AI vulnerability research is non-deterministic.

That sounds like a problem until you realize it’s also an opportunity: the same model looking at the same code won’t take the same reasoning path every time. Some paths find nothing. Some paths find the bug.

Meaning: a single scan is a coin flip.

In 2025, security researcher Sean Heelan documented this clearly while using OpenAI's o3 on Linux kernel SMB code: the model surfaced the benchmark vulnerability in 8 out of 100 runs, and in many runs it concluded there was no bug. The punchline wasn’t “LLMs are unreliable”. The punchline was:

If you keep running it, you stop needing luck.

That's the idea behind zkao.

Today we're launching zkao, a product by zkSecurity, built to make AI security research work the way fuzzing works: not as a one-shot event, but as something you run continuously until coverage compounds. We're starting with Circom, a DSL for writing zero-knowledge circuits, where zkSecurity has deep expertise from 100+ audits.

One shot is variance. Repeated runs are coverage.

Fuzzers don’t find the crash on run #1.
They find it on run #14,392.

AI-driven analysis behaves similarly, except the randomness isn't inputs, it's reasoning. Each run explores different angles: data flow, constraint logic, template interactions, edge-case semantics. Some runs get close. Some runs miss. Some runs stumble into the exploit.

So the right unit isn’t “did it find a bug once?”
It’s “what is the probability we’ve covered the dangerous reasoning paths over time?”

That’s what zkao is optimized for.

What zkao does

Connect your GitHub repo once. zkao will:

• run scans on a schedule (and on demand)
• re-scan automatically when models improve
• re-scan when we ship new vulnerability patterns learned from real audits
• deduplicate findings, so you don’t see the same bug twice
• surface new results even months later, as coverage improves

You get audit-style reports: concrete findings, exact code locations, and recommendations, optimized for signal, not volume.

Built from audit reality, not generic “AI security”

zkao isn’t trained on vibes. It’s informed by what we see in practice.

zkSecurity has completed 100+ ZK system audits, with Circom being the most common DSL. Every engagement teaches new failure modes (under-constrained signals, unsafe assignments, missing range checks, subtle cross-template logic flaws) and those patterns get encoded into the agents that run on your codebase.

So your coverage improves along three axes:

1. models get better

2. our patterns get richer

3. probability compounds with repeated runs

Even if your code doesn’t change, your security coverage does.

Pre-audit, post-audit, or always-on

Use zkao to:

• catch avoidable issues before a human audit
• complement a completed audit with continuous scanning
• keep coverage compounding between releases

Audits remain the gold standard. zkao is how you keep the pressure on after the snapshot.

Try it

zkao is now in early access.

If you have Circom circuits and you want security research that keeps getting smarter over time, start here: zkao

Want to get early access? Reach out at zksecurity.xyz/contact.

Security shouldn't be a one-time event. It should compound.