ZeroPath Blog & Research
Explore our team's latest research and stay up to date with ZeroPath's capabilities.
Insights
•2025-07-17
•8 min read
How to meet security requirements for PCI-DSS compliance?
PCI DSS is a set of 12 requirements designed to protect cardholder data. It covers security, network, and application layers. Of those 12 requirements, the 6th requirement which requires companies to maintain application security at all times is the most important and difficult to meet due to the dynamic nature of everyday code changes. ZeroPath is helping companies achieve PCI-DSS compliance level security, and if it's something on your roadmap, it might be worth adopting a shift-left mindset from the very beginning and using AI-native SAST like ZeroPath to simplify and automate your security.
ZeroPath Security Research
Research
•2025-07-17
•12 min read
The Security Bug That's in 73% of Codebases (Including Yours)
GitLab lost $760M. McDonald's leaked 64 million applications. We analyzed the authorization crisis plaguing modern software and found the same vulnerability class in 73% of codebases. Here's why IDORs are the new SQL injection.
ZeroPath Security Research
Insights
•2025-07-16
•6 min read
What is PCI DSS? 12 Requirements to be PCI DSS Compliant
PCI DSS is a set of 12 requirements designed to protect cardholder data. It covers security, network, and application layers. To be compliant, businesses must implement these requirements, which include data encryption, firewalls, and regular security audits. Compliance is crucial for businesses handling card data to avoid penalties and maintain customer trust.
ZeroPath Security Research
Insights
•2025-07-15
•5 min read
What is PCI Compliance? Does your business need PCI Compliance?
PCI compliance refers to security standards protecting cardholder data during transactions. It encompasses standards like PCI DSS for handling card data, PCI PTS for payment terminals, and PCI 3DS for online fraud prevention. Compliance is vital to avoid penalties and to keep processing card payments. Businesses must determine their specific needs, like whether they store card information or use physical readers. Using third-party payment processors can help manage compliance efficiently.
ZeroPath Security Research
Security Research
•2025-04-04
•4 min read
How to do Security Research with ZeroPath
A practical guide on using AI SAST with ZeroPath to perform security research.
ZeroPath Security Research
Product
•2025-03-27
•6 min read
Introducing ZeroPath’s Open-Source MCP Server
Query your product security findings with natural language. ZeroPath’s open-source MCP server integrates with Claude, Cursor, Windsurf, and other tools to surface SAST issues, secrets, and patches—right where developers work.
ZeroPath Security Research
Insights
•2025-03-24
•18 min read
On Recent AI Model Progress
Exploring the real-world effectiveness of AI advancements through our experiences building security-focused AI tools, with honest perspectives on capability gaps, benchmarking challenges, and practical applications.
Dean Valentine
Product
•2024-11-13
•5 min read
How ZeroPath Compares
ZeroPath compares its SAST performance against competitors using the XBOW benchmarks, in a manner thats reproducible.
ZeroPath Team
Insights
•2024-11-13
•7 min read
Towards Actual SAST Benchmarks
ZeroPath enhances XBOW's open-source security benchmarks by removing AI-favoring hints, adding false positive testing, and creating a more realistic evaluation framework for comparing modern security scanning tools.
ZeroPath Team
Research
•2024-10-29
•15 min read
Autonomous Discovery of Critical Zero-Days
Since July 2024, ZeroPath's tool has uncovered critical zero-day vulnerabilities—including RCE, authentication bypasses, and IDORs—in popular AI platforms and open-source projects. Our approach has identified security flaws in projects owned by Netflix, Salesforce, and Hulu.
Raphael Karger
Research
•2024-08-24
•10 min read
Critical RCE Vulnerability in UpTrain
ZeroPath researchers uncover a critical Remote Code Execution (RCE) vulnerability in UpTrain, a popular open-source AI platform.
Nathan Hrncirik
Research
•2024-08-24
•10 min read
Command Injection Vulnerability in Clone-Voice Project
Security researchers at ZeroPath uncover a command injection vulnerability in the popular open-source "clone-voice" project.
Nathan Hrncirik, Raphael Karger
Research
•2024-08-24
•8 min read
Fonoster VoiceServer LFI Vulnerability (CVE-2024-43035)
Security researchers at ZeroPath discovered a Local File Inclusion (LFI) vulnerability in Fonoster VoiceServer, an open-source AI project for building voice applications.
Nathan Hrncirik
Research
•2024-08-24
•12 min read
LibrePhotos Arbitrary File Upload + Path Traversal PoC
ZeroPath security researchers uncover an unauthenticated arbitrary file upload vulnerability in LibrePhotos, a popular open-source photo management solution.
Nathan Hrncirik