ITTech Pulse Exclusive Interview with Dean Valentine, CEO and Co-founder of ZeroPath

Dean Valentine, CEO and Co-Founder of ZeroPath, discusses how AI-native security is helping organizations automate application security and stay ahead of emerging threats.

You earned your OSCP as a teenager and openly admit to breaking into systems you had no business being in. How does that adversarial, offensive mindset directly shape how you build defensive security products today?

I think it primarily leaves me in a quest for increasing the generality of the solution you offer. First party code vulnerabilities are only a fraction of the attack surface of an organization overall, and we’re constantly trying to update our offering to prevent it from other threats.

Your previous company Mevlink was in low-latency DeFi trading infrastructure – a completely different world. What made you pivot into application security, and was there a specific moment that made the opportunity feel impossible to ignore?

Read More: ITTech Pulse Exclusive Interview with Prabhu Ramachandran, Co-Founder & CEO of Facilio

Well, my cofounders’ background & my background is in information security. The primary thing that made it difficult to ignore was the feeling in 2024 that language models were going to be good enough to do autonomous exploitation of software.

ZeroPath hit 200,000 scans monthly across 1,000-plus organizations before its second birthday. That adoption speed is unusual even for YC companies. What specific pain were security teams in so badly that they moved this fast?

The simple answer is scale. Application security teams didn’t scale ten years ago, and they certainly don’t scale today—the average security-to-developer ratio is about one to one hundred, and nearly half of all code is now AI-generated. Teams are overwhelmed by alert fatigue and traditional scanners that generate enormous quantities of non-actionable findings. ZeroPath provides a critical and immediate relief by automating the entire AppSec workflow, allowing engineering teams to focus on fixing real vulnerabilities instead of manually triaging scanner noise.

Zero lives inside Slack, learns your environment, and runs AppSec autonomously. You’ve called it a colleague, not a chatbot. What does Zero actually do when a critical CVE drops at 2 AM that no human analyst realistically Can?

Primarily act with haste. When a critical CVE drops, Zero autonomously ingests context from the entire security and development environment—the CVE details, code repositories, and infrastructure context. It continuously performs the manual work: triaging the alert, confirming exploitability, generating the fix, opening the pull request, and coordinating remediation, all without human intervention being strictly necessary.

Read More: ITTech Pulse Exclusive Interview with Michael Campell, Chief Product Officer, Hyland

Every security vendor promises fewer false positives. You claim 75% reduction. But those promises rarely to survive enterprise-scale deployments. What is structurally different about how ZeroPath reasons about code that makes that number actually hold up?

The difference is being AI-native from the ground up, not “AI-powered.” Most tools run a traditional rule-based scanner and then use an LLM for triage—they just added a filter. ZeroPath spawn’s frontier agents that analyze the codebase directly, performing AST-based analysis, reasoning about routes, building threat models, and tracing data flows, just as a skilled security researcher would. This approach is necessary to find hard-to-detect business logic flaws and structurally eliminates the enormous noise generated by traditional pattern-matching techniques.

AI coding assistants are generating code faster than any security team can review. Research shows AI-written code introduces flaws at scale. Is ZeroPath actually keeping pace with that problem, or are defenders structurally andpermanently behind?

Defenders are structurally and permanently behind if they rely on legacy tools that cannot reason about code. ZeroPath was built on the premise that security must learn to understand AI-written code. We keep pace by being an AI-native engine designed for this scale. We automate the entire security workflow—from scanning hundreds of thousands of codebases weekly to generating and coordinating fixes—acting as an AI AppSec engineer to scale security far beyond the capability of human teams alone.

When zero autonomously escalates to a CISO, drafts upgrade PRs, or manages disclosure timelines and gets it wrong in production – who is accountable? How do you think about the liability that comes with agentic security decisions?

ZeroPath is designed to act with exactly as much independence as the customer wants to give it. We build the system with gated remediation, audit trails, confidence thresholds, and reviewability. An agent can suggest or open a fix only when evidence and confidence criteria align. The AppSec leader or CISO is ultimately accountable for setting the autonomy boundaries and reviewing the resulting evidence, but the platform ensures they have the data and controls necessary for that oversight.

For AppSec leaders in the second half of 2026, overwhelmed by alert fatigue, AI- generated code volume, and shrinking budgets – what is the one operational shift they absolutely must make before the gap with attackers becomesunrecoverable?

The single required shift is moving to AI-native, closed-loop automation. The traditional model—relying on a collection of scanners that require massive manual triage—is fundamentally broken and cannot scale against AI-generated code volume. AppSec leaders must replace this model with an AI system like ZeroPath that acts as an autonomous engineer, automating detection, triage, confirmation, remediation, and coordination across the entire stack. This is the only way to close the unrecoverable gap.

Thank you, Dean, for taking the time to share your insights with us.

Write to us [⁠wasim.a@demandmediaagency.com] to learn more about our exclusive editorial packages and programmes.