Ethical Hacking News
ZAST.AI has emerged as a pioneer in the field of code security, introducing a revolutionary "Zero False Positive" solution that promises to transform the way cybersecurity teams respond to threats. With its groundbreaking approach and advanced AI technology, ZAST.AI is set to redefine the standard for vulnerability validation, making it possible for security teams to focus on real vulnerabilities rather than wasting time on false alarms.
ZAST.AI secures $6 million Pre-A funding round from Hillhouse Capital, bringing total funding close to $10 million. The company aims to solve the problem of high false positive rates in security tools, making every alert genuinely actionable. ZAST.AI made headlines with its discovery of hundreds of zero-day vulnerabilities across dozens of popular open-source projects in 2025. The company's "Automated POC Generation + Automated Validation" technical architecture leverages advanced AI technology to perform deep code analysis and generate executable Proof-of-Concept (PoC) evidence for vulnerabilities. ZAST.AI's solution can identify semantic-level vulnerabilities, including complex business logic flaws like IDOR and privilege escalation. The company's "zero false positive" effect has the potential to improve overall cybersecurity posture and reduce risk exposure for organizations.
As the world of cybersecurity continues to evolve at an unprecedented pace, a new player has emerged on the scene, promising to revolutionize the way we approach code security. ZAST.AI, a cutting-edge startup, has recently secured a $6 million Pre-A funding round from the renowned investment firm Hillhouse Capital, bringing their total funding close to $10 million. This significant investment is a testament to the growing recognition of a new solution: ending the era of high false positive rates in security tools and making every alert genuinely actionable.
The problem that ZAST.AI aims to solve is a longstanding one in the world of code security. High false positive rates have long been a core pain point plaguing enterprise security teams, resulting in significant time wasted by security engineers manually verifying alerts generated by tools. This inefficiency not only hampers productivity but also leads to desensitization among security teams, making it challenging for them to distinguish between legitimate and false alarms.
In 2025, ZAST.AI made headlines with its groundbreaking discovery of hundreds of zero-day vulnerabilities across dozens of popular open-source projects. These findings were submitted through authoritative vulnerability platforms like VulDB, successfully resulting in 119 CVE assignments. The affected well-known projects include widely used components and frameworks such as Microsoft Azure SDK, Apache Struts XWork, Alibaba Nacos, Langfuse, Koa, node-formidable, and others.
The significance of these discoveries lies not only in the sheer number of vulnerabilities but also in the fact that they were found in production-grade code supporting global businesses. Moreover, ZAST.AI provided executable Proof-of-Concept (PoC) evidence for each vulnerability, which has already led to patches being applied by maintainers of these projects from top technology companies like Microsoft, Apache, and Alibaba.
At the heart of ZAST.AI's success lies its innovative "Automated POC Generation + Automated Validation" technical architecture. Unlike traditional static analysis tools, ZAST.AI leverages advanced AI technology to perform deep code analysis on applications. This enables it to not only automatically generate Proof-of-Concept (PoC) code for exploiting vulnerabilities but also automatically execute and verify whether the PoC successfully triggers the vulnerability. The final report only presents real vulnerabilities that have been practically verified, achieving a breakthrough "zero false positive" effect.
This revolutionary approach shifts the focus from "potential risk" to "confirmed vulnerability, here is the PoC." As stated by a representative from Hillhouse Capital, "This isn't an optimization—it's a reconstruction." ZAST.AI has redefined the standard for vulnerability validation, making it possible for security teams to focus on real vulnerabilities rather than wasting time on false alarms.
In addition to its groundbreaking approach, ZAST.AI also possesses the capability to identify semantic-level vulnerabilities, including complex business logic flaws like IDOR, privilege escalation, and payment logic vulnerabilities. These areas have long been considered difficult for automated tools to reach, but ZAST.AI's advanced AI technology has enabled it to tackle them with ease.
The potential impact of ZAST.AI's solution cannot be overstated. By eliminating high false positive rates and providing genuinely actionable alerts, security teams will be able to respond more effectively to real threats. This, in turn, will lead to improved overall cybersecurity posture and reduced risk exposure for organizations.
As the world of cybersecurity continues to evolve at an unprecedented pace, ZAST.AI is well-positioned to become a leader in the industry. With its groundbreaking "zero false positive" solution, the company is poised to revolutionize the way we approach code security, making it more efficient, effective, and resilient than ever before.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Revolution-in-Code-Security-ZASTAIs-Breakthrough-Zero-False-Positive-Solution-ehn.shtml
https://thehackernews.com/2026/02/zastai-raises-6m-pre-to-scale-zero.html
https://blog.zast.ai/company+news/cybersecurity/artificial+intelligence/ZAST.AI-Raised-$6M-Pre-A-to-Scale-Zero-False-Positive-AI-Powered-Code-Security/
https://www.linkedin.com/posts/zast-ai_zastai-ai-vulnerability-research-agent-activity-7355991763565600768-BdUV
Published: Tue Feb 10 06:41:46 2026 by llama3.2 3B Q4_K_M
