ZAST.AI Raises $6M Pre-A to Scale 'Zero False Positive' AI-Powered Code Security

Zero False Positive AI-Powered Code Security

ZAST.AI, a pioneering company in AI-driven code security, announced the completion of a $6 million Pre-A funding round, led by Hillhouse Capital, bringing its total funding close to $10 million. This investment recognizes ZAST.AI’s innovative approach to ending high false positive rates in security tools, making every alert genuinely actionable, as evidenced by its discovery of hundreds of zero-day vulnerabilities across popular open-source projects.

Why This Matters

The traditional field of code security analysis has long been plagued by high false positive rates, resulting in significant time spent by security engineers manually verifying alerts, leading to extremely low efficiency. ZAST.AI’s “Automated POC Generation + Automated Validation” technical architecture addresses this pain point by leveraging advanced AI technology to perform deep code analysis, automatically generating and verifying Proof-of-Concept (PoC) code for exploiting vulnerabilities, achieving a “zero false positive” effect. This breakthrough has significant implications for the industry, as high false positive rates can lead to desensitization of security teams, making them less responsive to real threats, and resulting in increased security operation costs.

Key Insights

• ZAST.AI discovered hundreds of zero-day vulnerabilities and was assigned 119 CVEs in 2025, demonstrating the effectiveness of its AI-powered code security solution.
• The company’s technical architecture combines automated POC generation and validation, enabling the detection of both syntax-level and semantic-level vulnerabilities, including complex business logic flaws.
• ZAST.AI’s approach has gained recognition from leading capital markets and enterprise clients, including Fortune Global 500 companies, which appreciate the significant reduction in vulnerability remediation cycles and security operation costs.

Working Example

# Example of ZAST.AI's automated POC generation and validation
import requests

def generate_poc(vulnerability):
    # Generate PoC code for the given vulnerability
    poc_code = "example_poc_code"
    return poc_code

def validate_poc(poc_code):
    # Validate the PoC code by executing it and verifying the result
    result = requests.post("https://example.com", data=poc_code)
    if result.status_code == 200:
        return True
    else:
        return False

vulnerability = "example_vulnerability"
poc_code = generate_poc(vulnerability)
if validate_poc(poc_code):
    print("Vulnerability verified")
else:
    print("Vulnerability not verified")

Practical Applications

• Use Case: ZAST.AI’s AI-powered code security solution can be used by enterprise clients to significantly shorten vulnerability remediation cycles and reduce security operation costs, as demonstrated by its existing clients, including Fortune Global 500 companies.
• Pitfall: A common anti-pattern in code security is relying on traditional static analysis tools with high false positive rates, leading to desensitization of security teams and increased security operation costs, highlighting the need for innovative solutions like ZAST.AI’s “zero false positive” approach.

References:

• http://thehackernews.com/2026/02/zastai-raises-6m-pre-to-scale-zero.html
• https://www.zast.ai/ (not provided in the context, but assumed as a reference)