Cybersecurity startup Zast.AI has raised $6 million in an early-stage funding round that brings the total raised by the company to nearly $10 million.
The new financing round, which the startup says is a pre-Series A investment raise, was led by Hillhouse Capital.
Founded in 2024, Seattle-based Zast.AI relies on AI agents to identify and validate software vulnerabilities before reporting them, to eliminate false positives.
Relying on an “automated PoC generation + validation” architecture, the company performs deep code analysis, generating proof-of-concept (PoC) exploits and executing them to confirm security defects.
This ‘zero false positive’ approach, the startup says, also reduces alert fatigue and allows security teams to focus on real risks.
Zast.AI says its AI agents can identify complex semantic-level vulnerabilities, including IDOR, privilege escalation, and other business logic flaws, as well as standard syntax-level issues like SQL injection.
To date, the company has identified 127 vulnerabilities in products such as Microsoft Azure SDK, Apache Struts XWork, Koa, WordPress, and others. All findings were issued a CVE, improving the security of the open source software ecosystem, it says.
“We believe only verified vulnerabilities are worth reporting. Our vision is to build an end-to-end AI-driven security platform, enabling every development team to obtain the highest quality security assurance at the lowest cost,” Zast.AI co-founder and CEO Geng Yang said.
Related: Reco Raises $30 Million to Enhance AI SaaS Security
Related: Vega Raises $120M in Series B Funding to Grow Security Analytics Platform
Related: Backslash Raises $19 Million to Secure Vibe Coding
Related: Lema AI Emerges From Stealth With $24 Million to Tackle Third-Party Risk
