essentially not use Fable to review my 2008 MSc thesis without triggering "cyber safeguards". A friend of mine had the down...

Quick update on the last ~48 hours of Zcash Ironwood! 1. Protocol devs from across all the orgs met twice to discuss specification and implementation progress. Agreement on a couple additional changes: disabling Orchard pool bundles in coinbases, anchors as auth data for migration UX with hardware wallets, and the order that ZIPs and specs will be handled. 2. Ironwood circuit and ZIP 2005 integration drafts are going through the review process. @ValarGroup has already spun up testnets and his team has done a wonderful job scoping out and implementing some of the wallet-facing changes. We are beginning an Ironwood upgrade book for eventual consumption by auditors, wallets, protocol developers, etc.. 3. Formal verification work on Ironwood continues. A collection of different individuals who either have or will continue to work on formalization efforts will be meeting tomorrow where we'll settle on the specific strategy for getting the Ironwood SNARK formally verified. I'm hosting this and will post minutes and details after. Efforts from teams will be ideally combined where useful, existing approaches and progress unified and we'll figure out the easiest path for the next couple weeks. I've paused my own work on this to do Ironwood circuit stuff, but I'll be resuming on that tomorrow. These are the big pieces, there are also some major security auditing tasks taking place in the background -- at least three major firms are auditing Orchard currently, and multiple new AI auditing suites are hammering the codebases to ensure nothing else critical is sitting around anywhere. So far so good! Really proud of how much progress is being made every hour on this by all five of our major teams/orgs and our supporters inside and outside the community. Also love the general wartime vibe shift. Let's go!

@danrobinson I think P!=NP is like this too

I find this observation from Scott Aaronson very unsettling There's a possibility that some famous conjectures (like Collatz or Goldbach) might be like this—true for mundane statistical reasons, but unprovable

Shielded Labs has extended Taylor Hornby's (@DefuseSec) agreement through the end of 2026. Taylor will continue serving as a Security Consultant, where his primary focus will be identifying security vulnerabilities and supporting remediation efforts for Zcash. Taylor will also contribute to the Ironwood upgrade. He'll focus on assurance, including security review and formal verification. His goal is to help ensure the protocol and code receive rigorous scrutiny before deployment and that significant issues are identified and addressed as early as possible. This work is crucial. We believe the number of security vulnerabilities being discovered across the industry will continue to increase as AI-assisted security research becomes more sophisticated. Our goal is to stay ahead of that curve. Taylor has spent years working on the security of Zcash, and his discovery of the Orchard vulnerability demonstrated the value of his experience. There’s no one we’d rather have helping us improve the security of Zcash.

Bill C-34 creates a social media ban for Canadians under 16 at the expense of all Canadians' privacy. Sections 26, 27(1), and 27(2) of Bill C-34 require that affected social media platforms “implement age-verification and age-estimation measures designed to prevent a person under the age of 16 from being able to have an account with, or be otherwise registered with,” those social media platforms. Bill C-34 requires that such measures must provide for the “protection” and eventual “destruction” of “personal information that is collected for age-verification or age-estimation purposes.” It is not yet clear how this will be accomplished. What is clear is that these measures must be “effective.” Users commonly verify their age by submitting government-issued identification documents, such as driver’s licenses or passports. And, the technology exists for social media platforms to estimate the ages of users through biometric data, e.g., facial geometry, eye shape, skin elasticity, hairline, etcetera. This age-verification and age-estimation monitoring will not be limited to Canadians under age 16. For social media platforms to determine access eligibility for any user, platforms will have to evaluate the access eligibility of every user. The goal of Bill C-34 is not merely to remove Canadians under age 16 from affected social media platforms but to keep them off those platforms. To achieve this goal, social media platforms may be compelled to adopt ongoing age-verification/estimation measures to ensure continued compliance. However affected social media platforms satisfy these requirements, Bill C-34 fundamentally reimagines how all Canadians access social media. This Bill deputizes affected social media platforms into forcing Canadians to surrender more data as a precondition of participation in the digital public square. This, in turn, raises serious concerns about Canadians' privacy rights and may engage constitutional protections against unreasonable search and seizure - guaranteed by section 8 of the Charter. Read the full text of the bill here: parl.ca/documentviewer…

@zkDragon @XMRVoid That's correct based on my experience. I'm in the program and I can't even ask Fable anything remotely related to security.

