In this interview, we catch up with Collin Sweeney to discuss ZKX Helix, a cutting-edge security solution focusing on zero-knowledge multi-factor authentication and access control. Originally developed for military applications to eliminate threats like phishing and man-in-the-middle attacks, ZKX Helix is now preparing to bring its dynamic, granular digital defense capabilities to the commercial sector.
What does ZKX Helix do? And why is now the time for it to exist?
ZKX Helix is zero-knowledge MFA and access control. Helix is used in the real world to securely share data, instantly revoke sensitive access, defeat deepfake-enabled scams, and fight digital e-commerce, banking, and healthcare fraud.
Helix's time is now because the industry has demanded it. AI voice cloning scams are surging, MFA is continually rearing its shaky foundations and ability to be bypassed through other, weaker parts of the system. Helix is a structural cure to that anemia.
What is your traction to date? How many people does ZKX Helix reach?
Candidly, we've reached few end users at this stage. However, we've accomplished plenty to-date, including being awarded two patents for our novel advancements in identity and access control, as well as high-profile pilot deployments and exercises within the US. defense sector, like Cyber Quest and Project Convergence. Helix has reached tens of U.S. Army operators in various field exercises and is used regularly by our defense technology partners. We're also anticipating a real contract deployment soon - the details of which I cannot disclose here (for now).
ZKX Helix grew up in military spaces, with a commercial variant in development and launching soon. This stage-gapped approach was an intentional choice - if it's good enough for the foxhole, it's good enough for your network.
Who does your ZKX Helix serve? What’s exciting about your users and customers?
CISOs, IT Sysadmins, Network Security Managers, Compliance Officers, Digital Identity and Access Control Specialists, and Providers of Managed Security Services are the prime commercial audience for ZKX Helix. These personas are being held personally and professionally liable for both security and compliance breaches in ways that weren't normal two or three years ago. Traditional MFA and access controllers continue to fail notable names - Microsoft, Okta, Twilio (and many others) - in very high-profile ways. Think of those responsible at places whose names aren't household ones. Helix is designed to serve those most overburdened by today's shortcomings in cybersecurity tech.
What technologies were used in the making of ZKX Helix? And why did you choose ones most essential to your techstack?
Our patented authentication architecture leverages the Feige-Fiat-Shamir (FFS) ZKP of Identity protocol. With our own advancements added, Helix is effectively neutralizing credential theft, password phishing, and man-in-the-middle threats. The system operates securely even in contested or low-bandwidth environments, a necessity born from its tactical military origins.
That being said, our labs are incorporating new platforms by the day, expanding the areas where we can offer these next-generation protections: Node-Red for OT control and security, RDP clients for hands-on control of persistent presence on secure systems, various web backends for webpage driven workflows, even non-person entities (NPEs) and drones we have working now. We are only as strong as what we support, and our integration-first philosophy ensures we are meeting networks (and their stewards) where they're at.
What is traction to date for ZKX Helix? Around the web, who’s been noticing?
While ZKX Helix is currently pre-commercial, it has secured significant validation through two granted patents and successful tactical demonstrations with the U.S. Army at high-profile events like Cyber Quest and Project Convergence. We're also steadily engaging NATO and our international allies in a defense context. Our technology has also garnered attention within the defense innovation ecosystem, featured in the "DIB Innovators" podcast and industry talks regarding the implementation of true Zero-Trust architecture in mission-partner environments.
We have been steadily gaining presence in the commercial world as well. Last year I got the chance to sit down with Dr. Zero Trust (Chase Cunningham) courtesy of Hacker Valley Media, that interview is here: https://zkxsolutions.com/video/the-future-of-authentication-zero-knowledge-mfa-explained-hacker-valley-livestream/
ZKX Helix scored a 94 proof of usefulness score (https://proofofusefulness.com/report/zkx-helix) - how do you feel about that? Needs reassessed or just right?
A 94 for a pre-commercial, military-to-civilian product in transition, to me, perfectly reflects our sound fundamentals and scalable potential. We have proven we have an enormous upside, plenty of feasible application in the cyber ecosystem, and well-documented validity for our claims about what Helix has done and is capable of doing. We have a long way to go, but we have shown more promise than other startups in positions similar to ours. Our traction score will increase the most over the next calendar year.
What excites you about this ZKX Helix's potential usefulness?
I've seen but a glimpse of what Helix is capable of - it is a true philosophical shift in what is possible through the lens of digital identity and access control alone. The most exciting thing, even in this early of a stage, is that we are already solving a multitude of real problems. We are eliminating various flavors of insider threats, we are stopping digital fraud before it has a chance to appear on someone's bottom-line, we are paving the way for robust and flexible machine identity all from this one incredibly innovative, disruptive idea that we've brought to life and will continue to nurture.
