ZeroPath launches Zero, an AI agent that runs your entire app security program

ZeroPath today announced Zero, the first AI agent designed to run an entire application security program from end to end. Unlike static dashboards or chatbots, Zero is a persistent colleague that lives inside a company's Slack workspace—receiving DMs, responding to mentions, and acting on real-time conversations. It builds and manages policies, workflows, approval chains, and escalation logic using plain English instructions, with zero configuration code required. Over time, Zero self-improves by learning from scan results, making its recommendations sharper without additional input.

Zero handles critical scenarios autonomously: when a new CVE drops, it coordinates response across developers and repos, drafts upgrade PRs, follows up in Slack, and manages disclosure timelines. If a finding sits unacknowledged past an SLA, Zero escalates to the CISO with full context of what was tried and who was notified. It also proactively monitors on schedules—detecting exposures, setting SLAs, routing notifications, and even preparing customer-facing assessments. False positives trigger adaptive workflows that correlate reports and refine detection rules, subject to team approval. ZeroPath also unveiled complementary updates: SAST V2 lowers false positives, a reasoning layer called Preconditions makes every assumption explicit, and MCP lets ZeroPath operate inside existing tools. The platform is founded by former Tesla and Google security engineers.