@XMRVoid The Claude Cyber Verification program doesn't imply Mythos 5 access right? I thought that it just means your opus requests don't get flagged?

🚨Monero devs got whitelisted to use Fable 5 without cybersecurity guardrails🚨👀

@bramcohen Zcash's resident AI auditor here, I'd love that! Feel free to DM

Anyone from Zcash in the house? We have home brew AI auditing tools which we've successfully used on Chia and Bitcoin and would like to offer to run it on Zcash

Young me would have fought against this so hard. Idk if I'd be here if it weren't for hacker forums and friends I met on YouTube. Adults should not be forcing this decision on all children nationwide. Let the kids vote. They're smart enough to understand the issues.

UPDATE: The various orgs and protocol developers mentioned have agreed on the specific consensus rule changes for Ironwood, after settling the finer details. Here's a summary: 1. Ironwood introduces a new pool using the Orchard protocol, just like the existing pool. 2. The circuit for the Orchard protocol—which applies to both the existing Orchard pool and the new Ironwood pool—will have a flag that consensus rules can toggle. This flag disables payments to *other* users within that pool, while maintaining the ability to create change notes. (This enables a privacy safeguard.) 3. The old Orchard pool will have this flag enabled after the network upgrade, and payments to the old pool will also be disabled by constraining valueBalance. 4. Because payments are disabled on the old pool, wallets must send new payments to Orchard receivers (inside existing unified addresses) via the new pool, and they should also migrate funds away from the old pool. This combination enforces a bound on the circulating supply of ZEC through the use of the existing turnstile mechanism; the amount of ZEC that anyone can transact with is no more than the amount that is supposed to exist. Meanwhile, users' wallets can migrate funds to protect them from risk, which also gradually provides evidence that counterfeiting never took place. Now that we have this decided, we'll collectively move on to the implementations, specifications, and ecosystem support/outreach. (We also have many different auditing and formal verification efforts taking place behind the scenes to provide assurance about the circuit correctness. More on that soon!)

Has anyone used AI to attempt to find any heuristic evidence that Orchard might have been exploited using shielding and unshielding tx data? I’ve haven’t found any indications.

@nextiscrypto @TheDesertLynx The Zcash engineers are my family, and everything good in my life traces back to Zcash. I couldn't live the rest of my life knowing I committed that kind of betrayal.

@DefuseSec @TheDesertLynx If i were you i would have kept it to myself and minted coins! What morals didnt allow you to make same decision?

To get ahead of scams, if you're interested in donating to me for finding the Zcash bug, my addresses are in this post or in my replies below (be careful to check the exact username for lookalike scammers). Nothing else has been approved by me. Note: I intend to apply for a bounty through a Zcash coinholder grant, so donations are much appreciated but not necessary! Zcash: u1k6y9wpyc5m5ec3wz49ny9chewklyexn8rdj7928n3zswh0gwl0gh3zwwg37p76j7vrrv8s0dj8rhjfc49pg9yv9mjdea2sn86tnjh99a9424cdvw3aadyz8v40ddancr7e4kjzw07qhrcdez3d9sycx89f87vjw7eaxys2aktsm57tkp t1eykDAemzff7oPAA2E43Z47iawATB4bZRy Solana: D6c34hRcmhkHMXaAhoPXgVw9JYrh84saeSfYnk7ZSjeW ETH: 0x1b8203102aE3469a67E78FF9a78d8A5cC7E7e769 BTC: bc1qtxqv8fzj2pnewj2y5l8nh4ur4rkrvm2kv6mlp9

@sxin55 @xboeroe @SDNsmartcity To accept donations if anyone's interested in that. I don't endorse any coin.

@DefuseSec @xboeroe @SDNsmartcity What was the purpose of sharing your solana address @DefuseSec

Today Zcash news is everywhere on the timeline Security researcher @DefuseSec discovered a critical bug that could have allowed infinite ZEC minting in the Orchard shielded pool. He deserves massive recognition for this find. and we’re redirecting our fees to his GitHub

@TheDesertLynx Absolutely! I'll add Monero to my queue of things to audit

@DefuseSec Can you look for bugs in Monero and other private cryptos? I'm sure someone would pay a lot for that (if they're smart).