Back to vendors
ZEST Security logo

ZEST Security

Also known as: Zest Security, ZEST

Visit site
Security / SOC agentprivateVerified 2026-07-08

Agentic AI cloud risk resolution platform whose multi agent system turns CSPM and CNAPP findings into validated, code based remediation paths, simulated on a digital twin, with read only access.

ZEST Security is an agentic AI cloud risk resolution platform that shifts security teams from flagging cloud risks to actually closing them. Its Multi-Agent AI System is a network of specialized AI agents (data fabric, root cause, risk prioritization, impact simulator, security as code, cloud policy analysis and resolution builder) that work autonomously and coordinate with each other to turn findings from CSPM, CNAPP and other tools into resolution paths that remediate and mitigate vulnerabilities and misconfigurations using code and existing controls. A data fabric agent builds a graph of the organization's technical DNA (assets, services, deployments, controls and policies); the impact simulator agent simulates patches, package updates and IaC or code fixes on a digital twin of the environment, recursively validating outcomes before any change is suggested; and a security as code agent generates replacement code aligned to the organization's infrastructure and policies. ZEST holds read only access and changes nothing directly, instead delivering context and validated resolution paths into ticketing and messaging systems so teams act while remaining in complete control. The company reports customers dismissed more than 11 million vulnerabilities and cut SOC and incident response load by more than half.

Vendor details

Canonical URL

https://www.zestsecurity.io/

Category

Security / SOC agent

Funding status

$5M seed (July 2024) from Hanaco Ventures, Silvertech Ventures and angel investors. Founded November 2023.

Company status

private

Use cases & customers

Primary use cases

Autonomous cloud risk remediationVulnerability and misconfiguration mitigationRoot cause analysis and prioritizationSecurity as code fixes

Target customers

Cloud security teamsDevOps and platform teamsEnterprises with large cloud risk backlogs

Deployment options

SaaSCloud connected read only

Integrations

Natively integrates with cloud providers AWS, Azure and GCP, cloud security solutions such as CNAPP and CSPM, and DevOps systems including Terraform, CloudFormation, Pulumi and ARM, plus ticketing and messaging platforms. Available on AWS Marketplace. Holds read only access to the cloud environment.

Capability coverage

9.0 / 14 capabilities · 64%

Integrations & Tool CallingNatively integrates with AWS, Azure and GCP, CNAPP and CSPM tools, DevOps systems (Terraform, CloudFormation, Pulumi, ARM) and ticketing and messaging platforms, and is on AWS Marketplace (zestsecurity.io meet-the-product, code-to-cloud blog). Full
Workflow OrchestrationA Multi-Agent AI System of specialized agents works autonomously and coordinates to run remediation end to end from finding to resolution path (zestsecurity.io, GlobeNewswire RSAC 2025). Full
Knowledge Grounding & RAGA data fabric agent builds a graph and structure database of the organization's technical DNA (assets, services, deployments, controls and policies) that grounds every resolution (zestsecurity.io meet-the-product). Full
Human Oversight & GuardrailsZEST holds read only access and changes nothing directly; it delivers context and validated resolution paths so teams act while remaining in complete control (zestsecurity.io meet-the-product). Full
Security, Identity & GovernanceA security product by design: read only least privilege access, policy aware resolution correlated against cloud security policies, generating fixes aligned to organization policy (zestsecurity.io, ZEST AI Agents). Full
Observability & AuditabilityUnifies risks across the stack with prioritized resolution paths and root cause tracing, but agent level audit trails were not emphasized this session (zestsecurity.io risk-resolution, meet-the-product). Partial
Memory & State PersistenceThe data fabric graph and digital twin persist a model of the environment across analyses, though long term agent memory was not detailed (zestsecurity.io meet-the-product). Partial
Deployment & Data ResidencyDeploys in minutes as a SaaS platform with read only connection to the customer cloud; self host or residency options were not documented (zestsecurity.io code-to-cloud blog). Partial
Prebuilt Agents / Templates / PacksShips a library of specialized prebuilt agents (data fabric, root cause, risk prioritization, impact simulator, security as code, cloud policy analysis, resolution builder, AI Sweeper) (zestsecurity.io ZEST AI Agents). Full
Triggers & Channel CoverageNew findings from the security stack drive continuous analysis, and resolutions are delivered into ticketing and messaging channels; a single security domain rather than broad channel coverage (zestsecurity.io meet-the-product). Partial
Model Flexibility & RoutingThe platform uses LLMs and agentic AI, but the underlying model is not disclosed and no customer model selection was documented (zestsecurity.io). Unable to verify
APIs / SDKs / MCP ExtensibilityIntegrates inbound with clouds and DevOps tools, but no public API, SDK or MCP for building on ZEST was documented this session (zestsecurity.io). Unable to verify
Testing, Debugging & OptimizationThe impact simulator agent simulates every fix on a digital twin of the environment and recursively validates the outcome before suggesting changes (zestsecurity.io meet-the-product, ZEST AI Agents). Full
Browser / Computer-useNo browser or computer use capability; ZEST operates on cloud and code artifacts (zestsecurity.io). Unable to verify

Recent platform changes

No recent material changes tracked yet.

Pricing

No public pricing; free trial in the customer's own environment and a free remediation assessment, with paid enterprise pricing through sales and availability on AWS Marketplace.

enterprise platform license, likely scoped to the cloud estate

Public — partialLow variable costTrial available

Cost watchouts

Value depends on the coverage of connected CSPM and CNAPP tools; thin finding coverage reduces what ZEST can resolve at any price.

Variable cost rationale

Read only platform with no documented usage meter; scope is defined by the cloud estate under management.

Sales call required

Yes — required for paid access

Free / trial

Free trial in your own environment plus a free remediation assessment

Lowest paid plan

None public; contact sales or AWS Marketplace

Key ambiguities

No public rates; a free trial and assessment exist but production pricing and its scaling axis are not disclosed.

Verified 2026-07-08

Contact us

Found a vendor we missed? Have feedback on the index? We'd love to hear from you.