AISLE Snapshot brings AI vulnerability scanning to premises

AISLE, the cybersecurity startup founded by former Avast CEO Ondrej Vlcek, launched Snapshot on Tuesday, a product that embeds its AI vulnerability scanner inside a customer’s private cloud, on-premises data center, or completely air-gapped environment. Source code and security data never leave the organization’s control.

The product is aimed squarely at regulated industries, banks, defense contractors, and government agencies, which face strict data and compliance requirements that prevent them from sending code to external scanning services. Reported CVEs are on the rise by 2026, NIST is struggling to keep up with postings, and Anthropic’s Mythos model has shown that AI can find exploitable zero days faster than human security teams.

AISLE’s findings so far

AISLE has found and responsibly disclosed more than 225 CVEs across widely used open source projects including OpenSSL, the Linux kernel, cURL, Apache, Mozilla, Redis, and Elastic. Its most dramatic result came in January 2026, when the AISLE program found all 12 vulnerabilities in the integrated release of OpenSSL, including bugs that had persisted in the codebase for decades.

The cURL project adopted AISLE after its AI agents found five CVEs and contributed 24 pull requests. AISLE ranks first in three categories in UC Berkeley’s vulnerability discovery benchmark: CVE volume, CWE scope, and MITER Top-25 reach, ahead of Google and Anthropic.

How the summary works

Snapshot combines AI-based static code analysis with AI-guided brushing to detect vulnerabilities, then evaluates and prioritizes findings for business impact. The company says it has a false positive rate of less than 5% and says it can fully identify an organization within days.

Rather than switching to boundary-scaling models for every job, AISLE matches the right model to the right job, using its advanced cyber security LLMs or the customer’s existing models. The company says this method delivers vulnerability detection about 10 times more efficiently than borderline models like Anthropic’s Mythos.

The essence of the Mythos

Anthropic’s Mythos Preview, announced in April 2026, showed that AI models can now identify and exploit zero-day vulnerabilities in every major operating system and web browser. The model received more than 10,000 zero days in its first month within Project Glasswing, Anthropic’s controlled access program for about 40 technology companies.

Mythos is rarely available, and its limited access has created a gap: organizations that urgently need power, especially in Europe, cannot find it. AISLE’s point is that Snapshot fills that gap with a versatile product that works wherever the customer needs it.

The group

Vlcek spent more than two decades at Avast, rising from intern to CEO before serving as president of Gen Digital after the NortonLifeLock merger. Chief operating officer Jaya Baloo, named among the world’s top 100 CISOs, previously held senior roles at Rapid7, Avast, and KPN Telecom. AISLE emerged from hiding in October 2025 and claims its founding team includes veterans of Anthropic, Avast, and Rapid7.

The company did not disclose its funding or valuation.

Flags

The 10x cost-effectiveness claim against Anthropic’s Mythos and 5% false positives are company figures that have not been independently verified. Mythos is not a retail product, making it difficult to compare exact costs.

The UC Berkeley benchmark confirms AISLE’s leading position in CVE discovery volume, but vulnerability discovery benchmarks measure the quantity and scope of discoveries, not the severity or real-world exploitability of the bugs discovered. Whether on-premise deployments present delays or adoption gaps compared to AISLE’s cloud offerings is not addressed in the announcement.