ZeroPath Blog & Research

Explore our team's latest research and stay up to date with ZeroPath's capabilities.

All Research Product Insights CVE Analysis

Product

•

2026-05-11

•

6 min read

Zero: AI Assistant For AppSec

We built an AI agent that runs your AppSec program. Here's what it actually does — from triaging bug bounty reports in about 10 minutes to building scheduled security sprints in plain English.

Peter Purcell

How Aptos Labs Scales Application Security Across 1M+ Lines of Rust with AI-Powered SAST

Insights

•

2026-03-05

•

8 min read

How Aptos Labs Scales Application Security Across 1M+ Lines of Rust with AI-Powered SAST

How Aptos Labs automated security testing across 70 engineers, accelerated vulnerability discovery by 8x, and saved 20+ hours per week with AI-powered SAST on Rust codebases.

ZeroPath Team

CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD

Research

•

2026-04-28

•

7 min read

CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD

ZeroPath Research discovered a SQL injection in ProFTPD's mod_sql extension (CVE-2026-42167) that can allow remote code execution, authentication bypass, and privilege escalation depending on configuration — exploitable pre-auth in some cases. Affects ProFTPD <= 1.3.9; patched in 1.3.9a.

John Walker

CVE-2026-39816 Allows Privesc And Code Execution In Apache NiFi

Research

•

2026-05-07

•

6 min read

CVE-2026-39816 Allows Privesc And Code Execution In Apache NiFi

ZeroPath Research discovered CVE-2026-39816 in Apache NiFi: when the optional nifi-other-graph-services-nar bundle is installed, authenticated users without the EXECUTE_CODE privilege can run arbitrary code on the NiFi server via ExecuteGraphQuery against a TinkerPop target. Affects NiFi >= 2.0.0-M1 and < 2.9.0; patched in 2.9.0.

John Walker

Product

•

2024-11-01

•

15 min read

How ZeroPath Works

Technical deep-dive into ZeroPath's SAST methodology: From AST generation to AI-powered vulnerability discovery and automated patch generation.

Raphael Karger

Critical Spinnaker Vulns Allow RCE And Production Compromise

Research

•

2026-04-20

•

12 min read

Critical Spinnaker Vulns Allow RCE And Production Compromise

ZeroPath Research discovered two separate RCE vulnerabilities in Spinnaker (CVE-2026-32604 and CVE-2026-32613) that let low-privilege authenticated users execute code on Clouddriver and Echo, enabling credential theft and pivots into production cloud environments.

John Walker

Benchmarking Opus 4.6 For Vuln Detection: Flashes Of Brilliance But Lots of Noise

Research

•

2026-04-02

•

10 min read

Benchmarking Opus 4.6 For Vuln Detection: Flashes Of Brilliance But Lots of Noise

We tested Opus 4.6 against 435 known vulnerable C functions from real CVEs. With good prompting and tools, it found up to 28.5% of vulnerabilities — impressive compared to human review, but with high false positive rates and inconsistency that underline the need for more sophisticated systems.

John Walker

Unpatched RAGFlow Vulnerability Allows Post-Auth RCE

Security Research

•

2026-04-09

•

10 min read

Unpatched RAGFlow Vulnerability Allows Post-Auth RCE

A currently-unpatched vulnerability in RAGFlow 0.24 allows low-privilege authenticated users to execute arbitrary code on instances using Infinity for chunk storage. We walk through the discovery, exploitation, and our disclosure process.

John Walker

Research

•

2026-03-02

•

7 min read

ZeroPath Exploit Development CTFs

Learn to exploit complex real-world vulnerabilities with zeropath-ctf, a set of self-contained exploit development exercises based on CVEs from the CISA Known Exploited Vulnerabilities list, powered by ZeroPath's shapeshifter vulnerability generation suite.

John Walker

AI Coding Assistants Are Not a SAST Program

Insights

•

2026-05-19

•

10 min read

AI Coding Assistants Are Not a SAST Program

AI coding assistants can catch narrow, inner-loop security issues, but they do not replace full-codebase coverage, stable issue tracking, workflow integrations, and broader AppSec controls.

ZeroPath Team

ZeroPath Outperforms Mythos In Real World Test

Product

•

2026-05-11

•

3 min read

ZeroPath Outperforms Mythos In Real World Test

When Anthropic's Mythos-powered Glasswing scanner re-analyzed curl, it surfaced one low-severity bug — months after ZeroPath helped Joshua Rogers ship fixes for nearly 170. The harness around the model matters more than the model itself.

John Walker

ZeroPath's 36 Sudo Bug Fixes Reduce CrackArmor's Impact

Research

•

2026-03-18

•

15 min read

ZeroPath's 36 Sudo Bug Fixes Reduce CrackArmor's Impact

One of ZeroPath's 36 sudo security fixes was rediscovered in Qualys' CrackArmor vulnerability. We share the full list of fixes, including POC for a previously-unpublished RCE targeting sudo's optional log server.

John Walker

7 Best SAST Tools in 2026: Detailed Guide for AppSec Engineers and CISOs

Insights

•

2026-03-04

•

25 min read

7 Best SAST Tools in 2026: Detailed Guide for AppSec Engineers and CISOs

We compared the 7 best SAST tools of 2026 side-by-side. Pricing, features, false positive rates, enterprise readiness and more for AppSec engineers and CISOs.

