← All stories
● Covered by 1 source Β· 1 reportMedium impact

AI Audit Reveals Bugs in Cloudflare's CIRCL Cryptography Library

Aggregated by BrevFeed dev Β· updated 2h ago
πŸ”– Save

zkSecurity's zkao AI audit detected seven bugs in Cloudflare's CIRCL library, including critical vulnerabilities. These findings highlight the effectiveness of AI in identifying issues in cryptographic code and contribute to ongoing improvements in automated security auditing tools.

Key points

Overview of Findings

zkSecurity's AI audit pipeline evaluated Cloudflare's CIRCL experimental cryptography library. It confirmed the presence of seven real bugs, highlighting vulnerabilities such as a critical float64 precision loss in threshold RSA and a complete access-control break in attribute-based encryption. All identified bugs have now been fixed in the upstream repository.

The Role of zkao

Building the zkao AI audit agent involves generating continuous insights to improve code security. The goal is to maintain an automated auditor that identifies all bugs detectable by AI. The approach requires extensive experimentation and iteration to encode the expertise of security researchers effectively.

Experimentation and Techniques

Experiments using large language models (LLMs) on open-source cryptography projects indicated the agent's capacity of detecting vulnerabilities. Two configurations were tested: LLM-only and LLM integrated with expert-maintained skills. Notably, zkao consistently identified more complex vulnerabilities than LLMs alone.

Implications for the Cryptography Field

The findings from this audit not only demonstrate the potential of AI tools to detect vulnerabilities in cryptographic code but also underscore the need for continuous improvement in such technologies. Understanding how AI models reason about cryptography can help refine auditing practices and benchmark developments.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

GitHub cloudflare/circl

Reporting from

zkSecurity's zkao AI audit detected seven bugs in Cloudflare's CIRCL library, including critical vulnerabilities. These findings highlight the effectiveness of AI in identifying issues in cryptographic code and contribute to ongoing improvements in automated security auditing tools.