Every product runs on the same cryptographic core. Some of them are end-to-end encrypted; others are cryptographically signed. Formal protocol models are shipped today for Auth, Vault, and AI Agent. Built once. Packaged seven ways. Protocol details available to qualified evaluators under NDA. Targeting consumers, developers, enterprises, and the entire country of India.
Every product below uses the same battle-tested cryptographic primitives. We never rebuild the crypto — we repackage it for different use cases.
Specific primitives, handshake sequences, and formal-model files are released to qualified evaluators under NDA via security@zoza.world. This page describes what our cryptography guarantees — not how to rebuild it.
Full Signal Protocol E2E encryption. 1:1, groups, channels. Web + Android + Desktop. Every message carries a cryptographic proof users can verify themselves.
Tap the lock icon on any chat and see the exact encryption state — cipher algorithm, current ratchet step, derived key hash, initialization vector, and full ciphertext. Paste the ciphertext into any authenticated encryption tool, decrypt with your private key, and prove the server cannot read it. No other messenger exposes this.
"End-to-end encrypted" is marketing in most apps. Read the 6 concrete ways the platforms you use today expose your messages, and exactly how Zoza Messenger closes each one.
An SDK that encrypts form data on the user's browser before it leaves their device. CDNs, WAFs, proxies, and even your own infrastructure see only ciphertext. Only your server's private key decrypts.
User submits sensitive data (SSN, medical, financial). It travels through CDN, load balancer, WAF, app server, database — all in plaintext after TLS terminates.
Vault SDK encrypts each form field on the user's device using your service's public key. Only your private key (on your isolated decrypt endpoint) can read it.
Drop <script src="vault.js"> into your form page. Add data-vault
attributes to sensitive fields. Every value is authenticated encryption encrypted on-device using your public
key before the browser submits. Cloudflare, your WAF, your
load balancer, your application logs, and your database all see opaque ciphertext. Only
your isolated decrypt endpoint can read it.
"HTTPS is enough" is the most dangerous myth in web security. TLS terminates at the edge. After that, your sensitive data is plaintext in 5+ places before it reaches your database. Read each one. Decide whether your current stack defends against it.
data-vault="false"). The PII blob is opaque to the edge.
$500M+
Free during the pilot window · paid tiers TBD after trust is earned
~2,400 lines / 6 weeks
"DKIM for humans." Banks, e-commerce, and government sign every SMS/email/push with cryptographically signed. The Zoza app verifies the signature — green badge = real, red = scam. Kills SMS phishing.
Every SMS that arrives on the phone is paired with a parallel push to Zoza from the sender's registered server. That push carries the cryptographic signature of the message plus the sender's verified identity. If the signature verifies against the bank's registered public key → green badge. If the SMS arrived with no matching push → red "UNVERIFIED" banner. Users learn in one day: green = real, red = delete.
SMS was designed in 1984 for pagers. It has zero authentication, zero encryption, zero origin verification. Yet every bank in India sends OTPs, balance alerts, and transaction confirmations over it. Verify fixes SMS by adding a parallel cryptographic proof channel. Study each attack.
HDFC-BK, SBI-UPI) are plaintext text fields with no authentication. Any SMS gateway in any country can claim any sender ID. Telecom regulators block obvious abuse but novel spoofs slip through daily. Attackers rent SS7 access for cents per message.
sbi-kyc.in looks official. Victim clicks, lands on a pixel-perfect clone of SBI's login. Enters credentials + OTP. Attacker drains the account via UPI in under 90 seconds. Indian fraud helpline (1930) registers 10,000+ of these daily.
A browser extension + mobile app that checks every dApp, every signature request, every address against cryptographic signatures. No more guessing if "Uniswap Support" on Telegram is real.
