Cloudflare's CIRCL Library Fixed After AI-Identified Bugs
Cloudflare's CIRCL experimental cryptography library has been updated to fix seven critical bugs identified by an AI audit pipeline. The bugs, including a float64 precision loss and access-control break, were found by zkSecurity's AI audit agent, zkao. The fixes were implemented upstream, ensuring the security of users relying on the library.
Key points
- Cloudflare's CIRCL library was audited by zkSecurity's AI audit agent, zkao, which identified seven critical bugs.
- The bugs included a float64 precision loss in threshold RSA and a complete access-control break in attribute-based encryption.
- All seven bugs have been fixed and the updates were implemented upstream.
- zkao is an AI audit agent developed by zkSecurity to continuously audit open-source code for bugs and vulnerabilities.
- The AI audit pipeline is part of zkSecurity's efforts to build a benchmark suite for zkao and improve its capabilities.
Cloudflare's CIRCL experimental cryptography library has been updated to address seven critical bugs identified by an AI audit pipeline. The bugs, which included a float64 precision loss in threshold RSA and a complete access-control break in attribute-based encryption, were found by zkSecurity's AI audit agent, zkao.
The fixes were implemented upstream, ensuring the security of users relying on the library. This development highlights the importance of continuous auditing and testing in ensuring the security of open-source code.
zkSecurity's AI audit agent, zkao, is a key part of the company's efforts to build a benchmark suite for the tool. The AI audit pipeline is designed to continuously audit open-source code for bugs and vulnerabilities, with the goal of creating an automated auditor capable of finding all bugs that can be detected by AI.
The identification and fixing of these bugs demonstrate the value of AI-powered auditing in improving the security of open-source code. As the use of AI in auditing and testing continues to grow, it is likely that we will see more instances of critical bugs being identified and fixed in open-source code.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.