Escape raises $18M to replace pen-testers with AI agents for offensive security testing

Escape raises $18M to replace pen-testers with AI agents

The timing is not coincidental. In October 2025, Escape published research that scanned more than 5,600 publicly deployed applications built with vibe coding platforms, tools like Lovable, Base44, and Bolt.new that let non-developers build and ship apps by describing what they want in plain English. The results were stark: over 2,000 high-impact vulnerabilities, hundreds of exposed secrets, and cases of personal data sitting exposed in live production systems, accessible to anyone who knew where to look. That research made the pitch for Escape's $18 million Series A almost write itself. The round was led by Balderton Capital, with participation from new investor Uncorrelated Ventures and existing backers IRIS and Y Combinator. It brings the company's total funding to $23 million since its founding in 2020. Escape was founded in New York by Tristan Kalos (CEO) and Antoine Carossio (CTO), two French engineers who met at UC Berkeley. Kalos had a background in machine learning; Carossio had worked in cybersecurity for the French government before joining Apple as a machine learning researcher. Their founding thesis was simple and uncomfortable: traditional security tools were built for a world where code was written slowly, reviewed carefully, and deployed on a predictable schedule. That world no longer exists. "Security teams are outnumbered and managing siloed, manual processes," Kalos said in a statement. "In a world where code is written and attacked at the speed of AI, this approach is no longer sustainable." Escape's platform describes itself as "offensive security engineering", a deliberate choice of words. Rather than waiting for vulnerabilities to be reported after deployment, its AI agents actively simulate attacker behaviour against live systems: mapping attack surfaces, generating proof-of-exploitation to demonstrate exactly how a flaw can be triggered, then proposing contextualised fixes and providing reproduction steps so security teams can verify that the patch hasn't introduced new problems. The emphasis on live environments, rather than code repositories, is central to the company's argument. Many security risks only emerge when configurations, authentication flows, and business logic are running in production, not in a developer's local environment. The platform integrates into engineering workflows via CI/CD pipelines, meaning vulnerabilities can surface before code reaches users rather than after. It is a model that has found traction: Escape claims more than 100 enterprise customers and month-on-month revenue growth of 15% or more. Balderton partner Suranga Chandratillake, who led the deal, described the investment as a bet on structural change rather than incremental improvement. "The days of pen-testing being a sporadic, manually driven process are over," he said. "As the number of software developers, both human and agentic, explodes, security teams find themselves with an impossible dilemma: rely on legacy scanners, knowing they do not have the quality of pen-testing, or continue to work with manual offensive security teams and fail to scale to the volume of code being written." The new funding will be used to roughly double the 32-person team over the coming year and expand enterprise go-to-market operations across the US and Europe. Kalos has said the team already reflects an unusual degree of diversity for a security startup, 30% female, more than 12 nationalities, and intends to maintain that as it scales.

Escape raises $18M to expand AI agent platform for offensive security testing - SiliconANGLE

Escape raises $18M to expand AI agent platform for offensive security testing Offensive security engineering platform startup Escape Technologies SAS announced today that it has raised $18 million in new funding to expand its artificial intelligence-agent security platform, including developing agentic penetration testing capabilities and scaling up its engineering and enterprise go-to-market teams in the U.S. and Europe. Founded in 2020, Escape offers an offensive security engineering platform that is designed to identify and remediate security issues directly within live environments. The platform uses AI agents that simulate attacker behavior to discover vulnerabilities that arise from application logic, configuration and integrations after code is deployed. Escape's platform works by continuously mapping the external attack surface of applications and running automated security assessments against live services. The AI agents emulate techniques used in penetration testing, such as interacting with authentication flows, application programming interfaces and business logic, to identify potential weaknesses. The agents also perform ongoing attack-surface discovery, including executing testing routines against identified components and generate remediation guidance that can be incorporated into engineering workflows. The process is designed to run continuously to move from detection to contextual remediation while maintaining visibility into discovered issues. Escape's platform is used by security and engineering teams responsible for protecting cloud-based applications and distributed software environments. Typical use cases include testing APIs, validating multitenant application security, identifying exposure of sensitive data and evaluating business logic vulnerabilities such as insecure direct object references. "Security teams are outnumbered and drowning in siloed, manual processes," said co-founder and Chief Executive Tristan Kalos. "In a world where code is written and attacked at the speed of AI, this cannot continue. We are building Escape as the offensive security engineering platform to solve that problem at scale." The company claims more than 2,000 security teams globally are using its platform to run more than 300,000 security assessments a month. Notable Escape customers include BetterHelp Inc., PandaDoc Inc., CyberCube Analytics Inc. and Arkose Labs Inc.. The Series A round was led by Balderton Capital Management Ltd., with Uncorrelated Ventures and previous investors IRIS Software Group Ltd. and Y Combinator also participating. "As the number of software developers -- human and agentic -- explodes, security teams find themselves with an impossible dilemma: Rely on legacy scanners, knowing they do not have the quality of pen-testing, or work with manual offensive security teams and fail to scale to the volume of code," said Suranga Chandratillake, a partner at Balderton Capital. "Escape has solved this challenge with the world's first AI-native, offensive security platform that blends the scalability and relentless capacity of technology with the ingenuity of your security team."