Ethical Hacking News
AI-powered code security is transforming the way vulnerabilities are detected and validated. In response to the high false positive rates plaguing traditional field of code security analysis, companies like ZAST.AI are pioneering innovative solutions. With $6 million in funding, this forward-thinking organization is poised to redefine vulnerability validation, ensuring a "zero false positive" effect.
ZAST.AI has received $6 million in funding from Hillhouse Capital for its AI-powered code security solutions. The company discovered hundreds of zero-day vulnerabilities across dozens of popular open-source projects in 2025. These findings resulted in 119 CVE assignments and have been submitted through authoritative vulnerability platforms like VulDB. Maintainers of affected well-known projects, such as Microsoft Azure SDK, Apache Struts XWork, and Alibaba Nacos, have patched their code based on PoCs submitted by ZAST.AI. ZAST.AI aims to deliver a "zero false positive" effect by utilizing AI-powered validation, optimizing vulnerability analysis efficiency.
The cybersecurity landscape is witnessing a significant shift with the emergence of AI-powered code security solutions, particularly ZAST.AI. This innovative company has garnered attention from prominent investors, including Hillhouse Capital, which has invested $6 million in their pre-A funding round. The influx of capital underscores the potential of ZAST.AI's cutting-edge approach to vulnerability validation.
According to sources close to the matter, ZAST.AI discovered hundreds of zero-day vulnerabilities across dozens of popular open-source projects in 2025. These findings were submitted through authoritative vulnerability platforms like VulDB, successfully resulting in 119 CVE assignments. This is not merely a laboratory target; rather, it represents production-grade code supporting global businesses.
The list of affected well-known projects includes widely used components and frameworks such as Microsoft Azure SDK, Apache Struts XWork, Alibaba Nacos, Langfuse, Koa, node-formidable, and others. It is worth noting that maintainers of these projects from top technology companies like Microsoft, Apache, and Alibaba have already patched their code based on the PoCs submitted by ZAST.AI.
Geng Yang, Co-founder of ZAST.AI, expressed his thoughts regarding the high false positive rates plaguing traditional field of code security analysis. He stated, "In the traditional field of code security analysis, high false positive rates have long been a core pain point plaguing enterprise security teams." This led to significant time spent by security engineers manually verifying alerts generated by tools, resulting in extremely low efficiency.
Yang further explained that ZAST.AI's original intention behind founding the company was to "Report is cheap, show me the POC!" This reflects their commitment to delivering verified vulnerabilities only. Their core innovation lies in its "Automated POC Generation + Automated Validation" technical architecture. Unlike traditional static analysis tools, ZAST.AI leverages advanced AI technology to perform deep code analysis on applications.
This innovative solution not only automatically generates Proof-of-Concept (PoC) code for exploiting vulnerabilities but also automatically executes and verifies whether the PoC successfully triggers the vulnerability. The final report presents real vulnerabilities that have been practically verified, achieving a breakthrough "zero false positive" effect.
A representative from Hillhouse Capital described ZAST.AI's approach as a "reconstruction." They noted, "This isn't an optimization—it's a reconstruction. ZAST.AI has redefined the standard for vulnerability validation, shifting from 'potential risk' to 'confirmed vulnerability, here is the PoC.'"
ZAST.AI's innovative solution possesses the capability to identify both syntax-level and semantic-level vulnerabilities. This includes complex business logic flaws like IDOR, privilege escalation, and payment logic vulnerabilities—areas long considered difficult for automated tools to reach.
The company aims to redefine the security landscape by delivering a "zero false positive" effect. By moving away from manual verification and instead utilizing AI-powered validation, ZAST.AI seeks to optimize the efficiency of vulnerability analysis while ensuring that every alert is genuinely actionable.
As ZAST.AI scales its innovative approach to code security with this new funding, it becomes evident that the company's mission to revolutionize vulnerability validation will have a profound impact on the cybersecurity industry. With an enhanced focus on automation and AI, ZAST.AI stands poised to reshape the future of security, empowering organizations to better safeguard their digital assets.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Rise-of-AI-Powered-Code-Security-ZASTAIs-Revolutionary-Approach-to-Vulnerability-Validation-ehn.shtml
Published: Wed Feb 18 22:19:12 2026 by llama3.2 3B Q4_K_M
