ZAST.AI announced the completion of a $6 million Pre-A funding round led by Hillhouse Capital, bringing the company’s total funding to nearly $10 million. This investment marks a significant validation from capital markets of a new era in cybersecurity: ending the plague of high false positives and making every alert genuinely actionable.
In traditional code security analysis, high false positive rates have long been a core pain point. Security engineers often waste significant time manually verifying alerts, leading to “alert fatigue” where real risks are ignored.
“In this industry, ‘Report is cheap, show me the POC!’ This was our founding intention,” said Geng Yang, Co-founder and CEO of ZAST.AI. “We believe only verified vulnerabilities are worth reporting.”
ZAST.AI addresses this through its proprietary “Automated PoC Generation + Validation” architecture. Unlike traditional static analysis tools that merely speculate on potential risks, ZAST.AI leverages advanced AI to perform deep code analysis. It automatically generates Proof-of-Concept (PoC) and executes it to verify the vulnerability, achieving a breakthrough “zero false positive” standard.
The technology has already proven its capabilities in the real world. In 2025, ZAST.AI has discovered hundreds of zero-day vulnerabilities in production-grade code. These findings were submitted through authoritative vulnerability platforms like VulDB, successfully resulting in 119 CVE assignments. Affected well-known projects include widely used components and frameworks such as Microsoft Azure SDK, Apache Struts XWork, Alibaba Nacos, Langfuse, Koa, node-formidable, WordPress, and others.
Beyond standard syntax-level issues like SQL Injection, ZAST.AI uniquely identifies complex semantic-level vulnerabilities. This includes business logic flaws like IDOR and privilege escalation—areas long considered difficult for automated tools to reach.
“This isn’t an optimization—it’s a reconstruction,” said a representative from Hillhouse Capital. “ZAST.AI has redefined the standard for vulnerability validation, shifting from ‘potential risk’ to ‘confirmed vulnerability.’ This changes the game.”
Currently, ZAST.AI already serves multiple enterprise clients, including Fortune Global 500 companies. We will use the new funds to accelerate core technology R&D and global market expansion. “Our vision is to build an end-to-end AI-driven security platform, enabling every development team to obtain the highest quality security assurance at the lowest cost,” added CEO Yang.
Explore AITechPark for the latest Artificial Intelligence News advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!