AI SAST, SCA, Secrets, and more.
One Scanner.
All of AppSec.
ZeroPath is the first truly intelligent code security suite. Find and auto-fix business logic, broken auth, vulnerable dependencies, and even compliance violations.
Trusted by
Plus hundreds of others
ZeroPath allows the team to multiply their force. We move faster, shift left, catch issues earlier, and reduce friction with developers.
Security Lead
Andrea
Most security tools overwhelm you with thousands of issues and leave developers frustrated. With ZeroPath, it just clicked. It pinpoints what really needs fixing.
IT Security Manager
Harneet Singh
Most of the important issues it finds are business logic vulnerabilities. Things only a really smart human could find.
Founder & CTO
Yaacov Tarko
Proven on hardened OSS
And dozens of others
I was amazed by the quality and insight in some of the issues… even the ones we dismiss often have some insights and the rate of obvious false positive has remained low.
Maintainer, curl
Daniel Stenberg
Code security that thinks
ZeroPath finds the vulnerabilities that matter - including business logic flaws, auth bypasses, and vulnerable dependencies - verifies exploitability, and then generates working patches. No build scripts required.
Zero Config
ZeroPath scans your fleet of repositories from the top down. It understands your security models, filtering and auth without instruction.
Deep Discovery
Creative Vulnerability Detection
Contextual Vulnerability Triage
Testimonials
What matters is results, and ZeroPath's findings consistently impress practitioners and appsec engineers — even longstanding AI skeptics.
Joanna Wiggum
Director of Cybersecurity, Starbucks
"ZeroPath simply outperformed the alternatives in both raw results and developer experience. It found issues that traditional scanners could not find, with a fraction of the noise. Developers were actually excited to use it!"
Daniel Stenberg
Maintainer, curl
"I was amazed by the quality and insight in some of the issues... even the ones we dismiss often have some insights and the rate of obvious false positive has remained low."
Harneet Singh
IT Security Manager, Aquanow
"Most security tools overwhelm you with thousands of issues and leave developers frustrated. With ZeroPath, it just clicked. It pinpoints what really needs fixing."
Andrea
Security Lead, Aptos Labs
"It looked like something a person spent real time discovering. The quality of the findings really sold us."
Joshua Rogers
Security Engineer, Exodus
"ZeroPath was the best product I tried... Not only did ZeroPath find a plethora of vulnerabilities, it was intimidatingly good at finding normal bugs."
Yaacov Tarko
CTO, Commenda.io
"Zeropath significantly accelerates our Secure Software Development Lifecycle by eliminating the noise associated with typical static scanning tools. It is also remarkably easy to use, even for engineers without a security background."
Josh Wymer
CEO, Central
"Zeropath helps us sleep better at night by constantly monitoring code changes for uncaught security bugs and makes it easy to address them."
Jake Anderson
Co-Founder, BRX.AI
"ZeroPath is like having an entire security team working alongside our dev process to find and fix issues."
Our products
A best-in-class, complete, AI-native code security stack.
SAST
AI-native static analysis for real vulnerabilities.
SCA
Reachability-aware dependency analysis.
Secrets
Detect and validate exposed secrets.
IaC
Infrastructure misconfigurations, caught early.
PR Reviews
Continuous pull request security reviews.
Policy Engine
Enforce custom security policies at scale.
Risk Management
Prioritize and sync AppSec risk across teams.
SAST Autofix
Auto-remediate vulnerabilities with AI fixes.
Intelligent Security Analysis That Reduces Noise
ZeroPath's AI understands code context and developer intent, dramatically reducing false positives while catching real vulnerabilities that other tools miss.
Latest from Our Blog
Stay updated with the latest security research, CVE analysis, and product updates.
How Aptos Labs Scales Application Security Across 1M+ Lines of Rust with AI-Powered SAST
Insights - Mar 5, 2026 - 8 min read
How Aptos Labs automated security testing across 70 engineers, accelerated vulnerability discovery by 8x, and saved 20+ hours per week with AI-powered SAST on Rust codebases.
ZeroPath Team
CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD
Research - Apr 28, 2026 - 7 min read
ZeroPath Research discovered a SQL injection in ProFTPD's mod_sql extension (CVE-2026-42167) that can allow remote code execution, authentication bypass, and privilege escalation depending on configuration — exploitable pre-auth in some cases. Affects ProFTPD <= 1.3.9; patched in 1.3.9a.
John Walker
CVE-2026-39816 Allows Privesc And Code Execution In Apache NiFi
Research - May 7, 2026 - 6 min read
ZeroPath Research discovered CVE-2026-39816 in Apache NiFi: when the optional nifi-other-graph-services-nar bundle is installed, authenticated users without the EXECUTE_CODE privilege can run arbitrary code on the NiFi server via ExecuteGraphQuery against a TinkerPop target. Affects NiFi >= 2.0.0-M1 and < 2.9.0; patched in 2.9.0.
John WalkerDetect & fix
what others miss
