Logic scanner now available! Try it out

ZeroPath Blog & Research

Explore our team's latest research and stay up to date with ZeroPath's capabilities.

How ZeroPath Works

FEATURED POST

How ZeroPath Works

ZeroPath's methodology for identifying and resolving web app vulnerabilities, spanning common flaws to complex logic and authentication issues.

Raphael Karger

Raphael Karger

2024-09-21
Product 15m read
How ZeroPath Compares

How ZeroPath Compares

ZeroPath compares its SAST performance against competitors using the XBOW benchmarks, in a manner thats reproducible.

ZeroPath Team

ZeroPath Team

2024-11-13
Insights 5m read
Towards Actual SAST Benchmarks

Towards Actual SAST Benchmarks

ZeroPath enhances XBOW's open-source security benchmarks by removing AI-favoring hints, adding false positive testing, and creating a more realistic evaluation framework for comparing modern security scanning tools.

ZeroPath Team

ZeroPath Team

2024-11-13
Insights 7m read
Autonomous Discovery of Critical Zero-Days

Autonomous Discovery of Critical Zero-Days

Since July 2024, ZeroPath's tool has uncovered critical zero-day vulnerabilities—including RCE, authentication bypasses, and IDORs—in popular AI platforms and open-source projects. Our approach has identified security flaws in projects owned by Netflix, Salesforce, and Hulu.

Raphael Karger

Raphael Karger

2024-10-29
Research 15m read
Critical RCE Vulnerability in UpTrain

Critical RCE Vulnerability in UpTrain

ZeroPath researchers uncover a critical Remote Code Execution (RCE) vulnerability in UpTrain, a popular open-source AI platform.

Nathan Hrncirik

Nathan Hrncirik

2024-08-24
security research 10m read
Command Injection Vulnerability in Clone-Voice Project

Command Injection Vulnerability in Clone-Voice Project

Security researchers at ZeroPath uncover a command injection vulnerability in the popular open-source "clone-voice" project.

Nathan Hrncirik Raphael Karger

Nathan Hrncirik, Raphael Karger

2024-08-24
security research 10m read
Fonoster VoiceServer LFI Vulnerability (CVE-2024-43035)

Fonoster VoiceServer LFI Vulnerability (CVE-2024-43035)

Security researchers at ZeroPath discovered a Local File Inclusion (LFI) vulnerability in Fonoster VoiceServer, an open-source AI project for building voice applications.

Nathan Hrncirik

Nathan Hrncirik

2024-08-24
security research 8m read
LibrePhotos Arbitrary File Upload + Path Traversal PoC

LibrePhotos Arbitrary File Upload + Path Traversal PoC

ZeroPath security researchers uncover an unauthenticated arbitrary file upload vulnerability in LibrePhotos, a popular open-source photo management solution.

Nathan Hrncirik

Nathan Hrncirik

2024-08-24
security research 12m read

Ready for effortless AppSec?

Get a live ZeroPath tour.

Schedule a demo with one of the founders Dean Valentine Raphael Karger Nathan Hrncirik Yaacov Tarko to get started.

Schedule a demo