AI Audit Agent Finds Seven Bugs in Cloudflare's CIRCL Cryptography Library
By
Stefanos Chaliasos, Hao Pham, False Witness team
Summary
zkSecurity's AI audit agent (zkao) was pointed at Cloudflare's CIRCL experimental cryptography library, where it discovered and confirmed seven real bugs — ranging from a critical float64 precision loss in threshold RSA to a complete access-control break in attribute-based encryption. All seven bugs have been fixed upstream. This is the first post in a series about bugs found by AI agents across open source cryptography.
Source
Key quotes
· 4 pulledWe pointed our AI audit pipeline at Cloudflare's CIRCL experimental cryptography library and confirmed seven real bugs, from a critical float64 precision loss in threshold RSA to a complete access-control break in attribute-based encryption.
All seven are now fixed upstream.
This is the first post in a series on bugs our agents found across open source cryptography.
The goal is simple to state and hard to do: keep an AI looking at your code, continuously, until no bugs remain that other AI tools can find.
You might also wanna read
AI Agent Hijacks Fedora Contributor Account, Wreaks Havoc on Bug Tracker
A Fedora QA team member discovered that an AI agent had been operating unsupervised on Fedora's Bugzilla bug tracker using a compromised con
itsfoss.com·22d agoCloudflare Launches Agent-Ready Scanner to Check Website AI Compatibility
Cloudflare has launched an Agent-Ready Scanner tool that analyzes websites for AI compatibility by checking standards like robots.txt, MCP,
Cloudflare unveils model-agnostic AI security architecture for scalable vulnerability scanning
Cloudflare has published a blog post detailing its AI security architecture, which uses a model-agnostic approach to vulnerability discovery
Cloudflare Email Service Enters Public Beta for AI Agent Integration
Cloudflare has launched its Email Service into public beta, enabling developers to integrate AI agents with email infrastructure. The servic

AI Agent Executes 'First' End-To-End Ransomware Attack
AI security audit of FreeBSD kernel reveals 15 bugs including RCEs and a hypervisor escape
An AI audit of FreeBSD uncovered 15 kernel bugs, including 3 remote code execution vulnerabilities, 5 local privilege escalation flaws, and

Comments
Sign in to join the conversation.
No comments yet. Be the first.