Subscribe
Blog / Introducing ZCAM: A Cryptographic Camera to Prove What's Real
Featured Post

Introducing ZCAM: A Cryptographic Camera to Prove What's Real

by Succinct 4 min read
Introducing ZCAM: A Cryptographic Camera to Prove What's Real

Using cryptography to restore authenticity on the internet in the age of AI

Today we're launching ZCAM, a camera app for the iPhone designed to prove what’s real.

ZCAM cryptographically signs photos and videos at the moment of capture, producing a tamper-proof record that links content to the device that captured it. Anyone who sees the content can independently verify that it came from a real device and is not digitally altered or generated.

Chasing Fakes: Why Detection is a Dead End

AI-generated content has become increasingly indistinguishable from reality. Fakes have been weaponized to sway elections, major news outlets are airing false footage, and AI-driven fraud is projected to hit $40 billion next year.

Governments, companies, and researchers have invested heavily in tools trained to detect AI-generated content. These efforts are well-intentioned, but they do not work.

Researchers at Succinct Labs benchmarked 7 leading commercial detectors on AI-generated images simulating real-world fraud – fake receipts, delivery proofs, and insurance claims. Detectors performed reasonably well on unmodified images, but simple edits such as blur, compression, and noise reduced detection rates by up to 96%. The full results are available in the research report

Detection rates of 7 commercial AI image detectors across 8 image categories under three conditions: Base (unmodified), Mild edits, and Strong edits.

Knowing how easily detectors fail, we spent the past few months asking ourselves the opposite question: can we prove a photo is real? We developed a practical way to cryptographically fingerprint media. The result is an empirical claim about media that can be mathematically verified.

How ZCAM Works

ZCAM builds on the hardware found in modern devices. Smartphones, cameras, and recording devices have secure chips that can generate unique cryptographic signatures. When a user takes a photo or records a video with their iPhone, the ZCAM app computes a cryptographic hash of the raw pixels.

The iPhone then signs that hash with a unique private key generated within its Secure Enclave, a tamper-resistant coprocessor in every modern iPhone. The Secure Enclave generates and stores cryptographic keys in an isolated environment, meaning the keys never leave the iPhone hardware.

Apple’s App Attest service then produces an attestation binding the key to ZCAM. This guarantees that a signature came from the ZCAM app itself. The capture metadata, signature, and attestation are all embedded as a C2PA manifest, an open standard developed by Adobe, Microsoft, Google, OpenAI, and the BBC, among many others, for embedding signed provenance metadata directly into media files.

The result is a photo that carries its own chain of custody. When a platform receives a ZCAM photo or video, it extracts the C2PA manifest from the file, recomputes the has, and checks the signature. If a single pixel was changed – through edits or AI manipulation – the hashes won’t match. If they do match, the viewer knows the photo is real.

Photo taken on ZCAM: https://zcam.succinct.xyz/z/LE9T8FW

Using Cryptography to Prove What’s Real

Succinct is an applied cryptography company. We developed SP1, the world's fastest zero-knowledge virtual machine, which secures over $4B in digital assets. Our products use cryptography to establish trust where none exists, proving transactions, verifying computation, and securing assets without intermediaries. 

Authenticity on the internet is the same structural problem. Every piece of content — image, video, text, files — should carry a verified record of its origin, embedded natively so viewers don't have to trust the platform or the creator.

The primitives already exist. Secure enclaves, attestation services, and open provenance standards have all shipped on consumer hardware in the last few years. ZCAM is what happens when you put them together. No single primitive is perfect, however. Secure enclaves have been broken before, and middleware between capture and signing can be tampered with. Closing that last gap is an active research frontier. ZCAM composes the strongest primitives available today so that no one layer is load-bearing, making it a first step toward an internet where anyone can prove what’s real.

These ideas are gaining traction among the highest levels, including Adam Mosseri, Balaji Srinivasan, and Marc Andreessen.

Try ZCAM Today

You can download ZCAM on the iOS App Store right now. Take a photo. Share it. Prove it’s real at zcam.succinct.xyz.

If you're building something where image authenticity matters, the ZCAM SDK provides the same primitives you can integrate into your own app. The repo is a reference implementation. It's unaudited and not production-ready.

And if your business depends on visual trust — insurance claims, journalism, identity verification, marketplaces, legal evidence — get in touch. Let's prove what's real.