ZAST.AI is an AI-powered vulnerability research agent developed by a security research lab. It analyzes source code logic to identify security vulnerabilities, generates proof-of-concept (POC) exploits, and verifies exploitability automatically. Key characteristics: - Zero false positives: The agent only reports vulnerabilities it has confirmed as exploitable, eliminating the need for manual triage. - Zero manual confirmation: Findings do not require human review to validate, as the AI handles the full verification cycle. - Zero-day vulnerability discovery: The tool is capable of identifying previously unknown vulnerabilities in software. The system has disclosed 152 CVEs through its automated research process. Known targets include open-source projects such as xuxueli/xxl-job and minio/minio. ZAST.AI operates as a fully automated pipeline: from code analysis through vulnerability identification, POC creation, and exploitability verification. It is positioned as an AI agent rather than a traditional static or dynamic analysis scanner. The company is backed by Zoo Capital and Hillhouse Capital.