ZeroPath (YC S24) is an AI AppSec engineer that detects, verifies, and fixes web application security vulnerabilities at scale. ycombinator.com/launches/LOk-z…

Autonomous Discovery of Critical Zero-Days zeropath.com/blog/0day-disc…

Startups of today move faster. Build faster. Ship faster. Sell faster. We built Delve for those companies. 11x is one of them. Congratulations on $50M and SOC2.

🎉 ZeroPath is live! Our AI-powered static analysis finds vulnerabilities other tools miss. Already trusted by 90+ companies & uncovering critical security gaps in enterprise code. Check us out on Product Hunt 😸! producthunt.com/posts/zeropath Try free: zeropath.com

YC S24's ZeroPath is an AI security platform that scans your code for security issues like a pentester, from auth issues to exposed secrets. Once issues are found, it provides patches with natural language problem descriptions to engineers. producthunt.com/posts/zeropath

Just disclosed CVE-2025-59529 in Avahi: a local DoS where CLIENTS_MAX was defined but never enforced. Any unprivileged user can flood the Simple Protocol server with connections until the daemon exhausts FDs and crashes, breaking .local resolution system-wide. The

AI powered SAST : The New Frontier? I tested ZeroPath for a week, and this is my initial review. devansh.bearblog.dev/ai-sast/

Openclaw (Clawdbot) Vulnerability Alert Malicious websites can exploit Openclaw to steal user credentials through crafted payloads. Tighten browser security and check configs. For more details, read ZeroPath's blog on this vuln. #AppSec #CyberSecurity #InfoSec

ZeroPath researchers discovered a flaw in OpenClaw (aka ClawdBot) that allowed malicious websites to steal session cookies from other browser tabs using an unauthenticated websocket endpoint. Once stolen, attackers could use these cookies to access services like Microsoft 365

ZeroPath is a Top 10 finalist at RSAC Innovation Sandbox. Years of noisy tools + missed vulnerabilities have pushed enterprises to rethink AppSec entirely. AI SAST marks the inflection point. Excited to show what that future looks like at RSA!

Fun, free exploit development CTFs based on real world CVEs, and accompanied by hints, walkthroughs and working POCs. zeropath.com/blog/zeropath-… We've distilled complex issues down to repeatable, Dockerized challenges that have the nuance of the real vulnerabilities attackers love

CrackArmor included one of 36 sudo flaws previously discovered by ZeroPath. We're releasing the whole batch today, including a POC for remote code execution in sudo logsrvd! Not all mainstream linux distributions have included patches for these issues in their sudo packages

How good is Opus 4.6 by itself at vuln detection? Given raw code, a simple prompt and some tools, we found it finds about 1 in 4 simple C vulnerabilities, at the cost of a high FP rate and unstable results. zeropath.com/blog/benchmark… Requiring structured justification or using

The current version of RAGFlow (0.24) contains an unpatched vulnerability that allows low-privilege authenticated attackers to execute arbitrary code. Blog: zeropath.com/blog/ragflow-r… POC: github.com/ZeroPathAI/rag… Video Walkthrough: youtube.com/watch?v=1F-27C…

Reducing the total amount of work that hits developers in the first place comes from depth of analysis. The more context ZeroPath has about a codebase, the higher the coverage, the more it can auto-remediate before anything surfaces in a PR. Fewer findings. More

We've discovered two critical (CVSS 10.0) flaws in the popular Spinnaker continuous delivery platform. Both allow attackers to execute arbitrary code and steal production source control and cloud credentials. MITRE has assigned the vulnerabilities CVE-2026-32604 and

Walkthrough: exploiting ZeroPath's new critical severity Spinnaker vulns for code execution and production environment access. (CVE-2026-32604 and CVE-2026-32613) youtu.be/ma-00ggxSp4

ZeroPath discovered CVE-2026-42167 in ProFTPd, one of the internet's most popular FTP daemons. The flaw allows for auth bypass and even pre-auth RCE in some configurations. Update to 1.3.9a now! zeropath.com/blog/proftpd-c… Take a look at the blog for technical details and a