ZEST Security
Also known as: Zest Security, ZEST
Agentic AI cloud risk resolution platform whose multi agent system turns CSPM and CNAPP findings into validated, code based remediation paths, simulated on a digital twin, with read only access.
ZEST Security is an agentic AI cloud risk resolution platform that shifts security teams from flagging cloud risks to actually closing them. Its Multi-Agent AI System is a network of specialized AI agents (data fabric, root cause, risk prioritization, impact simulator, security as code, cloud policy analysis and resolution builder) that work autonomously and coordinate with each other to turn findings from CSPM, CNAPP and other tools into resolution paths that remediate and mitigate vulnerabilities and misconfigurations using code and existing controls. A data fabric agent builds a graph of the organization's technical DNA (assets, services, deployments, controls and policies); the impact simulator agent simulates patches, package updates and IaC or code fixes on a digital twin of the environment, recursively validating outcomes before any change is suggested; and a security as code agent generates replacement code aligned to the organization's infrastructure and policies. ZEST holds read only access and changes nothing directly, instead delivering context and validated resolution paths into ticketing and messaging systems so teams act while remaining in complete control. The company reports customers dismissed more than 11 million vulnerabilities and cut SOC and incident response load by more than half.
Vendor details
Canonical URL
https://www.zestsecurity.io/
Category
Security / SOC agent
Funding status
$5M seed (July 2024) from Hanaco Ventures, Silvertech Ventures and angel investors. Founded November 2023.
Company status
private
Use cases & customers
Primary use cases
Target customers
Deployment options
Integrations
Natively integrates with cloud providers AWS, Azure and GCP, cloud security solutions such as CNAPP and CSPM, and DevOps systems including Terraform, CloudFormation, Pulumi and ARM, plus ticketing and messaging platforms. Available on AWS Marketplace. Holds read only access to the cloud environment.
Sources & related URLs
Research sources
Capability coverage
9.0 / 14 capabilities · 64%
| Integrations & Tool CallingNatively integrates with AWS, Azure and GCP, CNAPP and CSPM tools, DevOps systems (Terraform, CloudFormation, Pulumi, ARM) and ticketing and messaging platforms, and is on AWS Marketplace (zestsecurity.io meet-the-product, code-to-cloud blog). | Full |
|---|---|
| Workflow OrchestrationA Multi-Agent AI System of specialized agents works autonomously and coordinates to run remediation end to end from finding to resolution path (zestsecurity.io, GlobeNewswire RSAC 2025). | Full |
| Knowledge Grounding & RAGA data fabric agent builds a graph and structure database of the organization's technical DNA (assets, services, deployments, controls and policies) that grounds every resolution (zestsecurity.io meet-the-product). | Full |
| Human Oversight & GuardrailsZEST holds read only access and changes nothing directly; it delivers context and validated resolution paths so teams act while remaining in complete control (zestsecurity.io meet-the-product). | Full |
| Security, Identity & GovernanceA security product by design: read only least privilege access, policy aware resolution correlated against cloud security policies, generating fixes aligned to organization policy (zestsecurity.io, ZEST AI Agents). | Full |
| Observability & AuditabilityUnifies risks across the stack with prioritized resolution paths and root cause tracing, but agent level audit trails were not emphasized this session (zestsecurity.io risk-resolution, meet-the-product). | Partial |
| Memory & State PersistenceThe data fabric graph and digital twin persist a model of the environment across analyses, though long term agent memory was not detailed (zestsecurity.io meet-the-product). | Partial |
| Deployment & Data ResidencyDeploys in minutes as a SaaS platform with read only connection to the customer cloud; self host or residency options were not documented (zestsecurity.io code-to-cloud blog). | Partial |
| Prebuilt Agents / Templates / PacksShips a library of specialized prebuilt agents (data fabric, root cause, risk prioritization, impact simulator, security as code, cloud policy analysis, resolution builder, AI Sweeper) (zestsecurity.io ZEST AI Agents). | Full |
| Triggers & Channel CoverageNew findings from the security stack drive continuous analysis, and resolutions are delivered into ticketing and messaging channels; a single security domain rather than broad channel coverage (zestsecurity.io meet-the-product). | Partial |
| Model Flexibility & RoutingThe platform uses LLMs and agentic AI, but the underlying model is not disclosed and no customer model selection was documented (zestsecurity.io). | Unable to verify |
| APIs / SDKs / MCP ExtensibilityIntegrates inbound with clouds and DevOps tools, but no public API, SDK or MCP for building on ZEST was documented this session (zestsecurity.io). | Unable to verify |
| Testing, Debugging & OptimizationThe impact simulator agent simulates every fix on a digital twin of the environment and recursively validates the outcome before suggesting changes (zestsecurity.io meet-the-product, ZEST AI Agents). | Full |
| Browser / Computer-useNo browser or computer use capability; ZEST operates on cloud and code artifacts (zestsecurity.io). | Unable to verify |
Recent platform changes
No recent material changes tracked yet.
Pricing
No public pricing; free trial in the customer's own environment and a free remediation assessment, with paid enterprise pricing through sales and availability on AWS Marketplace.
enterprise platform license, likely scoped to the cloud estate
Cost watchouts
Value depends on the coverage of connected CSPM and CNAPP tools; thin finding coverage reduces what ZEST can resolve at any price.
Variable cost rationale
Read only platform with no documented usage meter; scope is defined by the cloud estate under management.
Sales call required
Yes — required for paid access
Free / trial
Free trial in your own environment plus a free remediation assessment
Lowest paid plan
None public; contact sales or AWS Marketplace
Key ambiguities
No public rates; a free trial and assessment exist but production pricing and its scaling axis are not disclosed.
Related vendors
- 7AI — Swarming agentic SOC from the Cybereason founders: sixty plus domain…
- Airrived — Agentic OS that unifies SOC, GRC, IAM, vulnerability management, IT,…
- Assail — Autonomous red teaming platform (Ares) whose AI agents discover,…
- Astelia — AI native exposure management platform from Israeli National Red…
- Capsule Security — Runtime security layer for AI agents that detects and blocks unsafe…
- Clutch Security — Universal non human identity security platform that discovers,…