Walk us through your most concrete evidence of usefulness. Not vanity metrics or projections - what's the one data point that proves people genuinely need what you've built?
The data point that's the most real is the sheer number of integration projects I have on my docket for Helix, each one a different use-case; a different problem the industry has repeatedly said needs to be solved. From integrating with a communications management platform to stop AI voice-enabled scams with the push of a button, to actively killing persistent privileged access employees currently can abuse after their termination from their org, to ensuring quadcopter drones haven't been tampered with when they drop on and off the network - the list goes on. The magnitude of this list is the most real part of this. Pardon my French, but this is some whizz-bang shit we're sitting on here.
How do you measure genuine user adoption versus "tourists" who sign up but never return? What's your retention story?
We're pre-commercial as of the time of answering this question, but I can still speak to how we are tracking engagement and tackling this problem from first principles. The key to this is listening - not hearing - listening to our test users, design partners, and customer prospects. When we solve real, heavy problems we become a necessity for those that are most under the crushing weight of ineffective tools, bloated technologies, and companies that don't really have the individual's best interest at heart. People don't disengage their necessities. Repeated work with one of our most influential partners - Viasat - has proven this to us.
If we re-score your project in 12 months, which criterion will show the biggest improvement, and what are you doing right now to make that happen?
Evidence of Traction. Easily. As I mentioned before we have several contract opportunities in the works on the defense end. We will be expanding our presence in the commercial sector dramatically this year: Black Hat, CS4CA, MSE, plenty of others. We're focusing on targeted outreach, an integration-first approach model, and selective opportunities to sponsor and self-fund high-reward interaction with the market. Our strategy this year is to maximize our surface of opportunity to convert solid demos into signed engagements.
How Did You Hear About HackerNoon? Share With Us About Your Experience With HackerNoon.
I was referred to HackerNoon by an industry contact on the defense side of life. It was an interesting pool of resources that I was able to use to familiarize myself with cyber in a more commercial context. When ZKX Solutions was very young, we participated in the Startup of the Year contest hosted by HackerNoon. I believe we won in our geographic area.
You mentioned ZKX Helix "grew up in military spaces." What is the biggest challenge you foresee in translating tactical, military-grade security protocols into a user-friendly commercial product for civilian CISOs?
Two areas stick out to me, the first being UI / UX. The tactical world has far different expectations for what a coherent software interface should look like. Their physical restrictions are also different: helmets, gloves, smartphone mounts that lock the phone in landscape mode, tablets, radios, etc. The profile of an office worker who pulls their phone out of their pocket at their desk to access Q2's earnings report is markedly different from the guy crushing the push-to-talk button on his radio because bombs just started exploding.
The second challenge area to me is messaging. ZKPs are an extremely elegant tool but have this magical ability to put even the more technically-seasoned in an audience to sleep. Balancing the benefits Helix provides and adding *just enough* technical credibility for CISOs to simultaneously "get it" and have something to bring back to their board is key. Ultimately, it's the same discipline we've refined with respect to the military: know what level of depth to go to for your audience. Finding the balance of technical credibility (not sounding like bullshit) and maintaining high-level impact (constantly answering your subject's "Why do I care, exactly?") is everything.
As you prepare for your commercial launch, what specific partnerships or pilot programs are you prioritizing to scale from "tens of operators" to widespread enterprise adoption?
As I mentioned before, among our standard market development we are taking on what I'm calling an "integration-first" approach to our design partners. If a customer prospect tells me they're using Fortinet, I will begin implementing Helix onto Fortinet platforms. Once I have something, I go to Fortinet and say "Look what I built! Can we talk?". If someone is using Twilio - I build, then communicate. People like a good idea. People love a good show.
With the rise of AI-generated deepfakes, how does ZKX Helix specifically differentiate itself from traditional MFA solutions that might be susceptible to these advanced social engineering attacks?
Traditional MFA is W-E-A-K and exploitable. It's easily bypassed, it's structurally unsound, and much of it is built on faulty security assumptions. Traditional MFA is great at authenticating a credential - maybe even a device. An AI voice scammer calls me, I say "Who are you?". What's today's method of proving that? Have the attacker enter or say a password only the person they're pretending to be would know? Well, they've already cloned that person's voice, learned enough about them (probably through open-source means) to spin me some feasible tale about them, maybe even purchased personal data of theirs from the dark web - I bet they can phish or guess that person's password (or steal their SMS, or overwhelm them with Okta/Duo pushes, etc.), too.
Helix is the only solution out there that cryptographically verifies that you're talking to the right person on the right device and does so without transmitting anything interceptable. Attackers can clone a voice, intercept an SMS, phish a password, steal a session cookie - they can never forge a ZKP.