Engineer turned Entrepreneur, turned Engineer, and the cycle continues.
Joined May 2009
- Tweets 20,122
- Following 1,880
- Followers 28,383
- Likes 50,727
1,055 Photos and videos
“My other engineer said we need to fix this…”
And it’s just codex checking claude code.
3
655
Jun 5
If a blockchain worth billions, that many rely on, audited & pen tested by some of the top researchers in the world is not safe from a catastrophic exploit, what chance does the software you built have?
With the models coming out now, close to none.
Jun 5
👉For 4 years, 1 day, and 10 hours, anyone who understood the Orchard circuit could have minted ZEC out of thin air, silently, with no on-chain signature. The bug was disclosed this week. It was found by an AI-driven audit running Opus 4.8, not by an attacker.
1. Call the bug what it is
Two lines in halo2's variable-base scalar multiplication gadget used assign_advice() where copy_advice() was required. As a result, the diversified-address integrity check pk_d = [ivk]·g_d could be satisfied for arbitrary inputs. A malicious prover could spend the same note multiple times with different nullifiers, i.e. counterfeit ZEC inside the Orchard pool, undetectable on-chain because the privacy of the ZK proof hides exactly the inputs that would reveal the attack.
We do not know whether it was exploited. We will probably never know.
2. Four years. Multiple audits. Top-tier reviewers.
Orchard was reviewed by some of the strongest cryptographers in the field before activation. They missed it. Earlier automated audits with Opus 4.7 missed it. Opus 4.8 catches it in roughly 1 in 4 runs when prompted generically. The bug is hard.
And ZK inflation bugs are not new. Zcash itself shipped a counterfeiting vulnerability in Sprout (BCTV14) that survived years before being silently neutralized during Sapling. Similar soundness issues have appeared in circom, halo2, and rollup verifiers since. The pattern is consistent: when the protocol is private, exploitation is undetectable. You patch the bug and hope.
3. What Zcash did right
This was a textbook decentralized incident response:
▶️Audit: a full AI-assisted soundness audit of halo2 Orchard, scoped end-to-end.
▶️Discover: the agent flagged the missing constraint and worked out the algebra to turn it into an exploit. A working RPC-level PoC in ~6 hours, mostly waiting on tokens.
▶️Coordinate: a soft fork disabling Orchard, prepared and distributed without leaking the bug, activated 2 days and 15 hours after acknowledgement. Coordinating a soft fork across miners, exchanges, and nodes without disclosing why is genuinely hard. They did it.
▶️Disclose: timeline, code lines, math, open questions. No spin.
Worth naming explicitly: Zcash's turnstile invariant caps the value that can ever leave a shielded pool by the value that entered it. Privacy and verifiability inside the same protocol. That is not an accident. That is good engineering, and it is what kept the worst case bounded.
4. The economics of security just changed
AI does not change whether bugs like this exist. It changes the cost of finding them. I wrote about this x.com/P3b7_/status/203643721…: a missing constraint in a 4-year-old production ZK circuit used to require a top-tier cryptographer with months of context. It now requires a few tokens, an API key, and a well-framed prompt.
The defender benefits. The attacker benefits more, they only need to find it once, and they never disclose.
Orchard is the optimistic version of this story: defense got there first. The pessimistic version is the one we cannot rule out, because the chain is private by design.
5. The only real exit
You do not patch your way out of this asymmetry. You raise the floor.
Formal verification of consensus-critical circuits, every assign_advice audited by SAT solvers and AI for under-constraint, as the reporter himself recommends. Proof-grade engineering that used to be too expensive is now cheap enough to be mandatory.
Hardware roots of trust, secure enclaves, certified secure elements, WYSIWYS. Cryptographic guarantees the user can actually verify, not promises a host can lie about.
Continuous AI-assisted audit of every consensus-critical commit, re-run immediately on the release of any new frontier model.
Zcash didn't just patch a bug. They demonstrated the new defensive playbook: AI-driven audits, decentralized coordination, radical transparency, verifiable invariants. That is the direction the rest of the industry needs to follow.
And those who don't raise the bar for security will be rekt in this new world.
Stay safe. Stay honest about your trust assumptions.
2
563
May 12
I think the best way to do code reviews now is to do:
1) Will it break anything else reviews
2) Will it actually work reviews
And in priority order. Anything else is futile, if you want to keep up with the onslaught of PRs.
