ZeroPath

Active

Automatically find and fix your software vulnerabilities

Summer 2024Founded 20244 peopleSan Francisco, CA, USA

zeropath.com ↗LinkedIn ↗X ↗GitHub ↗See on the Idea Map B2B momentum

About

ZeroPath is a developer tool that autonomously detects, verifies, and submits fixes for vulnerabilities in your code. Engineers can use ZeroPath to find security problems that they might only otherwise catch in pentests or from bug bounty researchers.

From their website

as of Jun 7, 2026zeropath.com ↗

SaaSSubscription · Starting from $1,000/mo + $60/dev; 14-day free trial; pay per scan/usage options announced as 'Usage-based' with credits and pay-as-you-use terms.

ZeroPath offers an AI-native AppSec platform that includes SAST, SCA,Secrets, DAST, and more to find vulnerabilities with reduced false positives. It automates security for modern DevOps, emphasizing end-to-end code security and auto-fix capabilities.

The platform scans repositories top-down with Zero Config defaults, prioritizes business-logic and authentication issues, verifies exploitability, and generates working patches without build scripts. It provides SAST, SCA with reachability analysis, Secrets detection, IaC scanning, PR reviews, a policy engine, risk management, and an autofix feature that auto-remediates vulnerabilities with AI-generated fixes, plus DAST for live apps and continuous security reviews.

Who it’s for: Development teams and security teams in mid-to-large organizations deploying modern DevOps pipelines seeking integrated AI-assisted code security, with emphasis on reducing false positives and speeding remediation.

Features

AI-native SAST with business logic detection
SCA with reachability analysis
Secrets detection and validation
IaC infrastructure misconfiguration scanning
PR reviews and continuous security reviews
Policy engine for scalable security policies
Autofix for auto-remediation

Pricing page indicates a 14-day free trial and a paid subscription; mentions product traction with hundreds of customers and enterprise deployments; emphasis on AI-assisted security and auto-fix features.

Founders · 4

Dean ValentineFounder

ZeroPath founder

Nathan HrncirikFounder

Tesla

CIO at ZeroPath. Security Engineer & 100k+ earned bug bounty hunter. Formerly Red Team at Tesla.

LinkedIn ↗

Raphael KargerFounder

Google

CTO at ZeroPath. Former Google Security Engineer and BishopFox Consultant.

LinkedIn ↗

Etienne LunettaFounder

COO at ZeroPath. Former Co-Founder at Mevlink, acquired by bloXroute Labs in 2023.

Launch

Launched on Y Combinator · Jul 2024

View launch post ↗

Detect and fix your web application's exploitable security issues without config.

ZeroPath is a GitHub app that detects security vulnerabilities in code, verifies them, and automatically issues pull requests to patch them. It scans source code and PRs, uses LLMs to reduce false positives, and generates patches, aiming to integrate with existing SAST workflows and reduce remediation time.

Website over time

How ZeroPath’s homepage introduced itself over the years — each line is the page title the web actually saw, linked to that moment’s archived capture.