ZeroPath Blog & Research
Explore our team's latest research and stay up to date with ZeroPath's capabilities.

Insights
•2025-07-17
•8 min read
How to meet security requirements for PCI-DSS compliance?
Of the 12 requirements of PCI DSS, the 6th one requires companies to maintain application security at all times and is one of the most critical and challenging to meet due to the dynamic nature of software development.
ZeroPath Security Research

Research
•2025-07-17
•12 min read
Authorization Bugs Are Having Their SQL Injection Moment
GitLab patched critical auth bugs. McDonald's leaked 64M records through a basic IDOR. Authorization bugs aren't new but AI can now find them at scale. We turned LLMs loose on modern codebases and discovered why 2025 is the year IDORs go from manual pentest finding to automated epidemic.
ZeroPath Security Research

Insights
•2025-07-16
•6 min read
What is PCI DSS? 12 Requirements to be PCI DSS Compliant
PCI DSS is a set of 12 requirements designed to protect cardholder data. It covers security, network, and application layers. To be compliant, businesses must implement these requirements, which include data encryption, firewalls, regular security audits and more.
ZeroPath Security Research

Insights
•2025-07-15
•5 min read
What is PCI Compliance? Does your business need PCI Compliance?
PCI compliance refers to security standards protecting cardholder data during transactions. It includes standards like PCI DSS for handling card data, PCI PTS for payment terminals, and PCI 3DS for online fraud prevention. Businesses must determine their specific needs, like whether they store card information or use physical readers.
ZeroPath Security Research

Security Research
•2025-04-04
•4 min read
How to do Security Research with ZeroPath
A practical guide on using AI SAST with ZeroPath to perform security research.
ZeroPath Security Research

Product
•2025-03-27
•6 min read
Introducing ZeroPath’s Open-Source MCP Server
Query your product security findings with natural language. ZeroPath’s open-source MCP server integrates with Claude, Cursor, Windsurf, and other tools to surface SAST issues, secrets, and patches—right where developers work.
ZeroPath Security Research

Insights
•2025-03-24
•18 min read
On Recent AI Model Progress
Exploring the real-world effectiveness of AI advancements through our experiences building security-focused AI tools, with honest perspectives on capability gaps, benchmarking challenges, and practical applications.

Dean Valentine

Product
•2024-11-13
•5 min read
How ZeroPath Compares
ZeroPath compares its SAST performance against competitors using the XBOW benchmarks, in a manner thats reproducible.
ZeroPath Team

Insights
•2024-11-13
•7 min read
Towards Actual SAST Benchmarks
ZeroPath enhances XBOW's open-source security benchmarks by removing AI-favoring hints, adding false positive testing, and creating a more realistic evaluation framework for comparing modern security scanning tools.
ZeroPath Team

Research
•2024-10-29
•15 min read
Autonomous Discovery of Critical Zero-Days
Since July 2024, ZeroPath's tool has uncovered critical zero-day vulnerabilities—including RCE, authentication bypasses, and IDORs—in popular AI platforms and open-source projects. Our approach has identified security flaws in projects owned by Netflix, Salesforce, and Hulu.

Raphael Karger

Research
•2024-08-24
•10 min read
Critical RCE Vulnerability in UpTrain
ZeroPath researchers uncover a critical Remote Code Execution (RCE) vulnerability in UpTrain, a popular open-source AI platform.

Nathan Hrncirik

Research
•2024-08-24
•10 min read
Command Injection Vulnerability in Clone-Voice Project
Security researchers at ZeroPath uncover a command injection vulnerability in the popular open-source "clone-voice" project.

Nathan Hrncirik, Raphael Karger
Research
•2024-08-24
•8 min read
Fonoster VoiceServer LFI Vulnerability (CVE-2024-43035)
Security researchers at ZeroPath discovered a Local File Inclusion (LFI) vulnerability in Fonoster VoiceServer, an open-source AI project for building voice applications.

Nathan Hrncirik

Research
•2024-08-24
•12 min read
LibrePhotos Arbitrary File Upload + Path Traversal PoC
ZeroPath security researchers uncover an unauthenticated arbitrary file upload vulnerability in LibrePhotos, a popular open-source photo management solution.

Nathan Hrncirik