Redpath finds exploitable bugs in code your existing SAST and SCA tools miss. Every finding is validated by an LLM before it reaches you. Zero false positives in what we ship.
The pipeline rotates across the latest frontier models (Anthropic, OpenAI, Google) plus our own custom-trained per-CWE validators. Built to scale cost-effectively to large enterprise monorepos with 100M+ lines of code.
Native support for COBOL, ABAP, PL/SQL, VB.NET, C/C++, and Java, alongside modern stacks (Python, Go, TypeScript).
We're reproducing the same class of bug Anthropic Mythos surfaced for a fraction of the token spend: the 27-year-old OpenBSD TCP SACK kernel flaw and the SQLite logic bugs that 150 CPU-hours of fuzzing missed. We have also found high-severity CVEs (CVSS 9.0+) in widely-used enterprise software, currently in coordinated disclosure.
We've spent careers shipping enterprise code and breaking into it. Redpath is what we wanted at every previous job.
Beta access
We're taking a small number of beta testers. If you've got a codebase you'd like us to look at, tell us about it below.