Avast’s former CEO launches on-prem AI scanner that found every OpenSSL zero-day in 2026

At a glance:

• AISLE released Snapshot, an on‑premises AI vulnerability scanner for regulated enterprises.
• The system has already identified more than 225 CVEs, including all 12 OpenSSL zero‑days disclosed in January 2026.
• AISLE claims the solution is about 10× more cost‑efficient than Anthropic’s Mythos model and can run in air‑gapped environments.

What snapshot is and who it targets

Snapshot is the first product from AISLE, a cybersecurity startup founded by former Avast CEO Ondřej Vlcek. Launched on Tuesday, the scanner is designed to be deployed inside a customer’s private cloud, on‑premises data centre, or even a fully air‑gapped network. Because the source code and security data never leave the organisation’s control, the offering appeals to highly regulated sectors such as banks, defence contractors, and government agencies that must meet strict data‑sovereignty and compliance requirements.

The market backdrop is a sharp rise in reported CVEs for 2026, with NIST struggling to keep up. At the same time, Anthropic’s Mythos model has demonstrated that AI can locate exploitable zero‑days faster than human teams, but its limited availability leaves a gap that AISLE aims to fill with a deployable, on‑prem solution.

Results to date: 225+ CVEs and every OpenSSL zero‑day

Since its stealth launch in October 2025, AISLE’s AI engine has responsibly disclosed more than 225 vulnerabilities across a range of widely used open‑source projects. Notable findings include:

• OpenSSL – all 12 vulnerabilities released in the coordinated January 2026 update, some of which had lingered in the codebase for decades.
• Linux kernel – multiple CVEs across recent releases.
• cURL – five CVEs discovered, leading the project to adopt AISLE’s agents and accept 24 pull requests from the team.
• Apache, Mozilla, Redis, and Elastic – additional CVEs reported throughout 2026.

On the UC Berkeley vulnerability‑detection benchmark, AISLE ranked first in three categories: CVE volume, CWE breadth, and MITRE Top‑25 reach, outpacing both Google and Anthropic.

How snapshot works under the hood

Snapshot combines AI‑driven static code analysis with AI‑guided fuzzing. The pipeline first scans codebases to flag suspicious patterns, then automatically generates inputs to fuzz the identified areas. Findings are triaged and prioritised based on estimated business impact, with the company claiming a false‑positive rate of under 5 %.

Rather than relying on a single, massive foundation model, AISLE matches the right model to each task. Customers can use AISLE’s own optimised cybersecurity LLMs or plug in their existing models. This modular approach is presented as the reason for the claimed 10× cost efficiency compared with frontier models such as Anthropic’s Mythos.

The mythos context and market gap

Anthropic announced Mythos Preview in April 2026, showing that AI could identify and exploit zero‑days across major operating systems and browsers. Within its first month, Mythos uncovered over 10,000 zero‑days in Project Glasswing, a controlled‑access programme for roughly 40 technology companies. However, Mythos is not generally available, and its restricted access has left many organisations—especially in Europe—without a usable solution.

AISLE positions Snapshot as the pragmatic alternative: a product that can be installed wherever the customer needs it, without sending code to external services. This on‑premise capability is a key differentiator for entities bound by data‑locality laws.

Leadership and background

Ondřej Vlcek spent more than two decades at Avast, rising from intern to CEO before serving as president of Gen Digital after the NortonLifeLock merger. Chief operating officer Jaya Baloo, named among the world’s top 100 CISOs, previously held senior roles at Rapid7, Avast, and KPN Telecom. The founding team also includes veterans from Anthropic, Avast, and Rapid7. Funding and valuation details have not been disclosed.

Caveats and unanswered questions

AISLE’s claim of 10× cost efficiency versus Mythos and a sub‑5 % false‑positive rate are internal figures that have not been independently verified. Because Mythos is not commercially available, direct cost comparisons are difficult to substantiate. Moreover, while the UC Berkeley benchmark highlights volume and breadth, it does not assess the severity or real‑world exploitability of the discovered bugs. Finally, the announcement does not address whether on‑prem deployment could introduce latency or detection gaps compared with a cloud‑native offering.