Each card below shows the exact attack mechanics on the left and Shield's exact defense on the right, step-by-step. This is the material your security team should read before any integration call.
uniswap.claim-app.io) or posts a fake "airdrop eligible" X reply.eth_signTypedData_v4 with a Permit2 struct for USDC / USDT / WETH / stable LP tokens. This is an off-chain signature, not a transaction.unlimited approval valid for 30 days, plus transferFrom authority.transferFrom call via a drainer bot — the victim's entire USDC / USDT balance moves to the attacker in one block.eth_signTypedData and eth_signTypedData_v4 call before MetaMask sees it.uniswap.claim-app.io asking for a Uniswap Permit = mismatch. Blocked.setApprovalForAll(operator, true) on the victim's NFT collection contract.transferFrom on each NFT in the collection — the granted operator can move every NFT the victim owns in that contract, past, present, and future.approve(operator, MAX_UINT256) — unlimited token allowance.eth_sendTransaction and decodes the 4-byte function selector against known allowance-granting signatures.setApprovalForAll, approve(MAX_UINT256), and Permit2 allowance patterns including newer variants.setApprovalForAll(op, false).setApprovalForAll to the attacker. Kevin Rose
drain (Jan 2023, $1.1M in BAYC/Autoglyphs) — phishing site pretending to be SuperRare. One
signature, entire collection gone.
0xa4b1…7f3e, fake: 0xa4b1…7f3e with different middle bytes.0xa4b1…7f3e. Victim visually verifies first/last 4 chars. Match. Sends.arbitrum-airdrop.foundation, layerzero.claim, connext-rewards.xyz, etc. Often typosquats like lnch.io vs lens.xyz.window.ethereum.request before the page's script can access it. Every wallet-connection attempt is gated by registry lookup first.Uniswap Support, Uniswap | Helpdesk. Avatar is stolen from the real team.uniswap.support-help.io."validate.walletconnect.io — fake domain, triggers Permit2 drain.uniswap.support-help.io, the registry check (Attack 04 defense) fires — red block.AddClipboardFormatListener (Windows) or equivalent on macOS / Linux.0x[a-fA-F0-9]{40} for EVM, similar for BTC/SOL/LTC/TRX.0xa4b1…7f3e — matches what they copied. They don't notice.eth_sendTransaction the wallet is about to submit and captures the destination address.0xa4 61 77 be 00 00 00 00… plus a "Blind signing required — enable in settings" warning.zoza.world/decode. Paste the raw TX hex, see human-readable output.unpkg.com/@ledgerhq/connect-kit) immediately serves the malicious version to all its users.setApprovalForAll when the manifest only permits swap) triggers immediate block + alert to the dApp team.@ledgerhq/connect-kit-loader. Within minutes, every dApp using the library (Zapper,
SushiSwap, Revoke.cash, Phantom, Hey, Kyber, Lido, etc.) served the drainer to every user. Lido's
whitelisted allowlist caught some of it. The rest — drained. Estimated blast radius: millions of
wallets exposed over 5 hours.
Shield is not Ethereum-only. Drain attacks happen on every smart-contract chain. Here's exactly which provider interfaces the current code hooks, which are partial, and which are planned.
| Chain | Drain share (2024) | What we hook | Status |
|---|---|---|---|
| EVM ETH, Polygon, Arbitrum, Optimism, Base, BSC, Avalanche, zkSync |
~78% — the dominant drain surface. Permit2 alone = $150M+ in 2024. | window.ethereum + EIP-6963 providers. eth_sendTransaction, eth_signTypedData_v4, personal_sign, eth_sign. Full EIP-712 Permit/Permit2/PermitForAll detection + 4-byte ABI decoding. |
Defense shipped |
| Solana Phantom, Solflare, Backpack, Glow |
~15% — fastest growing. Rainbow Drainer, Drainer.so. | window.solana + Wallet Standard. signTransaction, signAllTransactions, signAndSendTransaction, signMessage. Flags the batch-signing drainer pattern (≥5 txs in one confirm). |
Batch flag shipped · full instruction decoder planned |
| Tron TronLink |
~4% — TRC-20 USDT approval drains dominate. | tronWeb.trx.sign. Reuses the EVM 4-byte decoder for TRC-20 calldata — flags approve / transferFrom / unlimited allowance. |
Defense shipped |
| Bitcoin Xverse, Unisat, OKX, Leather |
~2% — clipboard hijack + address poison (no smart-contract approval class). | Chain-agnostic clipboard-hash compare covers the main BTC threat (address swapping). No unified provider standard — per-wallet adapters required. | Clipboard guard shipped · provider hooks planned |
| Sui / Aptos / Near / Cosmos / TON | ~1% combined — long tail, low current volume. | No provider hook. Clipboard guard + phishing-URL registry still work. | Planned (demand-driven) |
Every security tool is a target. If you're integrating Shield, you should ask us directly: "how does Zoza itself get hacked, and what happens when it does?" Here is the honest answer we give customers. No marketing, no "military grade" language, no hand-waving.
