The persistent AI agent works inside Slack, builds custom workflows in plain English, and gets smarter over time as it learns an organization’s security environment
ZeroPath, the AI-native application security platform that autonomously finds, verifies, and fixes exploitable vulnerabilities, announced the launch of Zero, a persistent AI agent that fully integrates into company security teams to build and manage the organization’s entire application security program. Zero operates autonomously inside the tools teams already use, including living natively inside a Slack workspace, where it can receive direct messages, respond to mentions in security channels, and act on real-time conversations.
Also Read: CIO Influence Interview with Kyle Wickert, Field CTO at AlgoSec
“Zero is not a chatbot or dashboard. It’s a colleague that learns, acts based on policies and prior decisions, and builds workflows.” – Dean Valentine, CEO of ZeroPath.
“Security teams have spent years working around the limitations of static tools that don’t understand their environment and can’t adapt to how their organization actually operates,” said Dean Valentine, CEO of ZeroPath. “Zero is not a chatbot or dashboard. It’s a colleague that learns, acts based on policies and prior decisions, and builds workflows in plain English, without any custom development, so teams can prioritize the work that requires human judgment.”
Zero builds and manages an organization’s policies, workflows, approval chains, and escalation logic based on plain English instructions, with no configuration code required. Over time, Zero builds an increasingly precise understanding of the organization’s environment, so its actions and recommendations improve without any additional input.
Andrea Cappa, Security Lead at Aptos Labs, evaluated Zero and commented, “What stood out to me is the self-improvement loop you get on the platform. The assistant tunes your custom rules based on scan results, so the setup actually gets sharper over time.”
Zero handles the scenarios that keep security teams up at night. When a critical CVE drops, Zero doesn’t just flag reachability. It coordinates the response across developers and repos, drafts upgrade PRs, follows up in Slack, and manages external disclosure timelines. When a critical finding sits unacknowledged past an SLA threshold, Zero escalates to the CISO with full context: what’s been tried, who was notified, and why it’s still open, rather than standing static as just another alert in a queue. When an auditor asks how the organization handled a specific vulnerability, Zero assembles the complete trail from detection through remediation without anyone digging through tickets.
Zero also operates proactively, on schedules and triggers, without waiting to be prompted. When a new CVE drops for a dependency in the organization’s stack, Zero doesn’t wait for someone to open a ticket. It detects the exposure, drafts incident documentation, sets SLAs, routes notifications to the right stakeholders, and prepares customer-facing assessments of exploitability and available mitigations. When false positives are flagged, Zero builds adaptive workflows on top: correlating similar reports, refining detection rules using organizational knowledge, and routing refinements to the security team for approval.
Zero is the flagship product in a comprehensive platform expansion from ZeroPath, which features a suite of solutions that deliver a complete AI-native scanning experience, including: the ability to significantly lower false positives with SAST V2; a reasoning layer called Preconditions that makes every assumption explicit; MCP, an accessibility-from-anywhere feature so ZeroPath can operate inside tools teams already use; and Custom Reports, which enables security teams and CISOs to understand and communicate their security posture without manual work.
Catch more CIO Insights: The CIO as a Value Creator: Moving Beyond Cost Centers to Revenue Drivers
[To share your insights with us, please write to psen@itechseries.com ]
