APIs (application programming interfaces) are the hidden framework that is fueling the modern economy of the digital world – they are the enablers for almost every service, such as payments, healthcare operations, banking, logistics, and retail, that people access online on a daily basis. However, as organizations expose their internal systems through APIs more and more, the attackers have also followed this trend. In the year 2025 only, API-related security breaches have cost businesses worldwide around $200 billion as per industry analyses, since the exposed endpoints have contributed to data leaks, account takeovers, and the disruption of mission-critical applications.
Equixly a startup located in Florence – feels that the answer is in a new type of security that is proactive, autonomous, and based on “agentic” AI – AI systems that in a human attacker-like manner can independently explore, reason, and act. Now, the company raised a €10 million Series A to speed up that goal. 33N Ventures led the round, and Alpha Intelligence Capital, JME Ventures, 360 Capital, and the Fondazione Cassa di Risparmio di Firenze also contributed.
Simulating Human Hackers With Agentic AI
The company, which was established in 2022 by brothers Mattia and Alessio Dalla Piazza, Equixly produces AI autonomous agents that indefinitely audit corporate APIs for security loopholes and logic errors. Instead of depending on preset rules or pattern recognition, the system is a highly intelligent penetration tester in essence: it charts each API, recreates workflows, and investigates edge cases which standard Dynamic Application Security Testing (DAST) tools are silent on.
CEO and co-founder Mattia Dalla Piazza reveals that the firm’s coming is a result of the long period of off and on fights they have witnessed organisations take against fragmented, mostly reactive security approaches.
“We all three have nearly 20 years of combined experience in tech and cybersecurity — actually, we have been working on security together since our high school days,” Mattia shares with TFN. “While we were managing our security firm in 2022, it became obvious to us that most of the clients badly needed API security testing. Existing solutions could not test at scale or integrate into fast-moving development pipelines.”
Equixly’s platform functions by utilizing a swarm of AI agents who think on their feet about the API functions. The models study data flows, permissions, and business logic to locate vulnerabilities even to the point of breaking access control or wrongly configuring authentication paths — hard as detection for automated scanners. The company asserts that it can uncover up to 80% of the vulnerabilities that the standard DAST tools cannot find while the false positive rate is less than 1%, which is a significant developer adoption benchmark.
Standing Out in a Crowded API Security Market
API security has been recognized as one of the fastest evolving areas in cybersecurity, with companies such as Salt Security, Noname Security, and 42Crunch that have attracted investor money running into hundreds of millions in the last couple of years. Most tools, however, mainly position themselves as runtime monitors or threat detectors, and thus they only detect issues after deployment, rather than run deep continuous pre-deployment testing.
Equixly sets itself apart by delivering a “developer-first” platform that is created for integration across the software development lifecycle (SDLC). Its agents operate in Equixly’s environment to guarantee customer data confidentiality, and the system automatically locates shadow APIs — one of the most frequent sources of very recent breaches.
“We work with different AI models that understand API behavior, dataflows, and business logic,” Mattia reveals. “This gives us the capability of uncovering complex logic-based vulnerabilities that most tools overlook and at the same time doing it non-stop.”
Fueling Research, Expansion, and a UK Hub
The €10 million Series A will help Equixly expand its AI research team, deepen enterprise DevSecOps tool integrations, and continue fine-tuning its proprietary models. The firm also intends to set up a UK sales and marketing office in the early part of 2026 to cater to increasing international demand.
Apart from that, the long-term plan features transforming Equixly into a complete AI-powered DevSecOps platform beyond just API security. It would mean the combination of application security testing, automated reasoning, and agentic penetration testing at a large scale.
“Our plan is to make Equixly the number one AI-first platform for application security and then take it to the rest of the world,” Mattia states. The company is set to increase its customer success and engineering staff, broaden its reach in domestic enterprise markets, and work toward becoming what Mattia calls a “future Agentic AI DAST platform” level.
A Sector Under Pressure
Things have turned out quite well for them. The attack surface is increasing rapidly as businesses open more APIs to partners, mobile apps, and backend services. According to Gartner, by 2026, 80% of data breaches will be associated with APIs, thus making automated and continuous testing a must-have rather than a nice-to-have.
Equixly’s strategy is about bringing hacker-level scrutiny into the development process, well before the attackers get their hands on the weaknesses. Supported by fresh funds and rising worldwide API security demand, the firm is gearing itself up for a leading role in the rapidly intensifying cybersecurity arms race.