| Attack surface | Severity | What defends against it today | Gap · timeline to close |
|---|---|---|---|
| Root signing key stolen Attacker signs a fake registry → every Shield user trusts a drainer site. |
Critical | Extension verifies every registry payload against the hardcoded root public key. Without the specific private key, no fake registry can be pushed. | Key must move to offline HSM + 2-of-3 multisig. ~2 weeks (Yubikey / AWS CloudHSM). |
| Chrome Web Store extension hijack Malicious update shipped to every Shield user (Ledger Connect Kit pattern). |
Critical | 2FA + hardware key on the publisher account. No single signer can ship. | Reproducible builds + signed release bundles not yet in CI. ~1 week. |
| Fly.io backend server compromise Messenger / Auth / Verify relay breached. |
Medium | Messenger: Signal Protocol E2E — server sees ciphertext + metadata only, never plaintext. Auth: double-sealed payload, relay is blind. Shield API: cannot forge registry without root key. | Metadata retention policy not yet public. ~1 day to write + publish. |
| Endpoint / device malware Attacker has root on user's phone or laptop. |
High | SQLCipher-encrypted local DB, SeedVault / Keychain key storage, auto-lock, clipboard guard. | Not defensible by any E2E app. If malware runs as you, it sees what you see. This is the OS's job, not Zoza's. |
| Novel Permit variant Shield hasn't seen Custom off-chain-approval struct not in our decoder. |
Medium | Decoder falls through to "typed signature" generic warning. User still sees a Shield modal, just with less detail. | Shield client SDK is open-source (@zoza/shield on npm); server-side decoder is source-available under NDA for auditors. New variants added by the Shield team. Bug bounty on undetected variants planned once Immunefi program is live. |
| Nested multicall / delegatecall calldata Outer call is multicall(bytes[]); real action hidden inside. |
Medium | Current decoder shows the outer multicall but not the inner calls. User still sees the modal. | Nested ABI walker planned. ~1 week (~600 lines). |
| Malicious / coerced Zoza employee Insider approves a phishing site as "verified" or delays flagging a drainer. |
High | Today: only Zoza team can push to the registry. This is a single trust point — uncomfortable, and we say so. | Public append-only audit log + 24h challenge window + registry multi-sig. ~1 week. |
| User socially engineered into disabling Shield "Sir, please whitelist this site to complete your transaction." |
High | In-extension onboarding card teaches the rule: "No real support ever asks you to disable security." | Cannot be fixed by software. This is a cultural/education problem. |
| Government subpoena / lawful access request | Medium | E2E messages: unreadable even with server seized. Shield registry: public by design — nothing to hand over. Metadata: some is retained. | Warrant canary + transparency report planned. Quarterly. |
| No external bug bounty program | Medium | Internal review + source-available code (open-sourcing planned). Researchers email findings today; public GitHub disclosure channel opens with the open-source release. | Immunefi or HackerOne program. 1-2 weeks setup. |
@zoza/shield, MIT); the server decoder is source-available under NDA with broader release sequenced post-pilot; (d) you being socially engineered into disabling Shield.
Every other attack surface has a defined defense. Shipped ones are marked shipped. Designed-but-not-built ones are marked planned. No marketing claims. No ‘military-grade’ language.”
