As artificial intelligence accelerates the pace of software development, cybersecurity teams are facing a growing challenge: protecting complex applications that are evolving faster than traditional security tools can keep up. In response to this shift, Escape, an offensive security engineering platform, has raised $18 million in Series A funding to expand its AI powered approach to identifying and resolving vulnerabilities in live software environments.
The investment round was led by Balderton and included participation from Uncorrelated Ventures as well as existing investors IRIS and Y Combinator. The funding will support the continued development of Escape’s platform and help the company expand its engineering and commercial teams as it targets enterprise customers across the United States and Europe.
The growing challenge of securing modern applications
Modern software development cycles have accelerated significantly as organisations adopt artificial intelligence driven coding tools and automated deployment pipelines. While these technologies increase productivity, they also introduce new security risks.
The time between deploying code and discovering exploitable vulnerabilities has become increasingly short. Attackers can often identify weaknesses in applications shortly after they go live, particularly when systems contain complex integrations, authentication workflows or business logic that may not be fully tested during development.
Traditional application security tools have focused primarily on scanning code within developer environments before it is deployed. However many security risks only emerge when applications operate in real world production environments where multiple systems interact and configurations change over time.
Escape was founded to address these limitations by focusing on security within live systems rather than relying solely on pre deployment scanning tools.
Building an offensive security engineering platform
Escape was founded by Tristan Kalos and Antoine Carossio with the goal of rethinking how organisations approach application security. The company describes its approach as offensive security engineering, which combines automated testing with simulated attack techniques to identify vulnerabilities before malicious actors can exploit them.
Instead of relying on manual penetration testing or legacy scanning tools, Escape uses artificial intelligence driven agents to continuously analyse applications and detect potential weaknesses.
These agents are designed to automate tasks traditionally carried out by security teams, including discovering an organisation’s attack surface, testing applications for vulnerabilities and assisting developers with remediation.
By embedding these capabilities directly within engineering workflows, the platform aims to reduce the time required to identify and fix security issues.
AI agents operating in live environments
One of the key aspects of Escape’s technology is its ability to analyse applications within production environments. The platform’s AI agents simulate attacker behaviour by interacting with live systems and identifying vulnerabilities related to application logic, data exposure or configuration issues.
This approach allows security teams to identify risks that may not appear during development or testing phases. For example, authentication flows, third party integrations and business logic vulnerabilities often only become visible once an application is operating at scale.
The platform then helps engineering teams move from vulnerability detection to resolution more quickly by providing remediation support within existing development workflows.
Escape’s founders believe that automating these processes is essential as the scale and complexity of modern software systems continues to grow.
Insights from real world vulnerability analysis
To illustrate the scale of the problem, Escape recently analysed thousands of publicly available applications generated using automated coding tools. According to the company’s research, its platform identified more than 2,000 high impact vulnerabilities across 5,600 live applications.
Among these findings were 175 cases involving exposure of personal data, including instances where sensitive credentials were publicly accessible. All of these vulnerabilities were discovered in production environments and could be detected within a relatively short timeframe.
The analysis highlights the growing security risks associated with rapidly generated software and reinforces the need for continuous security monitoring after applications are deployed.
Expanding the platform and global presence
With the new funding, Escape plans to expand the capabilities of its AI agent platform, including tools designed to analyse application logic during automated penetration testing.
The company will also invest in growing its engineering team and strengthening its go to market strategy as it seeks to serve enterprise customers dealing with increasingly complex software infrastructures.
As organisations continue to adopt AI driven development tools, Escape aims to position its platform as a new approach to application security. By automating offensive security processes and embedding them directly into engineering workflows, the company hopes to help organisations protect their systems in an environment where both software creation and cyber threats are evolving at unprecedented speed.