ZeroPath Blog & Research
Explore our team's latest research and stay up to date with ZeroPath's capabilities.
Product
•2025-03-27
•6 min read
Introducing ZeroPath’s Open-Source MCP Server
Query your product security findings with natural language. ZeroPath’s open-source MCP server integrates with Claude, Cursor, Windsurf, and other tools to surface SAST issues, secrets, and patches—right where developers work.
ZeroPath Security Research
Insights
•2025-03-24
•18 min read
On Recent AI Model Progress
Exploring the real-world effectiveness of AI advancements through our experiences building security-focused AI tools, with honest perspectives on capability gaps, benchmarking challenges, and practical applications.
Dean Valentine
Product
•2024-11-13
•5 min read
How ZeroPath Compares
ZeroPath compares its SAST performance against competitors using the XBOW benchmarks, in a manner thats reproducible.
ZeroPath Team
Insights
•2024-11-13
•7 min read
Towards Actual SAST Benchmarks
ZeroPath enhances XBOW's open-source security benchmarks by removing AI-favoring hints, adding false positive testing, and creating a more realistic evaluation framework for comparing modern security scanning tools.
ZeroPath Team
Research
•2024-10-29
•15 min read
Autonomous Discovery of Critical Zero-Days
Since July 2024, ZeroPath's tool has uncovered critical zero-day vulnerabilities—including RCE, authentication bypasses, and IDORs—in popular AI platforms and open-source projects. Our approach has identified security flaws in projects owned by Netflix, Salesforce, and Hulu.
Raphael Karger
Research
•2024-08-24
•10 min read
Critical RCE Vulnerability in UpTrain
ZeroPath researchers uncover a critical Remote Code Execution (RCE) vulnerability in UpTrain, a popular open-source AI platform.
Nathan Hrncirik
Research
•2024-08-24
•10 min read
Command Injection Vulnerability in Clone-Voice Project
Security researchers at ZeroPath uncover a command injection vulnerability in the popular open-source "clone-voice" project.
Nathan Hrncirik, Raphael Karger
Research
•2024-08-24
•8 min read
Fonoster VoiceServer LFI Vulnerability (CVE-2024-43035)
Security researchers at ZeroPath discovered a Local File Inclusion (LFI) vulnerability in Fonoster VoiceServer, an open-source AI project for building voice applications.
Nathan Hrncirik
Research
•2024-08-24
•12 min read
LibrePhotos Arbitrary File Upload + Path Traversal PoC
ZeroPath security researchers uncover an unauthenticated arbitrary file upload vulnerability in LibrePhotos, a popular open-source photo management solution.
Nathan Hrncirik
Detect & fix
what others miss
