We just released v1.2.0 of zkao, deep research for finding cryptography bugs! If you've never seen what zkao looks like, or what zkao can do for you, take a look!
Shipped zkao 1.2.0. 🚀
The theme: you decide how findings are labeled and tracked, and your scans get sharper at catching real bugs, including on code earlier scans already looked at.
A few things I'm excited about 🧵
And re-scanning got cheaper. Scan a commit close to one already scanned and zkao updates its understanding for just what changed instead of rebuilding from scratch, so a small change costs a fraction of a first scan. Same when you only tweak your guidance.
It's happening! zkao is now one of the best tool in our toolbox at zkSecurity. It's deep research but for finding bugs.
We run it by default on any codebase we audit internally, and it's already the source of TONS of amazing bugs that we reported during audits.
Every time we find bugs that zkao miss, we teach zkao how to find them. The tool learns from a multitude of codebases and from a diverse range of bugs + our expertise.
It gets better and better over time, as we release these updates and as models get better. Every scan is a chance to find new bugs.
And we throw EVERYTHING we have at bugs. We pretend that the sky's the limit in terms of budget. We want teams that have high expectations to throw as many tokens as they want to find all the bugs. And then we optimize so that cheaper scans can still one-shot and provide value to smaller projects. If the smaller scans (using smaller models) improve, our theory is that much more clever models will improve even more.
A zkao max scan (our most powerful scan) takes around 9h to finish, and runs many different techniques and tools on your codebase.
If you want to give it a shot, the smallest plans cost a FRACTION of an audit, and give you around 2-3 zkao max scans per months.
We already have some seriously amazing users from the closed beta, and I'm excited to onboard more users and help them find all the bugs :)