ZeroPath rebuilds static application security testing around LLMs. Its scanner combines traditional program analysis with AI reasoning to detect the vulnerability classes legacy SAST tools miss — broken authentication, business-logic flaws, IDORs — while validating findings before flagging them, which keeps false-positive rates unusually low. When it confirms an issue, ZeroPath generates a patch for review, moving teams from alert triage to merged fixes.
Coverage across the stack
Beyond SAST, the platform spans SCA, container scanning, secrets detection, infrastructure-as-code analysis and dynamic testing, positioning itself as an AI-native alternative to suites like Snyk or Checkmarx. It integrates with GitHub, GitLab, Bitbucket and Azure DevOps, plus Jira, Linear and Slack for workflow, and exposes an API for programmatic use. The curl project's maintainer publicly praised the quality of its findings on that codebase.
Company background
ZeroPath was founded in 2024 by Dean Valentine, Raphael Karger, Nathan Hrncirik and Etienne Lunetta, and went through Y Combinator's S24 batch. Its seed round was led by SurgePoint Capital with participation from Y Combinator, and the company was selected for the RSAC 2026 Innovation Sandbox.