ZeroPath Reviews & Product Details

ZeroPath (YC S24) is the first AI-native application security platform that fundamentally reimagines how organizations find and fix vulnerabilities. Unlike deterministic SAST tools that bolt AI onto legacy rule engines, ZeroPath was built from the ground up to combine large language models with advanced program analysis (AST, data flow, taint tracking) by Ex-Tesla Red Team and Google Security engineers. ZeroPath's core differentiation is detecting critical vulnerabilities that pattern-matching SAST fundamentally cannot find. It catches IDORs, authorization bypasses, race conditions, and authentication bugs by reasoning about application behavior and developer intent. This capability achieved a 92% alert reduction when triaging findings from legacy tools. ZeroPath is best suited for enterprises and startups that want a complete appsec experience with: AI-powered SAST across 16+ languages, SCA with exploitability analysis (90% noise reduction by determining if dependency CVEs are actually reachable in your code), secrets detection with validation, IaC scanning for Terraform/CloudFormation/Kubernetes, and natural language security policies. Context-aware autopatch generation fixes 70% of vulnerabilities automatically with framework-specific patches that match your coding standards. To keep the developer experience seamless, ZeroPath integrates into existing workflows with zero configuration. It provides Sub-60-second PR scans on GitHub, GitLab, Bitbucket, and Azure DevOps to provide instant security feedback without blocking development. Developers receive clear explanations, one-click fixes, and can refine patches using natural language commands directly in PR comments. The platform automatically attributes vulnerabilities to responsible developers and syncs bidirectionally with Jira, Linear, and more. Overall, less noise, along with the breadth of integrations, has already made security teams faster in triaging and finding real vulnerabilities. Having been security engineers ourselves, we also understand how important visibility is for the evaluations. ZeroPath users get executive dashboards with real-time MTTR tracking, automated compliance reporting for SOC2 and ISO27001, and risk-based prioritization using CVSS 4.0 scoring. The platform provides complete visibility across organizational repositories, including security models, authentication patterns, and filtering logic, without manual configuration. Our research team dogfeeds our own technology and has discovered CVE-2025-61928 (critical account takeover in better-auth with 300k+ weekly downloads), identified 170+ verified bugs in curl, found 7 vulnerabilities in django-allauth enabling account impersonation, and discovered 0-days in production systems at Netflix, Hulu, and Salesforce. Currently trusted by 750+ companies running 200k+ scans monthly, ZeroPath delivers what security-conscious engineering teams need: more real vulnerabilities, dramatically less noise, and automated fixes that actually work.

Product Website

Seller

ZeroPath

Discussions

ZeroPath Community

Languages Supported

English

Overview by

Etienne L

Pricing

Pricing provided by ZeroPath.

Core

$200.00

Per Month

View More Pricing Information

ZeroPath Integrations

(25)

Verified by ZeroPath

ZeroPath Media

ZeroPath Dashboard

Vulnerability Breakdown

Endpoint Analysis

Automatic PR Scans and Patch Generations

ZeroPath Walkthrough

G2 reviews are authentic and verified.

Here's how.

Rohit J.

Vice President of Engineering

Mid-Market (51-1000 emp.)

3/30/2026

"Accurate Source-to-Sink Analysis with Surprisingly Reliable Auto-Patches"

5/5

What do you like best about ZeroPath?

What stands out most about ZeroPath is how accurate its source-to-sink analysis is—it makes triaging much quicker. The auto-generated patches are also surprisingly reliable, and we’ve been able to merge most of them with little to no modification. Review collected by and hosted on G2.com.

What do you dislike about ZeroPath?

The dashboard has a few rough edges, mostly minor UI issues. That said, the team is responsive and tends to fix things quickly when they’re reported. Review collected by and hosted on G2.com.

What problems is ZeroPath solving and how is that benefiting you?

ZeroPath is helping us tackle application security more effectively by covering everything from AI-powered SAST and PR scanning to SCA and IaC in one place. We previously used Semgrep, but have fully switched over—mainly because the findings are more relevant, which saves us time, and the overall cost is lower than what we were paying before. Review collected by and hosted on G2.com.

Maxime J.

Ingénieur Cybersécurité

Small-Business (50 or fewer emp.)

2/4/2026

"ZeroPath: ease of use and results superior to the competition"

4/5

What do you like best about ZeroPath?

ZeroPath is both very easy to use and demonstrates results far superior to market competitors (Fortify SAST, Checkmarx, Aikido Security, and QINA AI Security (CloudDefense)). ZeroPath includes an API, a CLI, and a web interface that are very easy to use and integrate with the vast majority of professional software. Review collected by and hosted on G2.com.

What do you dislike about ZeroPath?

ZeroPath is a startup working on a very innovative subject that is not even mature in research yet, its only flaw is not being able to cover certain very specific cases of vulnerabilities. Review collected by and hosted on G2.com.

Verified User in Hospital & Health Care

Small-Business (50 or fewer emp.)

