Gemini 3 ZKP Attestation Agent

A Gemini-3-powered agent that converts regulatory requirements into privacy-preserving, verifiable zero-knowledge compliance attestations.

Comment

About the Project Inspiration

Compliance today relies on sharing sensitive evidence—logs, configurations, and screenshots—to prove that controls were met. This creates security risk, duplication, and friction across audits and regulators. This project was inspired by a simple question: can compliance be proven without exposing evidence at all?

What the Project Does

The Gemini-3 ZKP Attestation Agent is a post-assessment compliance proof layer. It does not assess systems or collect evidence. Instead, it operates after a compliance assessment has been completed and transforms assessment results into privacy-preserving, cryptographically verifiable attestations.

Given an assessed control result (e.g., a NIST 800-53 control marked Pass), the agent commits to that result and generates a verifiable credential and zero-knowledge proof that can be independently verified without revealing logs, configurations, or system data.

How Gemini 3 Is Used

Gemini 3 is central to the project. Compliance assessment outputs vary widely across frameworks and tools. Gemini 3 is used to interpret and normalize assessment results, ensuring control identifiers and outcomes are expressed as precise, structured claims suitable for cryptographic proofs. Without Gemini 3, these claims would be inconsistent and difficult to verify across organizations.

How We Built It

The project is implemented using FastAPI, the Gemini 3 API, W3C Verifiable Credentials, and zero-knowledge proof techniques. A verification engine performs multiple cryptographic checks to confirm integrity, authenticity, time bounds, and privacy guarantees. A Judge Mode was added to clearly demonstrate the workflow using simulated assessment inputs.

Challenges & Learnings

A key challenge was clearly separating assessment from proof. This project focuses exclusively on proving assessment results, not determining them. We learned that AI is most powerful when it bridges human compliance language and machine-verifiable cryptographic systems—making compliance verifiable by design.

Share this project:

Updates