"Yes, Zoza is hackable. Here's the list. Here's what's defended in code, here's what's operational-risk, here's the timeline to close each gap. Every gap is visible because hiding them makes us less secure, not more. You are welcome to audit the registry, request source access to audit the extension, and run a fuzzer. Public open-source release and bug bounty both planned. We will never tell you we're unhackable."
"Military-grade encryption." "Unbreachable." "Quantum-resistant" (without specifying the KEM). "We cannot read your messages even if we wanted to" (without showing you the code that proves it). Any vendor that uses these phrases is selling you a feeling, not a threat model.
@zoza/shield, @zoza/vault, @zoza/auth, @zoza/sign, @zoza/verify, @zoza/ai) and GitHub (CoreCogitAI/*-js-sdk). Backend server code (Shield decoder, phishing registry, Messenger E2E stack with 158 tests) is source-available under NDA for customers and auditors; sequenced for broader release after first production pilots. Email security@zoza.world for backend source access, to submit a decoder pattern, or to join the private disclosure list.
Integration is the last step, not the first. Your security team should have reviewed every attack above before you reach this section. These are the 6 concrete steps to onboard.
Prove domain ownership via DNS TXT record. Register your project signing key. Counter-signed by Zoza root. Takes 10 minutes. Puts you in the signed registry.
Declare which operations your app will ever request: swap, add liquidity, mint. Anything else will be blocked as an exploit even if your frontend gets compromised.
List every JS library your app loads with its expected integrity hash. Shield verifies loaded bundles against this manifest at runtime.
Sign a list of your team's official social handles + Zoza usernames. Shield shows green-verified badges in Discord, Telegram, X. Kills impersonation.
On-chain guard contract that vetoes multisig TXs unless signed intent matches calldata. Prevents blind-signing exploits. Bybit would have been stopped here.
Migrate support from Discord DMs to an E2E-encrypted Zoza channel. Team members have signed badges. Users cannot be DM'd by impostors.
50-100M crypto users
Free through late 2026 · Pro tier TBD after trust is earned
~40% of consumer crypto incidents
The hardware-wallet pivot taught us the real problem: users blind-sign because UIs lie to them. Sign v0.3 is a multi-chain transaction decoder + on-chain Safe Guard module + signed receipt webhook — the verification layer that should have caught Bybit's $1.46B before the signer tapped approve.
sign-api.zoza.world — decode + verify + receipt-anchor endpointsexecTransaction succeeds — bypasses no UI, requires no UX changeThe actual transaction the Bybit signer approved on 21 Feb 2025. Their Safe{Wallet} UI rendered it as a routine internal movement. Here's what the same bytes look like through Sign's decoder:
Same payload. The Safe UI rendered it as a token transfer. Sign rendered it as a delegatecall to an attacker-controlled implementation contract. The signer needed three lines of CLI output to refuse the transaction.
Live API · 91 tests · 5/5 heist detection
~3,200 LOC Go + Safe Guard contract
$100M (~500 institutional signers)
Free pilot for institutions · free decoder for individuals (forever)
India's broken OTP system: SMS interception, SIM swaps, social engineering. 200B+ UPI transactions/year all depend on 6-digit SMS codes. Zoza Auth replaces OTP with cryptographic device-bound authentication. Essentially FIDO2/Passkeys packaged as an API for Indian banks.
1. Bank → user's device. Your backend issues a challenge bound to the specific action ("Approve ₹15,000 to Flipkart?"). The challenge is encrypted so only the user's device key can read it. Zoza relay sees encrypted bytes + routing metadata — nothing else.
2. User's device verifies the bank. Before showing any prompt, the device cryptographically verifies the message came from the bank's registered identity — not a lookalike, not a proxy. Failed verification = no prompt shown to the user.
3. Biometric unlock + device-bound signature. User approves with Face ID / fingerprint. The approval is cryptographically signed by a key that lives inside the device's hardware Secure Enclave (iOS) or StrongBox Keystore (Android). The private key cannot be extracted — not even by a fully rooted device.
4. Bank verifies the signature. Your backend cryptographically verifies the signature against the device's registered public key. Fail = denied. Pass = authenticated. The audit chain records both directions with append-only integrity.
