AISLE Snapshot: On-Prem AI Scanner Found All OpenSSL Zero-Days in 2026

AISLE Snapshot: On-Prem AI Vulnerability Scanner Found All OpenSSL Zero-Days in 2026

AISLE, the cybersecurity startup founded by former Avast CEO Ondrej Vlcek, announced Snapshot on Tuesday—a product that runs its AI vulnerability scanner entirely inside a customer's private cloud, on-premises data center, or fully air-gapped network. Source code and security data never leave the organization's control.

The product targets regulated industries: banks, defense contractors, and government agencies that cannot send code to external scanning services due to data sovereignty and compliance requirements.

What AISLE Has Found

AISLE has responsibly disclosed more than 225 CVEs across widely used open-source projects: OpenSSL, Linux kernel, cURL, Apache, Mozilla, Redis, and Elastic. Its most striking result came in January 2026, when AISLE's system found all 12 vulnerabilities in the coordinated OpenSSL release, including bugs that had persisted in the codebase for decades.

The cURL project adopted AISLE after its AI agents discovered five CVEs and contributed 24 pull requests. AISLE ranks first in three categories on the UC Berkeley vulnerability-detection benchmark: CVE volume, CWE breadth, and MITRE Top-25 reach, ahead of Google and Anthropic.

How Snapshot Works

Snapshot combines AI-based static code analysis with AI-guided fuzzing to find vulnerabilities, then triages and prioritizes findings by business impact. The company claims a false positive rate under 5% and says it can map an organization's full exposure within days.

Rather than defaulting to frontier-scale models for every task, AISLE matches the right model to the right task, using its own optimized cybersecurity LLMs or a customer's existing models. The company claims this approach delivers vulnerability discovery at approximately 10 times greater cost efficiency than frontier models such as Anthropic's Mythos.

The Mythos Context

Anthropic's Mythos Preview, announced in April 2026, demonstrated that AI models can now identify and exploit zero-day vulnerabilities across every major operating system and web browser. The model found over 10,000 zero-days in its first month inside Project Glasswing, Anthropic's controlled-access program for roughly 40 technology companies.

Mythos is not generally available, and its restricted access has created a gap: the organizations most urgently needing the capability, particularly in Europe, cannot get it. AISLE's pitch is that Snapshot fills that gap with a deployable product that runs wherever the customer needs it.

The Team

Vlcek spent more than two decades at Avast, rising from intern to CEO before serving as president of Gen Digital after the NortonLifeLock merger. Chief operating officer Jaya Baloo, named among the world's top 100 CISOs, previously held senior roles at Rapid7, Avast, and KPN Telecom. AISLE emerged from stealth in October 2025 and says its founding team includes veterans of Anthropic, Avast, and Rapid7.

The company has not disclosed its funding or valuation.

The Flags

The 10x cost efficiency claim against Anthropic's Mythos and the sub-5% false positive rate are company figures that have not been independently verified. Mythos is not a commercially available product, making direct cost comparisons difficult to evaluate.

The UC Berkeley benchmark confirms AISLE's leading position in CVE discovery volume, but vulnerability detection benchmarks measure quantity and breadth of findings, not the severity or real-world exploitability of the bugs found. Whether on-premises deployment introduces latency or detection gaps compared with AISLE's cloud offering is not addressed in the announcement.

Developer Takeaways

For developers working in regulated environments, Snapshot offers a way to leverage AI-driven vulnerability detection without exposing source code. The product's ability to run air-gapped means it can be used in classified or high-security settings. If AISLE's claims hold, it could become a standard tool for enterprise security teams.

To test the scanner's capabilities, developers can request a demo from AISLE's website. The company has not released pricing or a public trial, but given the target audience, expect enterprise licensing.