Escape,
an offensive security engineering platform, has raised $18 million in a Series A funding round to develop AI agents designed to automate the security lifecycle. The
round was led by Balderton, with participation from Uncorrelated Ventures and
existing investors IRIS and Y Combinator.
Advances
in AI have shortened the time between code deployment and the exploitation of software vulnerabilities. While recent industry efforts have focused on securing code
within developers’ environments, many security risks arise in live systems
where configurations, integrations, authentication flows, and business logic
operate in production.
Escape
was founded by Tristan Kalos(CEO) and Antoine Carossio(CTO) to address
limitations in traditional application security models. The company aims to replace legacy
scanners and manual offensive security processes with AI agents designed to
automate security testing and remediation across the development lifecycle.
The
platform focuses on what it describes as offensive security engineering, an approach that uses AI agents to identify, test, and remediate
vulnerabilities directly within engineering workflows. Escape’s agents automate
tasks such as attack surface discovery, continuous security testing, and
remediation support, helping teams move more quickly from vulnerability
detection to resolution while reducing operational overhead.
Security
teams are outnumbered and managing siloed, manual processes. In a world where
code is written and attacked at the speed of AI, this approach is no longer
sustainable. We are building Escape as an offensive security engineering
platform designed to address this challenge at scale.
said Tristan Kalos, CEO
and co-founder of Escape.
Escape’s
AI agents are designed to operate in live environments, simulating attacker
behaviour to identify potential logic flaws and data exposure risks and support
remediation before they can be exploited.
In a
recent analysis, Escape reported identifying more than 2,000 high-impact
vulnerabilities across 5,600 publicly available applications generated using automated coding tools. These included 175 cases involving exposure of personal
data, with some instances revealing multiple sensitive credentials. According
to the company, all of the identified vulnerabilities were present in live
production systems and could be discovered within a short timeframe.
The new funding will support further development of the platform’s
AI agent capabilities, including tools designed to analyse application logic
during penetration testing, as well as the expansion of engineering and go-to-market teams as Escape targets enterprise customers in the US
and Europe.