AI vulnerability research is non-deterministic. The same model looking at the same code won't take the same reasoning path every time. Some paths find nothing. Some paths find the bug. A single scan is a coin flip. But what if you keep flipping? Introducing zkao.

zkao makes AI security research work the way fuzzing works: not as a one-shot event, but as something you run continuously until coverage compounds. We're starting with Circom, where we have deep expertise from 100+ ZK system audits.

Connect your GitHub repo once. zkao will: - run scans on a schedule (and on demand) - re-scan when models improve - re-scan when we ship new patterns from real audits - deduplicate findings - surface new results months later as coverage improves

Your coverage improves along three axes: 1. models get better 2. our patterns get richer (learned from real Circom audits) 3. probability compounds with repeated runs Even if your code doesn't change, your security coverage does.

zkao isn't trained on vibes. It's informed by what we see in practice. Under-constrained signals, unsafe assignments, missing range checks, subtle cross-template logic flaws. All patterns from real engagements, encoded into agents that scan your codebase.

zkao is now in early access. If you have Circom circuits and want security research that keeps getting smarter over time: Want early access? Reach out: Security shouldn't be a one-time event. It should compound.