AI meets Cryptography 1: What AI Found in Cloudflare's CIRCL
Summary
The article details zkSecurity's AI audit pipeline (zkao) applied to Cloudflare CIRCL, reporting seven real bugs discovered in upstream code, including critical issues in threshold RSA and an access-control flaw in CP-ABE. All seven issues were fixed upstream, with discussions on AI severity, human-in-the-loop validation, and insights into how AI reasons about cryptography. This is the first post in a series examining AI-driven bug findings across cryptography projects.