ZeroPath Blog & Research

Explore our team's latest research and stay up to date with ZeroPath's capabilities.
How to meet security requirements for PCI-DSS compliance?
Insights

2025-07-17

8 min read

How to meet security requirements for PCI-DSS compliance?

Of the 12 requirements of PCI DSS, the 6th one requires companies to maintain application security at all times and is one of the most critical and challenging to meet due to the dynamic nature of software development.

ZeroPath Security Research

ZeroPath Security Research

Authorization Bugs Are Having Their SQL Injection Moment
Research

2025-07-17

12 min read

Authorization Bugs Are Having Their SQL Injection Moment

GitLab patched critical auth bugs. McDonald's leaked 64M records through a basic IDOR. Authorization bugs aren't new but AI can now find them at scale. We turned LLMs loose on modern codebases and discovered why 2025 is the year IDORs go from manual pentest finding to automated epidemic.

ZeroPath Security Research

ZeroPath Security Research

What is PCI DSS? 12 Requirements to be PCI DSS Compliant
Insights

2025-07-16

6 min read

What is PCI DSS? 12 Requirements to be PCI DSS Compliant

PCI DSS is a set of 12 requirements designed to protect cardholder data. It covers security, network, and application layers. To be compliant, businesses must implement these requirements, which include data encryption, firewalls, regular security audits and more.

ZeroPath Security Research

ZeroPath Security Research

What is PCI Compliance? Does your business need PCI Compliance?
Insights

2025-07-15

5 min read

What is PCI Compliance? Does your business need PCI Compliance?

PCI compliance refers to security standards protecting cardholder data during transactions. It includes standards like PCI DSS for handling card data, PCI PTS for payment terminals, and PCI 3DS for online fraud prevention. Businesses must determine their specific needs, like whether they store card information or use physical readers.

ZeroPath Security Research

ZeroPath Security Research

How to do Security Research with ZeroPath
Security Research

2025-04-04

4 min read

How to do Security Research with ZeroPath

A practical guide on using AI SAST with ZeroPath to perform security research.

ZeroPath Security Research

ZeroPath Security Research

Introducing ZeroPath’s Open-Source MCP Server
Product

2025-03-27

6 min read

Introducing ZeroPath’s Open-Source MCP Server

Query your product security findings with natural language. ZeroPath’s open-source MCP server integrates with Claude, Cursor, Windsurf, and other tools to surface SAST issues, secrets, and patches—right where developers work.

ZeroPath Security Research

ZeroPath Security Research

On Recent AI Model Progress
Insights

2025-03-24

18 min read

On Recent AI Model Progress

Exploring the real-world effectiveness of AI advancements through our experiences building security-focused AI tools, with honest perspectives on capability gaps, benchmarking challenges, and practical applications.

Dean Valentine

Dean Valentine

How ZeroPath Compares
Product

2024-11-13

5 min read

How ZeroPath Compares

ZeroPath compares its SAST performance against competitors using the XBOW benchmarks, in a manner thats reproducible.

ZeroPath Team

ZeroPath Team

Towards Actual SAST Benchmarks
Insights

2024-11-13

7 min read

Towards Actual SAST Benchmarks

ZeroPath enhances XBOW's open-source security benchmarks by removing AI-favoring hints, adding false positive testing, and creating a more realistic evaluation framework for comparing modern security scanning tools.

ZeroPath Team

ZeroPath Team

Autonomous Discovery of Critical Zero-Days
Research

2024-10-29

15 min read

Autonomous Discovery of Critical Zero-Days

Since July 2024, ZeroPath's tool has uncovered critical zero-day vulnerabilities—including RCE, authentication bypasses, and IDORs—in popular AI platforms and open-source projects. Our approach has identified security flaws in projects owned by Netflix, Salesforce, and Hulu.

Raphael Karger

Raphael Karger

Critical RCE Vulnerability in UpTrain
Research

2024-08-24

10 min read

Critical RCE Vulnerability in UpTrain

ZeroPath researchers uncover a critical Remote Code Execution (RCE) vulnerability in UpTrain, a popular open-source AI platform.

Nathan Hrncirik

Nathan Hrncirik

Command Injection Vulnerability in Clone-Voice Project
Research

2024-08-24

10 min read

Command Injection Vulnerability in Clone-Voice Project

Security researchers at ZeroPath uncover a command injection vulnerability in the popular open-source "clone-voice" project.

Nathan Hrncirik

Nathan Hrncirik, Raphael Karger

Fonoster VoiceServer LFI Vulnerability (CVE-2024-43035)
Research

2024-08-24

8 min read

Fonoster VoiceServer LFI Vulnerability (CVE-2024-43035)

Security researchers at ZeroPath discovered a Local File Inclusion (LFI) vulnerability in Fonoster VoiceServer, an open-source AI project for building voice applications.

Nathan Hrncirik

Nathan Hrncirik

LibrePhotos Arbitrary File Upload + Path Traversal PoC
Research

2024-08-24

12 min read

LibrePhotos Arbitrary File Upload + Path Traversal PoC

ZeroPath security researchers uncover an unauthenticated arbitrary file upload vulnerability in LibrePhotos, a popular open-source photo management solution.

Nathan Hrncirik

Nathan Hrncirik

Detect & fix
what others miss