ZeroPath Team

Why Commenda Chose ZeroPath to Secure Their Global Tax Platform

Insights

•

2026-02-26

•

8 min read

Why Commenda Chose ZeroPath to Secure Their Global Tax Platform

How Commenda's CTO runs a complete security program, finding 4× more real vulnerabilities including business logic bugs no legacy scanner catches, in a couple hours per week without dedicated security headcount.

ZeroPath Team

Malicious Websites Can Exploit Openclaw (aka Clawdbot) To Steal Credentials

Research

•

2026-02-02

•

5 min read

Malicious Websites Can Exploit Openclaw (aka Clawdbot) To Steal Credentials

Openclaw (aka Clawdbot) delivers impressive AI experiences but malicious websites can abuse it to steal your credentials

John Walker

Autonomously Finding 7 FFmpeg Vulnerabilities With AI

Research

•

2025-12-02

•

15 min read

Autonomously Finding 7 FFmpeg Vulnerabilities With AI

ZeroPath's AI-assisted SAST analyzed FFmpeg and reported seven distinct memory safety flaws, including buffer overflows and invalid memory writes, missed by traditional tools.

ZeroPath Team

Avahi Simple Protocol Server DoS (CVE-2025-59529)

Research

•

2025-11-18

•

8 min read

Avahi Simple Protocol Server DoS (CVE-2025-59529)

A logic flaw in Avahi Simple Protocol Server ignored the configured client limit, allowing any user to open unlimited connections and exhaust memory and file descriptors, causing a system-wide denial of service for mDNS and DNS-SD.

ZeroPath Team

7 vulnerabilities in django-allauth enabling account impersonation and token abuse

Research

•

2025-11-05

•

5 min read

7 vulnerabilities in django-allauth enabling account impersonation and token abuse

Our audit of django-allauth uncovered seven vulnerabilities, including two that enable user impersonation and others affecting token handling, email verification, and HTTP configuration. We detail how our AI-assisted scanner exposed these logic-level issues, the patches applied, and what developers should do to secure their authentication flows.

ZeroPath Team

How ZeroPath's AI Code Scanner Won Over the curl Project with 170 Valid Bug Reports

Research

•

2025-10-21

•

10 min read

How ZeroPath's AI Code Scanner Won Over the curl Project with 170 Valid Bug Reports

ZeroPath's AI-based static analyzer uncovered 170 verified issues in curl, from C footguns to logic and RFC compliance bugs across HTTP/3, SMTP, IMAP, TFTP, Telnet, and SSH/SFTP, with curl maintainer Daniel Stenberg praising the quality -- proof that AI source code analyzers can produce high-quality findings even in the curl project, not just AI slop.

ZeroPath Team

Critical Account Takeover via Unauthenticated API Key Creation in better-auth (CVE-2025-61928)

Research

•

2025-10-19

•

9 min read

Critical Account Takeover via Unauthenticated API Key Creation in better-auth (CVE-2025-61928)

ZeroPath uncovered an unauthenticated API key creation flaw in better-auth's API keys plugin that enables attackers to mint privileged credentials for arbitrary users; this post details the bypass, exploitation path, and how we found it.

Etienne Lunetta

Detect & fix
what others miss

Book a Demo

ZeroPath Blog & Research

Explore our team's latest research and stay up to date with ZeroPath's capabilities.

Product

Zero: AI Assistant For AppSec

Insights

How Aptos Labs Scales Application Security Across 1M+ Lines of Rust with AI-Powered SAST

Research

CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD

Research

CVE-2026-39816 Allows Privesc And Code Execution In Apache NiFi

Product

How ZeroPath Works

Research

Critical Spinnaker Vulns Allow RCE And Production Compromise

Research

Benchmarking Opus 4.6 For Vuln Detection: Flashes Of Brilliance But Lots of Noise

Security Research

Unpatched RAGFlow Vulnerability Allows Post-Auth RCE

Research

ZeroPath Exploit Development CTFs

Insights

AI Coding Assistants Are Not a SAST Program

Product

ZeroPath Outperforms Mythos In Real World Test

Research

ZeroPath's 36 Sudo Bug Fixes Reduce CrackArmor's Impact

Insights

7 Best SAST Tools in 2026: Detailed Guide for AppSec Engineers and CISOs

Insights

Why Commenda Chose ZeroPath to Secure Their Global Tax Platform

Research

Malicious Websites Can Exploit Openclaw (aka Clawdbot) To Steal Credentials

Research

Autonomously Finding 7 FFmpeg Vulnerabilities With AI

Research

Avahi Simple Protocol Server DoS (CVE-2025-59529)

Research

7 vulnerabilities in django-allauth enabling account impersonation and token abuse

Research

How ZeroPath's AI Code Scanner Won Over the curl Project with 170 Valid Bug Reports

Research

Critical Account Takeover via Unauthenticated API Key Creation in better-auth (CVE-2025-61928)

Detect & fixwhat others miss

Detect & fix
what others miss