ZeroPath Blog & Research
Explore our team's latest research and stay up to date with ZeroPath's capabilities.

Research
•2025-07-17
•12 min read
Authorization Bugs Are Having Their SQL Injection Moment
GitLab patched critical auth bugs. McDonald's leaked 64M records through a basic IDOR. Authorization bugs aren't new but AI can now find them at scale. We turned LLMs loose on modern codebases and discovered why 2025 is the year IDORs go from manual pentest finding to automated epidemic.
ZeroPath Security Research

Research
•2024-10-29
•15 min read
Autonomous Discovery of Critical Zero-Days
Since July 2024, ZeroPath's tool has uncovered critical zero-day vulnerabilities—including RCE, authentication bypasses, and IDORs—in popular AI platforms and open-source projects. Our approach has identified security flaws in projects owned by Netflix, Salesforce, and Hulu.

Raphael Karger

Research
•2024-08-24
•10 min read
Critical RCE Vulnerability in UpTrain
ZeroPath researchers uncover a critical Remote Code Execution (RCE) vulnerability in UpTrain, a popular open-source AI platform.

Nathan Hrncirik

Research
•2024-08-24
•10 min read
Command Injection Vulnerability in Clone-Voice Project
Security researchers at ZeroPath uncover a command injection vulnerability in the popular open-source "clone-voice" project.

Nathan Hrncirik, Raphael Karger
Research
•2024-08-24
•8 min read
Fonoster VoiceServer LFI Vulnerability (CVE-2024-43035)
Security researchers at ZeroPath discovered a Local File Inclusion (LFI) vulnerability in Fonoster VoiceServer, an open-source AI project for building voice applications.

Nathan Hrncirik

Research
•2024-08-24
•12 min read
LibrePhotos Arbitrary File Upload + Path Traversal PoC
ZeroPath security researchers uncover an unauthenticated arbitrary file upload vulnerability in LibrePhotos, a popular open-source photo management solution.

Nathan Hrncirik