Least Authority recently conducted an AI-assisted security audit across several security-critical repositories in the Zcash ecosystem at the request of Zcash Community Grants (ZCG). The goal of this work was to explore how AI-assisted workflows can support security review at scale while still relying on careful human verification before any
Security audits, managed crowdsourced security platforms, and open bug bounty programs are often treated as interchangeable approaches to security testing. In practice, they serve different roles. While crowdsourced approaches and bug bounty programs are effective at uncovering vulnerabilities in deployed systems, both remain inherently exploratory rather than systematic. Security audits
Consent is one of the six lawful bases for processing personal data under the GDPR (Article 6(1)(a) GDPR). To be valid, it must be freely given, specific, informed, and unambiguous, reflecting a clear expression of the data subject’s wishes (Article 4(11) GDPR). In theory, this provides a strong safeguard, ensuring
“AI won’t replace humans. But humans who use AI will replace those who don’t.” The line is widely repeated, and it has recently been attributed to Sam Altman in mainstream coverage. It also appears in a widely circulated Harvard Business Review framing of the same idea. For security audits, the
Despite the preferences of data protection fundamentalists for minimal disclosure, disclosure obligations are legally required in several areas with the aim of protecting the integrity of the financial system and ensuring legal and ethical conduct. These include Know Your Customer (KYC) processes, beneficial ownership reporting, sanctions compliance, and tax reporting.
All audits are significant in their own ways, but some stand out for their technical complexity, ecosystem influence, or global significance. As we approach the milestone of having completed 300 security audits, we wanted to take a moment to reflect on what this achievement represents. The Credibility Is in the
Least Authority has been awarded a grant from the Ethereum Foundation’s Verified zkEVM program to create a comprehensive Lean blueprint for two cryptographic protocols, STIR [ACF+25] and WHIR [ACF+24], which are interactive oracle proofs of proximity (IOPPs) for Reed-Solomon codes. The zkEVM Program is a recent initiative that aims to
Threshold signing protocols, like FROST, help to facilitate trust while avoiding the reliance on a centralized authority. They do this by fault-tolerantly distributing information or computation among a cluster of cooperating computers. With the rapid advancement of secure digital systems, threshold cryptography is gaining traction through securing multi-signature wallets, protecting