ZAST, Seattle, USA, January 5, 2026.AI reported that a $6 million Pre-A funding round was completed This article explores vulnerabilities ai garnered. . With this investment from renowned investment firm Hillhouse Capital, ZAST.AI now has nearly $10 million in total funding.

Leading capital markets have acknowledged a new solution, which is to make every alert truly actionable and put an end to the period of high false positive rates in security tools. ZAST.AI found hundreds of zero-day vulnerabilities in dozens of well-known open-source projects in 2025. These discoveries were successfully submitted to 119 CVE assignments via reputable vulnerability databases such as VulDB. These are production-grade codes that support multinational corporations, not lab targets.

Popular components and frameworks like Microsoft Azure SDK, Apache Struts XWork, Alibaba Nacos, Langfuse, Koa, node-formidable, and others are among the well-known projects that have been impacted. ZAST was developed specifically for these extensively used open-source projects.With executable Proof-of-Concept (PoC) evidence, AI found hundreds of actual, exploitable vulnerabilities. Top tech companies like Microsoft, Apache, and Alibaba have already patched their code based on the proofs of concept that ZAST.AI submitted.

"High false positive rates have long been a core pain point plaguing enterprise security teams in the traditional field of code security analysis." According to Geng Yang, co-founder of ZAST.AI, security engineers frequently spend a lot of time manually confirming tool-generated alerts, which results in incredibly low efficiency.

"'Report is cheap, show me the POC!' This was the original goal when ZAST.AI was founded — we think that only verified vulnerabilities are worth reporting." ZAST.The "Automated POC Generation + Automated Validation" technical architecture of AI is its primary innovation.

ZAST.AI uses cutting-edge AI technology to conduct deep code analysis on applications, in contrast to conventional static analysis tools. In addition to automatically creating Proof-of-Concept (PoC) code to exploit vulnerabilities, it can also automatically run the PoC and check to see if it successfully triggers the vulnerability. The final report achieves a groundbreaking "zero false positive" effect by presenting only actual vulnerabilities that have been practically verified. "This is a reconstruction, not an optimization," a Hillhouse Capital representative stated.

"This changes the game because ZAST.AI has redefined the standard for vulnerability validation, moving from 'potential risk' to 'confirmed vulnerability, here is the PoC.'" In terms of vulnerability coverage, ZAST.AI can detect semantic-level vulnerabilities in addition to "syntax-level" vulnerabilities like SQL Injection, XSS, Insecure Deserialization, and SSRF. This includes intricate business logic defects that have long been thought to be hard for automated tools to access, such as IDOR, privilege escalation, and payment logic vulnerabilities.

Imagine your security tool having a false positive rate of more than 60% and screaming "wolf" every day. The team may already be desensitized by the time the real "wolf" shows up. This isn't a people problem; it's a tool defect—they can only speculate, not prove.

Fortune Global 500 companies are among the numerous enterprise clients that ZAST.AI currently serves. ZAST provides runnable PoC vulnerability reports and automatically identifies unknown vulnerabilities.AI has garnered high customer recognition, greatly reduces security operation costs, and helps clients shorten vulnerability remediation cycles. Global market development, product feature expansion, and core technology research and development will be the main uses of this funding round.

"Our goal is to create an end-to-end AI-driven security platform that allows every development team to get the best security assurance at the most affordable price," said Geng Yang, CEO. ZAST.AI will keep advancing technological innovation in AI + Security in the future, offering clients worldwide more intelligent, accurate, and effective code security solutions.