"Founded in 2024, Seattle-based Zast.AI relies on AI agents to identify and validate software vulnerabilities before reporting them, to eliminate false positives. Relying on an "automated PoC generation + validation" architecture, the company performs deep code analysis, generating proof-of-concept (PoC) exploits and executing them to confirm security defects. This 'zero false positive' approach, the startup says, also reduces alert fatigue and allows security teams to focus on real risks."
"Zast.AI says its AI agents can identify complex semantic-level vulnerabilities, including IDOR, privilege escalation, and other business logic flaws, as well as standard syntax-level issues like SQL injection. To date, the company has identified 127 vulnerabilities in products such as Microsoft Azure SDK, Apache Struts XWork, Koa, WordPress, and others. All findings were issued a CVE, improving the security of the open source software ecosystem, it says."
Zast.AI raised $6 million in a pre-Series A round led by Hillhouse Capital, bringing total funding to nearly $10 million. Founded in 2024 and based in Seattle, the company uses AI agents to identify and validate software vulnerabilities before reporting them to eliminate false positives. The platform relies on an "automated PoC generation + validation" architecture that performs deep code analysis, generates proof-of-concept exploits, and executes them to confirm defects. The zero false positive approach reduces alert fatigue and prioritizes real risks. The agents detect semantic vulnerabilities like IDOR and privilege escalation as well as syntax issues like SQL injection. The company has identified 127 vulnerabilities and obtained CVEs for those findings, aiming to deliver end-to-end AI-driven security assurance at low cost.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]