AI Audit Uncovers Seven Real Bugs in Cloudflare's CIRCL
zkSecurity's AI audit tool found seven real bugs in Cloudflare's CIRCL cryptography library, all now fixed and mostly rewarded via HackerOne.
zkSecurity ran its autonomous audit agent zkao against Cloudflare's CIRCL, an advanced and post-quantum cryptography library, and confirmed seven real vulnerabilities. All seven have since been fixed upstream, and most were validated and rewarded through Cloudflare's HackerOne bounty program. This is the opening post in a planned series documenting bugs zkSecurity's AI agents find across open-source cryptography projects.
The team tested two setups — a plain LLM with a simple prompt, and an LLM augmented with expert-authored 'skills' — before running zkao itself on the same codebase. zkao not only reproduced every finding but surfaced more complex, higher-severity issues on its own. Even so, AI output is treated as candidate findings only: human reviewers still verify exploitability, trim proof-of-concept code, and manage disclosure, since generating candidates is cheap but producing trustworthy reports is not.
Among the standout bugs: a float64 precision-loss flaw in threshold RSA polynomial evaluation (rated critical by the AI but low by Cloudflare), a DLEQ proof that could be forged because the security parameter was attacker-controlled rather than verifier-set, and a BLS aggregate-signature check missing message-distinctness validation — a textbook rogue-key attack and the one case where the AI underrated severity as medium instead of high. A CP-ABE access-control break found independently by zkao was rated critical by both the AI and Cloudflare.
A key takeaway is the recurring mismatch between AI-assigned and Cloudflare-confirmed severities, underscoring that self-rated severity from AI tools is noisy and why human validation remains essential in the audit pipeline.