The Gap Between the Claim and the Architecture
Every cloud vendor handling sensitive data makes some version of the same claim: "We encrypt your data." The claim is almost always true — and almost always insufficient.
The LastPass breach of 2022 is the definitive case study. LastPass encrypted their users' password vaults. They used encryption. The claim was accurate. And yet 25 million users had their encrypted vaults exfiltrated, and $438 million was subsequently stolen from LastPass users in downstream cryptocurrency heists through 2025, according to research from Coinbase Institutional.
The UK Information Commissioner's Office fined LastPass's UK entity £1.2 million in December 2025 for "failure to implement appropriate technical and organizational security measures." The encryption existed. The security measures did not meet the required standard.
For enterprises evaluating cloud privacy tools — including PII anonymization platforms — the LastPass precedent changes the procurement question. The question is not "do they encrypt our data?" It is "can they decrypt our data?"
The Four Zero-Knowledge Questions That Actually Matter
When evaluating a vendor's zero-knowledge claim, four questions determine whether the architecture is genuine:
1. Where does key derivation happen?
In true zero-knowledge architecture, encryption key derivation happens on the client side — in the browser or desktop application — before any data is transmitted. The derived key is used to encrypt data locally. Only encrypted ciphertext travels to the vendor's servers.
If the vendor derives encryption keys on their servers, they hold the keys. If they hold the keys, they can decrypt. The claim is technically accurate ("we encrypt") but misleading in its implication.
2. Does the vendor ever have access to the plaintext?
Some tools encrypt data at rest but decrypt it for processing — running AI models, analytics, search indexing, or audit log generation. During the processing window, the plaintext is accessible on the vendor's infrastructure. A breach during that window exposes the data in unencrypted form.
3. What happens under legal process?
If a government agency serves a subpoena on the vendor, what data can they produce? A vendor with server-side keys can be compelled to produce decrypted content. A vendor with zero-knowledge architecture can only produce encrypted ciphertext — even under legal compulsion, they have nothing useful to hand over.
4. What does a full server compromise expose?
In a genuine zero-knowledge implementation, a complete breach of the vendor's infrastructure yields only encrypted blobs. The attacker receives ciphertext without the keys to decrypt it. In a vendor-controlled-key implementation, a server breach exposes the keys alongside the data.
The LastPass Implementation Failure
The LastPass breach revealed a specific implementation gap: older accounts used PBKDF2 with as few as 1 iteration for key derivation, rather than the recommended 600,000 iterations. The weaker key derivation made brute-force attacks on the exfiltrated vaults computationally feasible.
This illustrates why evaluating zero-knowledge claims requires examining implementation details, not just architectural descriptions. A vendor can use a zero-knowledge design while implementing it weakly. The right questions to ask cover both the architecture (key derivation location) and the implementation strength (algorithm and iteration count).
The Okta Breach: A Different Failure Mode
In October 2023, Okta disclosed that 600,000+ customer support records were leaked in a breach. Okta is an identity platform — the company that many enterprises use to secure access to their other cloud tools. The Okta breach was a different failure mode from LastPass: not a weakness in zero-knowledge implementation, but a compromise of support infrastructure that happened to contain customer data.
The SaaS breach surge of 300% in 2024 (AppOmni/CSA) reflects both failure modes: architectural weaknesses like LastPass and infrastructure compromises like Okta. Zero-knowledge architecture addresses the architectural failure mode. It does not eliminate all breach risk, but it ensures that even a complete infrastructure compromise exposes no decryptable customer data.
What a Genuine Evaluation Looks Like
For procurement teams assessing zero-knowledge claims, the evaluation checklist:
Architecture review:
- Request documentation showing where key derivation occurs (client-side vs. server-side)
- Ask for the encryption algorithm, key length, and iteration count
- Request confirmation that plaintext is never transmitted to vendor servers
Breach scenario testing:
- Ask the vendor to describe what a full server compromise would expose
- If the answer includes anything other than "encrypted ciphertext we cannot decrypt," the claim is not genuine zero-knowledge
Legal process review:
- Ask whether the vendor can comply with a subpoena requiring production of customer plaintext
- Genuine zero-knowledge vendors cannot produce what they do not have
Compliance documentation:
- Request the vendor's GDPR Article 32 compliance documentation
- ISO 27001 certification (particularly Annex A cryptographic controls) provides external verification of key management practices
The £1.2 million LastPass ICO fine establishes that vendors making encryption claims are subject to regulatory evaluation of whether those claims meet the required standard. The same evaluation framework that regulators apply is available to procurement teams before a breach occurs.
Sources: