Basically, you can run code in the zkVM, which looks like a normal RISC-V machine, but it generates a cryptographic proof/receipt of correct execution, so you can trust the code was run correctly (presuming the receipt verifies), even if you don't trust the machine that ran it at all. But the actual receipt 1) Doesn't get much bigger as execution time of the zkVM goes up 2) Doesn't leak anything about what happened during execution except for the what the program running in the zkVM explicitly logs to the journal.
This is the best explanation I have seen [1] : "Computer scientist Amit Sahai, PhD, is asked to explain the concept of zero-knowledge proofs to 5 different people; a child, a teen, a college student, a grad student, and an expert."