Full protocol specification, formal model, and handshake detail are available to qualified evaluators under NDA via security@zoza.world.
auth-api.zoza.world — apps, devices, challenges, respond endpoints. curl auth-api.zoza.world/health right now.auth.pv proves secrecy + authenticity of the challenge-response under a Dolev-Yao adversarySMS OTP wasn't designed for adversarial use. It was designed in 1985 (the SS7 protocol) to deliver short text messages between trusted carriers. Every line of defence below has a documented incident with a name and a dollar amount attached.
Attacker convinces the carrier (or a bribed insider) to port the victim's number to a SIM the attacker controls. All inbound SMS — including your bank OTP — arrives on the attacker's device. Attack window: 30 minutes from port to drain.
Real incident: Mumbai retail investor lost ₹78L from a Demat account in Mar 2024 after a Vi-to-Airtel port he never requested. Maharashtra Cyber logged 1,400+ SIM-swap FIRs in H1 2024 alone.
Zoza Auth: device key lives in Secure Enclave / Android Keystore — not in the SIM. Port-out doesn't move the key.
SS7 (used between carriers globally) has no authentication or encryption between providers. A telecom-grade attacker — or anyone who buys access from a sanctioned carrier — can issue a "Send Routing Information" query and silently re-route SMS to themselves.
Real incident: The 2017 O2 Telefónica Germany incident drained victim bank accounts via SS7 interception. Indian carriers operate the same protocol. CERT-In has issued multiple advisories on SS7 vulnerabilities.
Zoza Auth: nothing transits a carrier — challenges go over your existing HTTPS to the user's app.
Attacker calls posing as bank/UPI support, tells the victim "to verify your account, please share the OTP we just sent." Most defended-against attack in India and still the largest by volume.
Real incident: RBI's annual report 2023-24 attributed ₹13,930 crore (~$1.7B) in unauthorized digital banking transactions to fraud in FY24, the majority attributed to OTP-sharing vectors per NPCI breakdowns.
Zoza Auth: there is no number to share. Approval is a biometric tap on a device-bound key. The user has nothing the attacker can phish over a call.
Attacker proxies your real bank login page (Modlishka / Evilginx). User enters credentials on the lookalike, OTP arrives, attacker forwards everything in real-time. Even "good" OTP usage falls.
Real incident: Microsoft DART tracked >10,000 organizations hit by AITM kits in 2023-24, including bypasses of TOTP and SMS-OTP MFA.
Zoza Auth: challenge is bound to the TLS channel via a channel-binding nonce; the proxy can't replay it because the device key signs the actual TLS exporter, not just a 6-digit code.
Side-loaded "Update Required" APKs request Accessibility permission on Android, then read OTP SMS as it arrives in the notification shade and ship it to a Telegram bot. SOVA, BRATA, GoldDigger families are still active across India.
Real incident: SOVA Trojan campaign 2023 specifically targeted Indian banking apps; CERT-In issued CIAD-2023-0036 listing 32 affected banks.
Zoza Auth: even with full read of all SMS, there's no OTP to capture. The signature happens inside the Keystore where Accessibility cannot reach.
Your "encrypted" OTP traverses 2-4 vendors (your app → your aggregator → carrier gateway → SMSC → handset). Insiders at any layer can read the codes. Indian aggregator breaches have been disclosed (2022 — large telecom OEM accidentally exposed millions of OTPs in a misconfigured S3).
Real incident: Resecurity's 2022 disclosure of an exposed aggregator log containing OTPs from major Indian banks routed via a popular bulk SMS provider.
Zoza Auth: challenge bytes are sealed against the user's device public key before leaving your server — even Zoza relay sees opaque ciphertext.
Carriers throttle in flash events; 8-12% of OTPs in India fail to deliver inside the validity window. Users develop "request again" muscle memory. Attacker-in-call workflows exploit this: keep the user on a "verification call" and re-trigger OTPs until one lands at a moment the user reads it back.
Real incident: NPCI flash-event SMS failures during IPL final 2024 caused widespread retry storms; some users disclosed OTPs to "support callers" amid the confusion.
