ZAST.AI Raises $6M Pre-A to Scale 'Zero False Positive' AI-Powered Code Security
Source: The Hacker News
Funding Announcement
January 5, 2026, Seattle, USA — ZAST.AI announced the completion of a $6 million Pre‑A funding round led by Hillhouse Capital. The investment brings ZAST.AI’s total funding close to $10 million, signaling market recognition of its solution to eliminate high false‑positive rates in security tools and deliver truly actionable alerts.
Vulnerability Discoveries
In 2025, ZAST.AI uncovered hundreds of zero‑day vulnerabilities across dozens of popular open‑source projects. These findings were submitted through authoritative platforms such as VulDB, resulting in 119 CVE assignments (source). The affected projects include widely used components and frameworks such as:
- Microsoft Azure SDK
- Apache Struts XWork
- Alibaba Nacos
- Langfuse
- Koa
- node‑formidable
Maintainers from top technology companies (Microsoft, Apache, Alibaba) have already patched their code based on the executable Proof‑of‑Concept (PoC) evidence provided by ZAST.AI.
“In the traditional field of code security analysis, high false positive rates have long been a core pain point plaguing enterprise security teams. Security engineers often spend significant time manually verifying alerts generated by tools, resulting in extremely low efficiency,” said Geng Yang, Co‑founder of ZAST.AI.
“Report is cheap, show me the PoC! This was the original intention behind founding ZAST.AI — we believe only verified vulnerabilities are worth reporting.”
Core Technology
ZAST.AI’s innovation lies in its “Automated PoC Generation + Automated Validation” architecture. Unlike traditional static analysis tools, it leverages advanced AI to:
- Deeply analyze code across applications.
- Automatically generate PoC code for exploiting identified vulnerabilities.
- Execute and verify the PoC to confirm the vulnerability.
Only vulnerabilities that pass this verification are reported, achieving a “zero false positive” effect.
“This isn’t an optimization—it’s a reconstruction,” said a Hillhouse Capital representative. “ZAST.AI has redefined the standard for vulnerability validation, shifting from ‘potential risk’ to ‘confirmed vulnerability, here is the PoC.’”
Coverage
- Syntax‑level: SQL Injection, XSS, Insecure Deserialization, SSRF.
- Semantic‑level: IDOR, privilege escalation, payment‑logic flaws, and other complex business‑logic issues traditionally hard for automated tools.
Market Impact
ZAST.AI already serves multiple enterprise clients, including Fortune Global 500 companies. By delivering automatically discovered, verified vulnerabilities with runnable PoCs, the platform helps clients:
- Shorten remediation cycles.
- Reduce security operation costs.
- Increase confidence in vulnerability reports.
Use of Funds
The new capital will be allocated to:
- Core technology R&D.
- Expansion of product features.
- Global market development.
Vision
CEO Geng Yang stated: “Our vision is to build an end‑to‑end AI‑driven security platform, enabling every development team to obtain the highest‑quality security assurance at the lowest cost. In the future, ZAST.AI will continue to deepen technological innovation in AI + Security, providing global customers with smarter, more precise, and more efficient code security solutions.”