On January 5, 2026, in Seattle, USA, ZAST.AI announced the successful acquisition of $6 million in Pre-A funding. This investment, led by Hillhouse Capital, brings the company’s total funding to nearly $10 million. The infusion of capital underscores the growing recognition of ZAST.AI’s innovative approach to reducing false positives in security alerts, making each alert actionable and reliable.
Groundbreaking Discoveries in Code Security
Last year, ZAST.AI made significant strides in the cybersecurity arena by identifying hundreds of zero-day vulnerabilities across numerous popular open-source projects. These discoveries, submitted through platforms like VulDB, resulted in 119 CVE assignments. The vulnerabilities spanned production-grade codebases supporting global operations, including major projects like Microsoft Azure SDK, Apache Struts XWork, and Alibaba Nacos. Notably, these vulnerabilities came with executable Proof-of-Concept (PoC) evidence, prompting swift action from maintainers of these projects to patch the identified issues.
Innovative AI Technology for Deep Code Analysis
ZAST.AI’s technical edge lies in its “Automated POC Generation + Automated Validation” framework. Unlike conventional static analysis tools, ZAST.AI utilizes advanced AI to conduct comprehensive code analysis. This process not only automates the generation of PoC code for vulnerabilities but also verifies the effectiveness of the PoC in triggering these vulnerabilities. The outcome is a report that focuses solely on verified vulnerabilities, achieving an unprecedented “zero false positive” rate.
Hillhouse Capital acknowledged the importance of this technology, stating that ZAST.AI has transformed vulnerability validation from assessing potential risks to confirming actual vulnerabilities with PoC evidence. This shift significantly enhances the effectiveness of security tools in the industry.
Expanding Capabilities and Future Vision
ZAST.AI’s capabilities extend beyond identifying “syntax-level” vulnerabilities such as SQL Injection and XSS. The company also addresses more elusive “semantic-level” vulnerabilities, including business logic flaws like IDOR and privilege escalation. This comprehensive coverage marks a significant advancement in automated security solutions, addressing a long-standing challenge in the field.
Currently, ZAST.AI provides services to various enterprise clients, including Fortune Global 500 companies. By delivering PoC-backed vulnerability reports, the company helps clients swiftly mitigate vulnerabilities, reducing security operation costs and gaining customer trust. The recent funding will fuel further research and development, product enhancements, and international market expansion. CEO Geng Yang envisions building a holistic AI-driven security platform that offers top-tier security at minimal cost, continuing to innovate in AI and security integration.
For more insights and updates, follow us on Google News, Twitter, and LinkedIn.