Zoza Auth: latency is bound by your own HTTPS round-trip + biometric unlock — typically 6-12 seconds vs SMS p95 of 9-22 seconds.
As eSIMs replace physical SIMs, the "swap" attack becomes faster — attacker only needs to convince the carrier to push a new eSIM provisioning profile. No physical SIM card needed; takes minutes from social engineering call to OTPs landing on attacker hardware.
Real incident: USA T-Mobile eSIM swap incidents 2024 drained crypto exchange accounts in under 7 minutes; same attack pattern emerging in India as Jio/Airtel push eSIM activations.
Zoza Auth: device-bound key survives any SIM/eSIM movement because it never lived there.
Passkeys/WebAuthn are excellent. Many exchanges and banks should use them directly. Teams come to Zoza Auth instead when:
India processes ~200B UPI transactions per year. Net-banking + e-commerce + crypto on-ramps add ~50B more authentication events. At even ₹0.05 per cryptographic auth (a fifth of an SMS), that's a ₹1,250 crore (~$150M) addressable market in India alone for the auth-layer. Add the global crypto-exchange and fintech market and the ceiling is multi-billion.
The unit economics: Zoza's marginal cost per auth is a Postgres row write — measured in microseconds and tenths of a paisa. The pricing power comes from being categorically more secure than SMS (eliminating an entire fraud loss line) while being cheaper than carrier SMS (eliminating a carrier invoice line). That's a rare combination — it's why Plaid hit $13B and Auth0 hit $6.5B.
AI agent gets its own Zoza identity key. User's prompts are ratchet-encrypted to the agent's key. The relay sees nothing. Your users' prompts never touch any infrastructure in plaintext.
Vault mode (simple, ~400 lines): Stateless one-shot encryption using sealed-box. Best for most AI use cases — form submission, single queries. No sidecar needed, no state to manage.
Ratchet mode (advanced, ~1,200 lines): Full per-message forward-secret protocol for long-running conversations where past messages must stay private even after a future key leak. Therapy, advisory, ongoing medical consultation. Requires sidecar with TEE attestation.
v0.1 LIVE — protocol + zero-retention shipped
$50–200M
Healthcare AI, fintech, legal, mental health
~2,400 LOC + 3 SDKs + Tamarin model
ai-api.zoza.world — sessions, encrypt, decrypt, ratchet-step endpointssecrecy_SK verified under a Dolev-Yao adversaryEvery AI vendor claims "enterprise-grade security." The actual incidents below show where those claims have already failed. Each one is publicly reported with a name attached.
Samsung engineers pasted proprietary semiconductor source into ChatGPT for debugging. The conversation became part of OpenAI's training corpus eligibility. Samsung subsequently banned all generative AI tools company-wide.
Zoza AI Agent: ratchet-mode session means the prompt is decrypted only inside the agent's signed runtime; relay sees ciphertext, training corpus sees nothing because the ciphertext is unusable without the device key.
A bug in OpenAI's Redis client briefly exposed users' chat history titles + the first message of recently-active sessions to other users. ~1.2% of ChatGPT Plus subscribers had partial billing data exposed.
Zoza AI Agent: dual-write Redis+Postgres ratchet state with per-session encryption. Even if the cache layer leaks, an attacker reading another user's bytes gets ratchet ciphertext that's unusable without the per-session key.
Air Canada's customer-service chatbot promised a refund policy that didn't exist. Tribunal ruled the airline liable for the bot's representations. Issue wasn't security — it was identity: there was no audit trail proving what the bot had actually said vs what the user claimed.
Zoza AI Agent: every message is signed by the agent's identity key. The user's device receives a cryptographic receipt of what the agent actually said. Disputes are resolved with signed evidence, not screenshots.
Multiple AI-coding-assistant audits in 2024 found that "context window" payloads were retained in vendor server logs longer than disclosed. Customer code that included secrets was indexable in vendor support-debug systems.
Zoza AI Agent: zero-retention enforced cryptographically — the relay literally cannot retain the plaintext because it never has it. Audit log records that a session existed (timestamp, byte count) but never the content.
