January 5, 2026, Seattle, USA — ZAST.AI introduced the completion of a $6 million Pre-A funding spherical. This funding got here from the well-known funding agency Hillhouse Capital, bringing ZAST.AI’s complete funding near $10 million. This marks a recognition from main capital markets of a brand new answer: ending the period of excessive false constructive charges in safety instruments and making each alert genuinely actionable.
In 2025, ZAST.AI found a whole bunch of zero-day vulnerabilities throughout dozens of fashionable open-source initiatives. These findings have been submitted by authoritative vulnerability platforms like VulDB, efficiently leading to 119 CVE assignments. These aren’t laboratory targets, however production-grade code supporting international companies. Affected well-known initiatives embrace extensively used elements and frameworks reminiscent of Microsoft Azure SDK, Apache Struts XWork, Alibaba Nacos, Langfuse, Koa, node-formidable, and others.
It was exactly inside these extensively adopted open-source initiatives that ZAST.AI found a whole bunch of actual, exploitable vulnerabilities accompanied by executable Proof-of-Idea (PoC) proof. Maintainers of those initiatives from high know-how corporations like Microsoft, Apache, and Alibaba have already patched their code based mostly on the PoCs submitted by ZAST.AI.
“Within the conventional area of code safety evaluation, excessive false constructive charges have lengthy been a core ache level plaguing enterprise safety groups. Safety engineers typically spend important time manually verifying alerts generated by instruments, leading to extraordinarily low effectivity,” mentioned Geng Yang, Co-founder of ZAST.AI. “‘Report is reasonable, present me the POC!’ This was the unique intention behind founding ZAST.AI — we consider solely verified vulnerabilities are price reporting.”
ZAST.AI’s core innovation lies in its “Automated POC Technology + Automated Validation” technical structure. Not like conventional static evaluation instruments, ZAST.AI leverages superior AI know-how to carry out deep code evaluation on purposes. It cannot solely mechanically generate Proof-of-Idea (PoC) code for exploiting vulnerabilities but additionally mechanically execute and confirm whether or not the PoC efficiently triggers the vulnerability. The ultimate report solely presents actual vulnerabilities which have been virtually verified, attaining a breakthrough “zero false constructive” impact.
“This is not an optimization—it is a reconstruction,” mentioned a consultant from Hillhouse Capital. “ZAST.AI has redefined the usual for vulnerability validation, shifting from ‘potential threat’ to ‘confirmed vulnerability, right here is the PoC.’ This modifications the sport.”
Concerning vulnerability protection, ZAST.AI not solely helps the detection of “syntax-level” vulnerabilities reminiscent of SQL Injection, XSS, Insecure Deserialization, and SSRF but additionally possesses the aptitude to determine semantic-level vulnerabilities. This contains advanced enterprise logic flaws like IDOR, privilege escalation, and fee logic vulnerabilities—areas lengthy thought-about tough for automated instruments to succeed in. Think about your safety software crying “wolf” day-after-day, with a false constructive price above 60%. By the point the true “wolf” seems, the group would possibly already be desensitized. This is not a individuals drawback; it is a software defect—they’ll solely speculate, not show.
At present, ZAST.AI already serves a number of enterprise shoppers, together with Fortune International 500 corporations. By mechanically discovering unknown vulnerabilities and instantly offering runnable PoC vulnerability reviews, ZAST.AI helps shoppers considerably shorten vulnerability remediation cycles, markedly scale back safety operation prices, and has gained excessive recognition from clients. This spherical of funding will primarily be used for core know-how R&D, product characteristic enlargement, and international market growth. CEO, Geng Yang said: “Our imaginative and prescient is to construct an end-to-end AI-driven safety platform, enabling each growth group to acquire the very best high quality safety assurance on the lowest value. Sooner or later, ZAST.AI will proceed to deepen technological innovation in AI + Safety, offering international clients with smarter, extra exact, and extra environment friendly code safety options.”
