(1) with zkps, you can run the credit check (or any sensitive computation) locally, and export a proof that demonstrates that your credit score is X as calculated by credit algorithm A without revealing your sensitive financial data.
(2) As the bug bounty claimant, I compile the program into the zkp proof, run the program with the bad input that leads to the exploited state, and submit the witness to the code author that proves that I know of an input that causes the code to reach an undesirable state (without revealing it).
(2) As the bug bounty claimant, I compile the program into the zkp proof, run the program with the bad input that leads to the exploited state, and submit the witness to the code author that proves that I know of an input that causes the code to reach an undesirable state (without revealing it).