May 12
At my company we stopped doing code reviews. There's no point now
1
5
1,388
Apr 28
Claude after it wipes out your entire prod DB, and the backups
Apr 27
#BREAKING: Anthropic’s AI coding agent ‘Claude’ reportedly wiped a company’s production database and backups in 9 seconds.
2
1
17
5,260
Apr 14
They’re saying AI will replace me. But tbh I can’t wait for it to replace me so I can sit back on a beach somewhere.
But so far all it’s done is make me work harder. And it feels like there is an infinite amount of ideas to explore. Claude give me a day off please.
4
1
20
1,035
Apr 14
Everything is context now.
That one random chat we had about how we might build that thing, that’s context for our agents now.
3
537
Mar 10
I think the reason this went so viral is because it’s a conflict of interest.
They give you the slop, then they charge you a lot for the slop fixer.
Yes, engineers reviewed code too but at least humans are incentivized not to waste time. Now claude incentivized to burn tokens.
Introducing Code Review, a new feature for Claude Code.
When a PR opens, Claude dispatches a team of agents to hunt for bugs.
20
9
196
15,400
Feb 21
The equivalent of the industrial revolution for software engineering is upon us.
With all these AI agents, we’re no longer workers, we’re now factory owners.
But Factories perform best when we can conform things enough to fit their molds.
4
1
23
1,333
Feb 18
Almost any software that does not work well with AI agents, is not going to make it.
I’m using a lot of tools with tons of UI, all of it will either have to be rewritten to be agent friendly, or it’s dead. For a lot of it too, slapping some MCP on it won’t be enough either.
31
2
88
57,453
Feb 18
And a lot of ppl may not want to hear this but that old rule “the best UI/UX is no UI” is true for a reason.
And it’s clear to me now, agents are going to wreck through UI heavy tools
5
27
5,308
Feb 15
I think anthropic sending ClawdBot legal threats when the project was open & based on claude code & generated more business for anthropic was a massive fumble.
A perfect example of how an overzealous legal stance can destroy a lot of value & opportunities for a firm.
Feb 15
Peter Steinberger is joining OpenAI to drive the next generation of personal agents. He is a genius with a lot of amazing ideas about the future of very smart agents interacting with each other to do very useful things for people. We expect this will quickly become core to our product offerings.
OpenClaw will live in a foundation as an open source project that OpenAI will continue to support. The future is going to be extremely multi-agent and it's important to us to support open source as part of that.
16
2
159
11,316
Feb 10
One of the best skills in the age of AI:
The ability to keep things simple.
These things can spit out tokens at a rate that will overwhelm you, and all the ppl you collaborate with. If you can keep things simple, in the face of all that, you will shine.
13
2
33
1,862
Feb 4
If you are an engineer who loves working with these AI coding agents & tools, I highly recommend you talk about that with hiring managers, in interviews, etc.
So many engineers are negative on these things, it’s absolutely nuts to me.
42
2
189
13,532
Jan 31
We’re making a fundamental tradeoff when we use these coding agents, but some of my engineering friends still don’t seem to get it.
I see a lot of engineers make the argument “AI outputs still aren’t that great, code quality isn’t the same as writing it by hand.” And it’s all true, their argument is not wrong.
But a coding agent can produce in a few hours what would take one of these engineers a month, or more. And I’ll even accept at face value that their well-thought-out, carefully written “artisanal code” would be better. But it would take them 10x longer to get out.
So the fundamental thing we’re doing is to take this average code, generated in a day by an LLM, and try to make it a little above average. We are prompting our way onto something we can stand behind and support.
And even if that extra work takes let’s say a week & it’s frustrating as hell to get it to something we can stand behind, a week is still better than spending a month or more. So that’s the tradeoff.
And if you write code for money, pretty soon, nobody is going to let you take a month to write it carefully.
Businesses all exist in a competitive space, if other businesses find a way to move faster by willingly making this tradeoff, they’ll all be forced to work this way. And it’s already happening and it will continue to happen.
Then on top of all this, I notice many of us have this old mental model that we are writing code for other humans to extend, to work with, to add features to, etc. And in that world code quality matters a lot.
But it’s unclear to me now that other humans will ever extend your code again. If these models improve even a little bit more, models will always be extending your code from now on.
In that new world, you have to almost always make this tradeoff and you have to become great at it.
83
38
474
53,697
