ZeroPath: AI-Native Code Security That Replaces Your Entire SAST Stack
ZeroPath is an AI-native code security platform that replaces traditional SAST, SCA, secrets scanning, and IaC tools with a single LLM-powered engine. The platform detects complex business logic flaws and chained vulnerabilities that legacy static analysis tools consistently miss.
Founded by security engineers from Tesla and Google, ZeroPath is backed by Y Combinator and has raised $12.5M including its seed round led by SurgePoint Capital with participation from Paul Graham. The company was selected as one of 10 finalists for the RSAC 2026 Innovation Sandbox competition, pitching today (March 23) at Moscone Center in San Francisco.
ZeroPath's approach is directly relevant to the agent era: as AI coding agents like Claude Code, Cursor, and Codex generate more production code, traditional rule-based scanners fail to catch the nuanced vulnerabilities in AI-generated code. ZeroPath uses LLMs to understand code semantics and intent, catching broken authentication, business logic flaws, and dependency issues that pattern-matching tools miss.
Each RSAC Innovation Sandbox finalist receives a $5M investment via SAFE note from Crosspoint Capital, bringing ZeroPath's total backing to support its mission of making AI-generated code secure by default.
Official site: https://zeropath.com
Y Combinator profile: https://www.ycombinator.com/companies/zeropath
← Back to all articles
Founded by security engineers from Tesla and Google, ZeroPath is backed by Y Combinator and has raised $12.5M including its seed round led by SurgePoint Capital with participation from Paul Graham. The company was selected as one of 10 finalists for the RSAC 2026 Innovation Sandbox competition, pitching today (March 23) at Moscone Center in San Francisco.
ZeroPath's approach is directly relevant to the agent era: as AI coding agents like Claude Code, Cursor, and Codex generate more production code, traditional rule-based scanners fail to catch the nuanced vulnerabilities in AI-generated code. ZeroPath uses LLMs to understand code semantics and intent, catching broken authentication, business logic flaws, and dependency issues that pattern-matching tools miss.
Each RSAC Innovation Sandbox finalist receives a $5M investment via SAFE note from Crosspoint Capital, bringing ZeroPath's total backing to support its mission of making AI-generated code secure by default.
Official site: https://zeropath.com
Y Combinator profile: https://www.ycombinator.com/companies/zeropath
Comments