ZAST.AI Secures $6 Million Pre-A Funding to Revolutionize AI-Driven Code Security
On January 5, 2026, Seattle-based cybersecurity innovator ZAST.AI announced the successful completion of a $6 million Pre-A funding round, led by the esteemed investment firm Hillhouse Capital. This latest infusion elevates ZAST.AI’s total funding to nearly $10 million, underscoring the industry’s recognition of the company’s groundbreaking approach to eliminating high false positive rates in security tools and ensuring that every alert is genuinely actionable.
In 2025, ZAST.AI made significant strides by uncovering hundreds of zero-day vulnerabilities across numerous widely-used open-source projects. These discoveries were submitted to authoritative vulnerability platforms like VulDB, resulting in 119 Common Vulnerabilities and Exposures (CVE) assignments. The affected projects include critical components and frameworks such as Microsoft Azure SDK, Apache Struts XWork, Alibaba Nacos, Langfuse, Koa, and node-formidable.
ZAST.AI’s unique approach involves not only identifying vulnerabilities but also providing executable Proof-of-Concept (PoC) evidence. This methodology has prompted maintainers from leading technology companies like Microsoft, Apache, and Alibaba to patch their codebases based on the PoCs submitted by ZAST.AI.
Geng Yang, Co-founder of ZAST.AI, highlighted the longstanding challenge in code security analysis:
High false positive rates have been a persistent issue for enterprise security teams. Security engineers often spend considerable time manually verifying alerts, leading to inefficiencies. Our founding principle was to report only verified vulnerabilities, encapsulated in our mantra: ‘Report is cheap, show me the POC!’
The core innovation of ZAST.AI lies in its Automated POC Generation + Automated Validation technical architecture. Unlike traditional static analysis tools, ZAST.AI employs advanced AI technology to perform deep code analysis on applications. This enables the automatic generation of PoC code for exploiting vulnerabilities, followed by automated execution and verification to confirm the vulnerability’s exploitability. Consequently, the final reports present only real, practically verified vulnerabilities, achieving a groundbreaking zero false positive effect.
A representative from Hillhouse Capital emphasized the transformative nature of ZAST.AI’s approach:
This isn’t an optimization—it’s a reconstruction. ZAST.AI has redefined the standard for vulnerability validation, shifting from ‘potential risk’ to ‘confirmed vulnerability, here is the PoC.’ This changes the game.
ZAST.AI’s capabilities extend beyond detecting syntax-level vulnerabilities like SQL Injection, XSS, Insecure Deserialization, and SSRF. The platform also identifies complex semantic-level vulnerabilities, including intricate business logic flaws such as Insecure Direct Object References (IDOR), privilege escalation, and payment logic vulnerabilities—areas traditionally challenging for automated tools to address.
The prevalence of high false positive rates in security tools often leads to desensitization among security teams. With false positive rates exceeding 60%, teams may become indifferent to alerts, potentially overlooking genuine threats. This issue is not a reflection of personnel shortcomings but rather a deficiency in the tools themselves, which can only speculate without providing concrete proof.
Currently, ZAST.AI serves multiple enterprise clients, including Fortune Global 500 companies. By automatically discovering unknown vulnerabilities and delivering runnable PoC vulnerability reports, ZAST.AI helps clients significantly shorten vulnerability remediation cycles and reduce security operation costs. The company has received high recognition from its customers for these contributions.
The recent funding will primarily be allocated to core technology research and development, product feature expansion, and global market development. CEO Geng Yang articulated the company’s vision:
Our goal is to build an end-to-end AI-driven security platform, enabling every development team to achieve the highest quality security assurance at the lowest cost. We will continue to innovate at the intersection of AI and security, providing smarter, more precise, and more efficient code security solutions to our global customers.
