ZCAM app brings cryptographic proof to photos for KYC, fraud use cases

The ease and fidelity with which generative AI creates imagery has turned the veracity of what you see online into a slippery slope. The truthfulness of photography is not a new problem but a new app aims to establish cryptographic proof.

A pair of former Google Brain and Nvidia researchers have launched a new cryptographic camera system to prove whether a photo is genuine at the moment it is taken.

San Francisco–based cryptography startup Succinct has unveiled ZCAM, a free iOS camera app and developer SDK that embeds a cryptographic proof into every image at capture.

Alongside the app, Succinct is releasing a developer SDK that allows platforms to integrate provable image capture into their own workflows. The company notes in its announcement that potential applications include insurance claims, delivery confirmation, marketplace disputes, newsroom sourcing, age verification and expense reporting.

The company points to recent incidents, such as a DoorDash driver banned for submitting an AI‑generated delivery photo, as examples of fraud the SDK could prevent.

Fraudulent delivery driver accounts have also been a problem for the gig economy, despite delivery drivers having to complete biometric KYC checks.

This suggests another potentially major use case for Succint’s new cryptographic camera in taking trustworthy photographs that could provide protection against deepfakes and biometric injection attacks in KYC processes more generally.

Instagram head Adam Mosseri has publicly said cryptographic content signing will be necessary to address AI‑generated media. The EU AI Act’s draft Code of Practice, enforceable from August, calls for multilayered provenance systems that include cryptographic proofs embedded into content.

Succinct was founded by Uma Roy, a former Google Brain researcher who trained large language and generative AI systems, and John Guibas, a former Nvidia engineer who worked on foundation models.

“Right now, a war correspondent and a teenager with a prompt can produce the same JPEG,” says Roy, cofounder and CEO of Succint. “ZCAM embeds a cryptographic proof at capture that editing, screenshotting, or resharing won’t remove. You don’t have to trust the source, because you can verify the math.”

The launch comes days after OpenAI released ChatGPT Images 2.0, which further blurred the line between synthetic and real photography.

Generative AI has made it trivial to produce realistic images, video and audio, overwhelming platforms with fabricated media. Succinct’s own benchmark, AdversIm, tested seven commercial deepfake detectors on more than 15,000 images.

It found that while tools initially achieved over 90 percent accuracy, performance fell as low as 11 percent after simple edits such as blur, noise or JPEG compression. A New York Times investigation published in February reached similar conclusions.

ZCAM uses the secure enclave in modern iPhones to generate a cryptographic proof that an image was taken by a specific device at a specific time and location. The proof is bound to the image and can be verified by anyone without relying on a central authority.

Succinct takes a different approach from the C2PA provenance standard that’s supported by Adobe, Google, Samsung and the BBC. C2PA relies on metadata, which can be stripped or broken when content is screenshotted or moved. Succinct recently joined the C2PA coalition and intends ZCAM to be a complementary cryptographic layer that persists even when metadata does not.

Succinct says it is already working with platforms, marketplaces and newsrooms to integrate the technology. ZCAM is available now on the iOS App Store, with an Android version in development. The SDK is available to developers at zcamdocs.succinct.tools.

Article Topics

AI fraud  |  deepfake detection  |  generative AI  |  injection attack detection  |  KYC  |  onboarding  |  Succint  |  ZCAM