Avast’s former CEO built an AI that found every OpenSSL zero-day this year. Now it runs inside air-gapped networks.

AISLE, the cybersecurity startup founded by former Avast CEO Ondrej Vlcek, launched Snapshot on Tuesday, a product that deploys its AI vulnerability scanner inside a customer’s private cloud, on-premises data centre, or fully air-gapped environment. Source code and security data never leave the organisation’s control.

The product is aimed squarely at regulated industries, banks, defence contractors, and government agencies, that face strict data sovereignty and compliance requirements preventing them from sending code to external scanning services. Reported CVEs are up sharply in 2026, with NIST struggling to keep pace with submissions, and Anthropic’s Mythos model has demonstrated that AI can find exploitable zero-days faster than human security teams.

What AISLE has found so far

AISLE has discovered and responsibly disclosed more than 225 CVEs across widely used open-source projects including OpenSSL, the Linux kernel, cURL, Apache, Mozilla, Redis, and Elastic. Its most striking result came in January 2026, when AISLE’s system found all 12 vulnerabilities in the coordinated OpenSSL release, including bugs that had persisted in the codebase for decades.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

The cURL project adopted AISLE after its AI agents discovered five CVEs and contributed 24 pull requests. AISLE ranks first in three categories on the UC Berkeley vulnerability-detection benchmark: CVE volume, CWE breadth, and MITRE Top-25 reach, ahead of Google and Anthropic.

How Snapshot works

Snapshot combines AI-based static code analysis with AI-guided fuzzing to find vulnerabilities, then triages and prioritises findings by business impact. The company claims a false positive rate under 5% and says it can map an organisation’s full exposure within days.

Rather than defaulting to frontier-scale models for every task, AISLE matches the right model to the right task, using its own optimised cybersecurity LLMs or a customer’s existing models. The company claims this approach delivers vulnerability discovery at approximately 10 times greater cost efficiency than frontier models such as Anthropic’s Mythos.

The Mythos context

Anthropic’s Mythos Preview, announced in April 2026, demonstrated that AI models can now identify and exploit zero-day vulnerabilities across every major operating system and web browser. The model found over 10,000 zero-days in its first month inside Project Glasswing, Anthropic’s controlled-access programme for roughly 40 technology companies.

Mythos is not generally available, and its restricted access has created a gap: the organisations most urgently needing the capability, particularly in Europe, cannot get it. AISLE’s pitch is that Snapshot fills that gap with a deployable product that runs wherever the customer needs it.

The team

Vlcek spent more than two decades at Avast, rising from intern to CEO before serving as president of Gen Digital after the NortonLifeLock merger. Chief operating officer Jaya Baloo, named among the world’s top 100 CISOs, previously held senior roles at Rapid7, Avast, and KPN Telecom. AISLE emerged from stealth in October 2025 and says its founding team includes veterans of Anthropic, Avast, and Rapid7.

The company has not disclosed its funding or valuation.

The flags

The 10x cost efficiency claim against Anthropic’s Mythos and the sub-5% false positive rate are company figures that have not been independently verified. Mythos is not a commercially available product, making direct cost comparisons difficult to evaluate.

The UC Berkeley benchmark confirms AISLE’s leading position in CVE discovery volume, but vulnerability detection benchmarks measure quantity and breadth of findings, not the severity or real-world exploitability of the bugs found. Whether on-premises deployment introduces latency or detection gaps compared with AISLE’s cloud offering is not addressed in the announcement.