Log inSign up
ZeroPath
28 posts
user avatar
ZeroPath
@ZeroPathAI
Find and fix exploitable application security issues. For our research, check out @ZeroPathLabs
San Francisco, CA
zeropath.com
Joined May 2024
8
Following
250
Followers
  • Pinned
    user avatar
    ZeroPath
    @ZeroPathAI
    Sep 23, 2025
    ZeroPath recently helped find real bugs in curl, sudo, and some other OSS repositories. We came across @MegaManSec's independent deep dive on AI SAST tools today, in which he used ZeroPath and some other tools against targets like curl and sudo. Leveraging the tool and custom
    1.9K
  • user avatar
    ZeroPath
    @ZeroPathAI
    May 12
    Introducing Zero, our AI assistant for AppSec teams. Not a chatbot. A persistent agent built on top of our SAST, SCA, and code intelligence. Bug bounty report comes in: Zero analyzes it, proposes a fix, creates detection rules, scans the org. CVE drops: Zero checks
    00:00
    269
  • user avatar
    ZeroPath
    @ZeroPathAI
    May 12
    The results are in: a Mythos-powered scan of curl resulted in 1 low severity security vulnerability... a far cry from the ~170 issues found and fixed with ZeroPath in late 2025. This highlight two important two truths: * The "vulnpocalypse" is here already (and so far we're
    ZeroPath Outperforms Mythos In Real World Test - ZeroPath Blog
    From zeropath.com
    97
  • user avatar
    ZeroPath
    @ZeroPathAI
    May 11
    We're launching our AI Assistant Tuesday. Thursday we're live with @JamesBerthoty from @latiotech breaking down what agents actually mean for appsec teams in practice. 45 min, live demo. May 14 · 1pm EST. Register: us06web.zoom.us/webinar/regist…
    1.8K
  • user avatar
    ZeroPath
    @ZeroPathAI
    May 11
    ZeroPath Research discovered CVE-2026-39816, a high severity vulnerability in Apache NiFi. Prior to version 2.9.0, an oversight in the permission model allowed users without the EXECUTE_CODE permissions to run arbitrary code. For more details and a POC: zeropath.com/blog/nifi-cve-…
    404
  • user avatar
    ZeroPath
    @ZeroPathAI
    Apr 29
    ZeroPath discovered CVE-2026-42167 in ProFTPd, one of the internet's most popular FTP daemons. The flaw allows for auth bypass and even pre-auth RCE in some configurations. Update to 1.3.9a now! zeropath.com/blog/proftpd-c… Take a look at the blog for technical details and a
    212
  • user avatar
    ZeroPath
    @ZeroPathAI
    Apr 22
    Walkthrough: exploiting ZeroPath's new critical severity Spinnaker vulns for code execution and production environment access. (CVE-2026-32604 and CVE-2026-32613)
    Exploiting CVE-2026-32604 and CVE-2026-32613 in Spinnaker for Code Execution And Production Access
    From youtube.com
    336
  • user avatar
    ZeroPath
    @ZeroPathAI
    Apr 21
    We've discovered two critical (CVSS 10.0) flaws in the popular Spinnaker continuous delivery platform. Both allow attackers to execute arbitrary code and steal production source control and cloud credentials. MITRE has assigned the vulnerabilities CVE-2026-32604 and
    155
  • user avatar
    ZeroPath
    @ZeroPathAI
    Apr 15
    Reducing the total amount of work that hits developers in the first place comes from depth of analysis. The more context ZeroPath has about a codebase, the higher the coverage, the more it can auto-remediate before anything surfaces in a PR. Fewer findings. More
    00:00
    76
  • user avatar
    ZeroPath
    @ZeroPathAI
    Apr 13
    The current version of RAGFlow (0.24) contains an unpatched vulnerability that allows low-privilege authenticated attackers to execute arbitrary code. Blog: zeropath.com/blog/ragflow-r… POC: github.com/ZeroPathAI/rag… Video Walkthrough: youtube.com/watch?v=1F-27C…
    Unpatched RAGFlow Vulnerability Allows Post-Auth RCE - ZeroPath Blog
    From zeropath.com
    151
  • user avatar
    ZeroPath
    @ZeroPathAI
    Apr 7
    How good is Opus 4.6 by itself at vuln detection? Given raw code, a simple prompt and some tools, we found it finds about 1 in 4 simple C vulnerabilities, at the cost of a high FP rate and unstable results. zeropath.com/blog/benchmark… Requiring structured justification or using
    101
  • user avatar
    ZeroPath
    @ZeroPathAI
    Mar 19
    CrackArmor included one of 36 sudo flaws previously discovered by ZeroPath. We're releasing the whole batch today, including a POC for remote code execution in sudo logsrvd! Not all mainstream linux distributions have included patches for these issues in their sudo packages
    325
  • user avatar
    ZeroPath
    @ZeroPathAI
    Mar 4
    Fun, free exploit development CTFs based on real world CVEs, and accompanied by hints, walkthroughs and working POCs. zeropath.com/blog/zeropath-… We've distilled complex issues down to repeatable, Dockerized challenges that have the nuance of the real vulnerabilities attackers love
    00:00
    161

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up