ZeroPath

ZeroPath recently helped find real bugs in curl, sudo, and some other OSS repositories. We came across @MegaManSec's independent deep dive on AI SAST tools today, in which he used ZeroPath and some other tools against targets like curl and sudo. Leveraging the tool and custom rules, he was able to find a bunch of issues, which got him a shoutout from Daniel (founder & lead developer of curl).

CrackArmor included one of 36 sudo flaws previously discovered by ZeroPath. We're releasing the whole batch today, including a POC for remote code execution in sudo logsrvd! Not all mainstream linux distributions have included patches for these issues in their sudo packages yet. Worth verifying you're not vulnerable. zeropath.com/blog/sudo-bug-…

@qualys just published the CrackArmor advisory describing a chain of vulnerabilities in AppArmor that can allow an unprivileged attacker to escalate privileges. Part of the exploit chain relies on a vulnerability in sudo originally discovered by the ZeroPath research team last year. sudo changelog: #L37" target="_blank" rel="nofollow noopener">github.com/sudo-project/s… CrackArmor advisory: cdn2.qualys.com/advisory/2026/…

Fun, free exploit development CTFs based on real world CVEs, and accompanied by hints, walkthroughs and working POCs. zeropath.com/blog/zeropath-… We've distilled complex issues down to repeatable, Dockerized challenges that have the nuance of the real vulnerabilities attackers love without all the noise.

ZeroPath is a Top 10 finalist at @OneRSAC Innovation Sandbox. Years of noisy tools + missed vulnerabilities have pushed enterprises to rethink AppSec entirely. AI SAST marks the inflection point. Excited to show what that future looks like at RSA!

Openclaw (Clawdbot) Vulnerability Alert Malicious websites can exploit Openclaw to steal user credentials through crafted payloads. Tighten browser security and check configs. For more details, read ZeroPath's blog on this vuln. #AppSec #CyberSecurity #InfoSec zeropath.com/blog/openclaw-…

ZeroPath researchers discovered a flaw in OpenClaw (aka ClawdBot) that allowed malicious websites to steal session cookies from other browser tabs using an unauthenticated websocket endpoint. Once stolen, attackers could use these cookies to access services like Microsoft 365 without MFA. OpenClaw fixed the issue on February 1st, 2026… users should be sure to update their instances. zeropath.com/blog/openclaw-…

AI powered SAST : The New Frontier? I tested @ZeroPathAI for a week, and this is my initial review. devansh.bearblog.dev/ai-sast/

Just disclosed CVE-2025-59529 in Avahi: a local DoS where CLIENTS_MAX was defined but never enforced. Any unprivileged user can flood the Simple Protocol server with connections until the daemon exhausts FDs and crashes, breaking .local resolution system-wide. The vulnerability? Missing code no validation logic at all. Full analysis: zeropath.com/blog/avahi-sim… #infosec #linux #CVE

Read @MegaManSec's post here: joshua.hu/llm-engineer-r… We want to support this kind of work, so if you're interested in using ZeroPath for security research, please reach out!

ZeroPath recently helped find real bugs in curl, sudo, and some other OSS repositories. We came across @MegaManSec's independent deep dive on AI SAST tools today, in which he used ZeroPath and some other tools against targets like curl and sudo. Leveraging the tool and custom rules, he was able to find a bunch of issues, which got him a shoutout from Daniel (founder & lead developer of curl).

YC S24's @ZeroPathAI is an AI security platform that scans your code for security issues like a pentester, from auth issues to exposed secrets. Once issues are found, it provides patches with natural language problem descriptions to engineers. producthunt.com/posts/zeropath

🎉 ZeroPath is live! Our AI-powered static analysis finds vulnerabilities other tools miss. Already trusted by 90+ companies & uncovering critical security gaps in enterprise code. Check us out on @ProductHunt! producthunt.com/posts/zeropath Try free: zeropath.com

Startups of today move faster. Build faster. Ship faster. Sell faster. We built Delve for those companies. @11x_official is one of them. Congratulations on $50M and SOC2.

Autonomous Discovery of Critical Zero-Days zeropath.com/blog/0day-disc…

ZeroPath (YC S24) is an AI AppSec engineer that detects, verifies, and fixes web application security vulnerabilities at scale. ycombinator.com/launches/LOk-z…

@Dinosn Check out our blog post here: zeropath.com/blog/0day-disc…

Methodology for Leveraging LLMs for 0-day discovery (18+ vulns including on Netflix, Hulu, and Salesforce) reddit.com/r/netsec/comme…

Methodology for Leveraging LLMs for 0-day discovery (18+ vulns including on Netflix, Hulu, and Salesforce) zeropath.com/blog/0day-disc…