3/20/2026

"Precise Source-to-Sink Analysis and Effective Auto-Generated Patches"

5/5

What do you like best about ZeroPath?

Their source-to-sink analysis is extremely precise, which speeds up triaging significantly. The auto-generated patches are effective as well, unlike those from other tools we've used, and we've been able to merge most of them with very few modifications Review collected by and hosted on G2.com.

What do you dislike about ZeroPath?

The dashboard has a few minor UI quirks, but nothing serious. When I report an issue, they usually address it pretty quickly. Review collected by and hosted on G2.com.

What problems is ZeroPath solving and how is that benefiting you?

We initially adopted their AI SAST and PR scanning, and later expanded to include SCA, IaC, and other features. We previously used Semgrep but fully transitioned last year. Since making the switch, the results have been more relevant, and the overall cost has been lower than what we were paying before. Review collected by and hosted on G2.com.

Kshitiz A.

Backend Engineer

Mid-Market (51-1000 emp.)

2/11/2026

"High-Quality Findings with Smooth CI/CD Integration"

4.5/5

What do you like best about ZeroPath?

The finding quality is significantly better than what we were getting from Semgrep, Snyk, and Aikido. It actually catches real vulnerabilities, and false positives are pretty low. CI/CD integration was smooth, and when we needed something custom for our stack, their team just built it for us. Review collected by and hosted on G2.com.

What do you dislike about ZeroPath?

The product can seem to move fast. New features and changes ship frequently, so the UI/workflow shifts from time to time. Review collected by and hosted on G2.com.

Manisha A.

Relationship Manager

Small-Business (50 or fewer emp.)

2/26/2026

"Accurate Findings, Seamless CI/CD Setup, and a Responsive Team"

4/5

What do you like best about ZeroPath?

Compared to Semgrep, Snyk, and Aikido, the results are far more accurate and actually surface real issues without drowning us in false alarms. The CI/CD setup was seamless, and whenever we needed something specific to our stack, their team quickly made it happen. Review collected by and hosted on G2.com.

What do you dislike about ZeroPath?

UI keeps changing very fast since the product is changing rapidly. Review collected by and hosted on G2.com.

Yaacov T.

CTO

Small-Business (50 or fewer emp.)

2/10/2026

"Easy Setup, Powerful Vulnerability Detection, and Lightning-Fast Support"

5/5

What do you like best about ZeroPath?

- Finds serious security vulnerabilities including business logic bugs that other scanners miss.

- Extremely easy to use. Started working in like 4 clicks. Github integration is seamless and easy to set up.

- Support is really really fast. Review collected by and hosted on G2.com.

What do you dislike about ZeroPath?

- They still have quite a few small bugs, but the team fixes them quickly when they come up. Review collected by and hosted on G2.com.

Verified User in Financial Services

2/11/2026

"ZeroPath takes care of everything with almost 0 false positives"

5/5

What do you like best about ZeroPath?

We've trialed a few other SAST tools (Semgrep, Aikido) and ZeroPath found the most critical stuff by a pretty wide margin. The detail it gives you on each finding is solid and the false positive rate has been pretty low for us, which makes a huge difference when trying to get engineers to actually fix these issues. Review collected by and hosted on G2.com.

What do you dislike about ZeroPath?

Scan times can run a bit long, but once we figured out the scheduling scanning feature, it became a non-issue Review collected by and hosted on G2.com.

Sébastien D.

Software security specialist

Mid-Market (51-1000 emp.)

2/5/2026

"Software security specialist"

4.5/5

What do you like best about ZeroPath?

Zeropath is surprisingly effective at identifying real security issues and has a much better signal to noise ratio compared to other SAST tools I have tried. Review collected by and hosted on G2.com.

What do you dislike about ZeroPath?

The product is new and rapidly changing, we encountered some bugs with the dashboard. The Zeropath team was very responsive in fixing those issues. Review collected by and hosted on G2.com.

Verified User in Financial Services

1/19/2026

"ZeroPath is surprisingly good improvement over old-fashioned SAST solutions"

4.5/5

What do you like best about ZeroPath?

This solution is particularly interesting as it provides an innovative approach to improving security baselines by overcoming some of the limitations of pure SAST tools. The customer experience is also positive, as they are open to feature requests and see feedback being taken on and addressed. Review collected by and hosted on G2.com.

What do you dislike about ZeroPath?

In my opinion, the trade-off of working with a startup is that the product evolves rapidly and may encounter bugs. However, as a startup to startup, I actually take this positively, as it allows for a more seamless integration of the feedbacks. Review collected by and hosted on G2.com.

What problems is ZeroPath solving and how is that benefiting you?

To establish an automated security baseline in specific applications, we evaluated various solutions, including traditional Static Application Security Testing (SAST), AI SAST, and a combination of both. Our analysis revealed that ZeroPath provided the most effective outcome, identifying vulnerabilities that were beyond the capabilities of traditional SAST solutions. Review collected by and hosted on G2.com.