About ZK Security
The Person Behind It
ZK Security is built and maintained by Scott Carlson through Savy Advisors LLC.
Scott has been in information security since 1996. Over three decades he's worked across enterprise security, identity and access management, and payment systems — including roles at PayPal, BeyondTrust, and Kudelski Security.
In 2017 he moved into blockchain security full-time. Since then he's participated in the first security audits of Solana, Circle's on-chain infrastructure, and numerous other protocol launches. At Kudelski Security he authored the Digital Asset Custody Research Paper — a widely referenced report on custody deployment models and security architectures.
Zero-knowledge systems are the sharpest edge of that world. Proof systems concentrate enormous value behind a handful of constraints, yet the pool of people who can actually audit a circuit is tiny — and most "which auditor should we use?" advice comes with conflicts of interest.
ZK Security exists to close that gap: an independent directory of ZK tooling and ZK-capable audit firms, original guides on circuit security, and an automated research feed tracking proving-system vulnerabilities. Practitioner experience sets the editorial direction; AI pipelines do the continuous monitoring.
30 Years in InfoSec
From enterprise security in 1996 to first audits of major protocol launches. Deep experience across every layer of the stack.
No Conflicts
Independent advisory through Savy Advisors LLC. We don't sell audits or run a security firm. Our only incentive is accuracy.
AI-Powered
AI research pipelines continuously track ZK vulnerability disclosures, audit reports, and tooling releases so the directory stays current.
Why ZK Security Needs Its Own Site
Zero-knowledge bugs don't look like ordinary smart-contract bugs. An under-constrained circuit compiles, passes its tests, and generates valid-looking proofs — right up until someone crafts a witness the developers never intended and the verifier happily accepts it. Traditional audit checklists barely touch this failure mode.
The tooling, the auditor skill set, and the incident history of ZK systems are all distinct enough from general Web3 security that teams deserve a resource focused on exactly this: proving systems, circuit languages, constraint analysis, trusted setup hygiene, and verifier integration.
ZK Security tracks that landscape continuously — which firms have real circuit audit track records, which analyzers actually catch constraint bugs, and what the latest proving-system disclosures mean for your stack.
How We Curate
Every tool and auditor in our directory goes through a multi-step evaluation:
- Discovery — AI pipelines scan GitHub, ZK research forums, audit report archives, and vulnerability disclosures for new tools and firms.
- Verification — Claims are verified against public data: published audit reports, GitHub activity, and community reputation.
- Expert Review — Practitioner review adds context automation can't capture — like whether a constraint analyzer holds up in real audit workflows.
- Continuous Monitoring — Listings are re-evaluated regularly. Inactive tools get flagged, stale entries get demoted, and new data is incorporated automatically.
Get in Touch
Have a question, want to list a tool or firm, or need help choosing a ZK auditor? We'd love to hear from you.
Contact Us