ZeroPath
ZeroPath (YC S24) is an AI-native application security platform that delivers comprehensive code protection beyond traditional SAST. Founded by security engineers from Tesla and Google, ZeroPath combines large language models with deep program analysis to deliver intelligent security testing that finds real vulnerabilities while dramatically reducing false positives.
Unlike traditional SAST tools that rely on pattern matching, ZeroPath understands code context, business logic, and developer intent. This enables identification of sophisticated security issues including business logic flaws, broken authentication, authorization bypasses, and complex dependency vulnerabilities.
Our comprehensive security suite covers the application security lifecycle:
1. AI-powered SAST
2. Software Composition Analysis with reachability analysis
3. Secrets detection and validation
4. Infrastructure as Code scanning
5. Automated PR reviews
6. Automated patch generation
and more...
ZeroPath integrates seamlessly with GitHub, GitLab, Bitbucket, Azure DevOps and many more. The platform handles codebases with millions of lines across Python, JavaScript, TypeScript, Java, Go, Ruby, Rust, PHP, Kotlin and more.
Our research team has been successful in finding vulnerabilities like critical account takeover in better-auth (CVE-2025-61928, 300k+ weekly downloads), identifying 170+ verified bugs in curl, and discovering 0-days in production systems at Netflix, Hulu, and Salesforce.
Trusted by 750+ companies and performing 200k+ code scans monthly.
Learn more
Aikido Security
Aikido is the all-in-one security platform for development teams to secure their complete stack, from code to cloud. Aikido centralizes all code and cloud security scanners in one place.
Aikido offers a range of powerful scanners including static code analysis (SAST), dynamic application security testing (DAST), container image scanning, and infrastructure-as-code (IaC) scanning.
Aikido integrates AI-powered auto-fixing features, reducing manual work by automatically generating pull requests to resolve vulnerabilities and security issues. It also provides customizable alerts, real-time vulnerability monitoring, and runtime protection, enabling teams to secure their applications and infrastructure seamlessly.
Learn more
VibeScan
VibeScan is an innovative platform that leverages artificial intelligence to scan and rectify code, empowering developers and teams to deploy AI-generated code with assurance by automatically identifying and fixing issues that might evade manual scrutiny. Users can easily upload their code, regardless of whether it was crafted through traditional methods or generated by AI solutions like OpenAI, Claude, GitHub Copilot, or Cursor, and VibeScan conducts an in-depth analysis that addresses security weaknesses (such as exposed API keys and SQL injection vulnerabilities), performance issues, coding quality problems (including duplication and structural deficiencies), and overall readiness for deployment (which encompasses payment processing, analytics, rate limiting, and privacy policy evaluations). The results are displayed in a user-friendly dashboard, featuring scores and one-click auto-fixes to facilitate the correction process. Additionally, it accommodates extensive codebases, capable of scanning up to 500,000 lines, and seamlessly integrates with widely-used repositories and project management tools. This makes VibeScan an essential resource for teams aiming to enhance their development workflows and maintain high standards of code quality.
Learn more
GitLab
GitLab is a complete DevOps platform. GitLab gives you a complete CI/CD toolchain right out of the box. One interface. One conversation. One permission model. GitLab is a complete DevOps platform, delivered in one application. It fundamentally changes the way Security, Development, and Ops teams collaborate. GitLab reduces development time and costs, reduces application vulnerabilities, and speeds up software delivery. It also increases developer productivity. Source code management allows for collaboration, sharing, and coordination across the entire software development team. To accelerate software delivery, track and merge branches, audit changes, and enable concurrent work. Code can be reviewed, discussed, shared knowledge, and identified defects among distributed teams through asynchronous review. Automate, track, and report code reviews.
Learn more