Healthcare AI vendors typically run inference on AWS/Azure with their own log + monitoring stack on top. A 2023 breach of a popular HIPAA-claiming sub-processor exposed therapy session transcripts that the patient had been told were "encrypted in transit and at rest" — true at every individual layer, false in aggregate because every layer terminated TLS independently.
Zoza AI Agent: end-to-end means user device → agent runtime, with no plaintext intermediate. Even if AWS, Azure, your monitoring vendor, and your sub-processor all get breached on the same day, the prompts and responses are unreadable.
Scammers deploy lookalike "Zerodha Support AI" or "HDFC Wealth Advisor AI" via Telegram bots that scrape real chatbot UIs. Users disclose KYC documents, OTPs, account numbers. The chatbot is convincingly real-feeling because users have no way to verify which AI is actually their bank's.
Zoza AI Agent: every agent's identity key is registered under a Tier-2 verified parent entity. Your app verifies the agent's signature on every message — a fake bot has no valid key, can't sign, can't pose as your bank's agent.
Most "memory" features in AI assistants store embeddings in a vector DB. Once a sensitive item is embedded, "delete" usually means soft-delete; the vector remains in cached query indices for weeks. GDPR right-to-erasure compliance is widely overstated by AI vendors.
Zoza AI Agent: per-message forward secrecy means past messages cannot be decrypted even with the current session key. Deletion is cryptographic, not operational — there's no plaintext or embedding to retain.
Best for: form submissions, single questions, RAG-style "ingest this document and answer", any flow where the client and agent don't maintain a long conversation. ~400 LOC integration. No sidecar, no ratchet state.
Examples:
Best for: therapy sessions, ongoing medical advisory, multi-turn financial planning, any flow where each message must be unreadable even if a future key leaks. ~1,200 LOC + sidecar w/ TEE attestation.
Examples:
Without entity vetting, "Zoza AI Agent" would be the world's best phishing infrastructure. Three tiers:
The same cryptographic primitives package into products for consumers, crypto users, global enterprises, and the entire Indian auth market.
2B+ users. Privacy-conscious people who want real E2E messaging, verifiable notifications, and protection from scams.
50-100M users + ~500 institutions. The most paranoid, high-value users on the internet. They get drained daily.
200K+ companies handling sensitive data. Healthcare, banking, legal, HR — every form, every message, every notification.
The OTP killer. 200B+ UPI transactions/year. Rs 0.10/auth = Rs 2,000 crore ($240M) at full penetration. RBI pushing device-binding. NPCI UPI 3.0 wants this.
Fastest-growing segment. Every AI app handling medical, financial, or personal data needs E2E between user and model.
Auth0 exited at $6.5B. Plaid at $13B. The security/identity layer wins. Zoza needs one paying customer + one proof point to raise.
Each one is running on its own *-api.zoza.world subdomain right now. Free through late 2026, apply-flow open, formal models shipped for Auth, Vault, and AI Agent.
vault-api.zoza.world.verify-api.zoza.world with apply-flow, admin UI, and transparency suite.shield-api.zoza.world.sign-api.zoza.world.ai-api.zoza.world.auth-api.zoza.world. RBI / CERT-In empanelled audit scheduled with EY/KPMG/Lucideus for Q3 2026 — required before regulated Indian banks deploy. Crypto-exchanges vertical (no RBI mandate) can pilot today.
All six SDKs are published on npm. Pick the one you need — or install the
whole suite. Each @zoza/* package has zero peer dependencies and
ships ESM + CJS + TypeScript types.
Replace SMS OTP with cryptographic challenge-response.
Encrypt form fields in the browser before HTTPS.
Sign outbound notifications so phishing can't impersonate you.
Decode raw transaction bytes into plain English before approval.
Block drainer sites and malicious dApps before wallet connect.
Send prompts to an AI through an end-to-end encrypted channel.
Need Go, Swift, or Kotlin? — see developer docs.
Your choice sets our build priority. Every design gap has been found and solved. Tell us what you need.
No spam. One email when your product ships.