ZeroPath Blog & Research

Explore our team's latest research and stay up to date with ZeroPath's capabilities.
Authorization Bugs Are Having Their SQL Injection Moment
Research

2025-07-17

12 min read

Authorization Bugs Are Having Their SQL Injection Moment

GitLab patched critical auth bugs. McDonald's leaked 64M records through a basic IDOR. Authorization bugs aren't new but AI can now find them at scale. We turned LLMs loose on modern codebases and discovered why 2025 is the year IDORs go from manual pentest finding to automated epidemic.

ZeroPath Security Research

ZeroPath Security Research

Autonomous Discovery of Critical Zero-Days
Research

2024-10-29

15 min read

Autonomous Discovery of Critical Zero-Days

Since July 2024, ZeroPath's tool has uncovered critical zero-day vulnerabilities—including RCE, authentication bypasses, and IDORs—in popular AI platforms and open-source projects. Our approach has identified security flaws in projects owned by Netflix, Salesforce, and Hulu.

Raphael Karger

Raphael Karger

Critical RCE Vulnerability in UpTrain
Research

2024-08-24

10 min read

Critical RCE Vulnerability in UpTrain

ZeroPath researchers uncover a critical Remote Code Execution (RCE) vulnerability in UpTrain, a popular open-source AI platform.

Nathan Hrncirik

Nathan Hrncirik

Command Injection Vulnerability in Clone-Voice Project
Research

2024-08-24

10 min read

Command Injection Vulnerability in Clone-Voice Project

Security researchers at ZeroPath uncover a command injection vulnerability in the popular open-source "clone-voice" project.

Nathan Hrncirik

Nathan Hrncirik, Raphael Karger

Fonoster VoiceServer LFI Vulnerability (CVE-2024-43035)
Research

2024-08-24

8 min read

Fonoster VoiceServer LFI Vulnerability (CVE-2024-43035)

Security researchers at ZeroPath discovered a Local File Inclusion (LFI) vulnerability in Fonoster VoiceServer, an open-source AI project for building voice applications.

Nathan Hrncirik

Nathan Hrncirik

LibrePhotos Arbitrary File Upload + Path Traversal PoC
Research

2024-08-24

12 min read

LibrePhotos Arbitrary File Upload + Path Traversal PoC

ZeroPath security researchers uncover an unauthenticated arbitrary file upload vulnerability in LibrePhotos, a popular open-source photo management solution.

Nathan Hrncirik

Nathan Hrncirik

Detect & fix
what others miss