Escape raises $18M Series A to replace legacy scanners with AI agent-driven discovery, pentesting, and remediation
Escape raises $18M Series A to replace legacy scanners with AI agent-driven discovery, pentesting, and remediation
Attackers move in hours. Most security teams are still running weekly scans. Today we are proud to announce our $18 million Series A funding round, led by Balderton with participation from Uncorrelated Ventures and existing investors IRIS and Y Combinator. And alongside the funding, we’re launching a whole new brand identity.
These two things aren’t a coincidence. Together, they mark a new chapter, and we wanted to take a moment to tell you the full story behind both.
When we founded Escape, we weren’t trying to build another security tool. We were trying to fix something we kept seeing with our own eyes.
We spent a lot of time with security teams. Security teams that are outnumbered 100 to 1 by developers, stuck stitching together legacy scanners and manual processes that were built for a slower era.
AI has made both sides of the problem worse: developers ship more code faster, and attackers exploit vulnerabilities in hours instead of weeks. No amount of point-in-time pentesting can close that gap.
To put the scale of the threat into perspective, Escape’s Security Research team recently uncovered more than 2,000 high-impact vulnerabilities hidden in 5,600 publicly available vibe-coded applications. This included 175 instances where personal data was exposed, often with several sensitive secrets revealed at once. Every vulnerability was present in live production systems and discoverable in hours.
We kept asking ourselves: why is there nothing that fights back the same way?
That question became the next version of Escape.
Suranga Chandratillake, partner at Balderton Capital, said: “The days of pen-testing being a sporadic, manually driven process are over. As the number of software developers (both human and agentic) explodes, security teams find themselves with an impossible dilemma: rely on legacy scanners, knowing they do not have the quality of pen-testing or continue to work with manual offensive security teams and fail to scale to the volume of code being written. Escape has solved this challenge with the world’s first AI-native, offensive security platform that blends the scalability and relentless capacity of technology with the ingenuity of your security team.”
What we built
Escape is an offensive security engineering platform. Our agents continuously discover, test, and fix vulnerabilities directly within engineering workflows. They automate attack surface discovery, continuous security testing, and contextual remediation. Instead of generating a report that sits in a queue, Escape’s agents keep the system moving from the moment a vulnerability is found to the moment it’s fixed. In this way, Escape multiplies the impact of security teams at scale, without increasing headcount or alerts.
Three products, one mission: give small security teams the tools to cover infinite ground.
Attack Surface Management: so you always know what’s exposed, from code to cloud, before attackers do. No blind spots.
Business-Logic-Aware DAST: we want to empower security teams to replace legacy DAST with business-logic-aware testing that improves over time and helps your team remediate real, exploitable vulnerabilities.
AI Pentesting: our goal is to provide the depth and ingenuity of a senior pentester, running continuously, at scale. No manual programs. No point-in-time snapshots. Just continuous coverage at a fraction of the cost.
The results have been remarkable. Escape is trusted by 2,000+ security teams globally, including BetterHelp, PandaDoc, CyberCube, Arkose Labs and more.
One recent customer and global leader in its field saw a 393% ROI after deploying Escape, shrinking its security testing processes from five days to five hours. While edtech platform Thinkific is using Escape to secure its applications end-to-end and gain visibility into vulnerabilities while embedding continuous, developer-friendly security testing into its workflow.
“Escape’s IDOR scanning and multi-tenant capabilities set it apart from other security testing solutions and allow us to test multiple scenarios. AI-based authentication and Project-scoped permissions facilitate the automation of team onboarding and significantly reduce the onboarding time and efforts. Support team is incredibly responsive to feedback and actually implements it.”
— Daniel Ilies, IT Security Engineer, Visma
Why we rebranded
Building something for bigger scale deserved a new identity. But more than that, we wanted our brand to say something we actually believe.
We know the attack surface of the security teams we’ve been working with is vast. Brands scattered across cultures and time zones, distributed systems, thousands of applications, and code shipping faster than any team can manually review. That scale is real. But scale isn’t the enemy. It’s the mission.
Our new identity reflects how we see the problem: the attack surface is vast, and a small team with the right tools should be able to cover all of it.
Built for the frontier and limitless innovation. That’s the Escape we’re building.
What comes next
This funding lets us go further on everything we’ve started.
We want to deepen the platform’s AI agent capabilities, including agentic pentesting that reasons about application logic rather than scanning for known patterns. Cover more multi-step attack scenarios. Ensure better coverage across more environments and provide more support for the security engineers doing critical work every day with too few resources.
We’re also growing the team — in engineering, in research, and in go-to-market across the US and Europe. If you believe what we believe about where offensive security needs to go, we’d love to talk.
A note of gratitude
None of this happens without the security teams who trusted us early, shaped the product, and pushed us to build something genuinely useful. You were our design partners, and we’re grateful for your help along the journey.
To the Escape team, thank you. For building when it was hard. For staying through the sleepless nights and for always shooting for the stars. This is yours as much as ours.
And to Balderton, Uncorrelated Ventures, IRIS, and Y Combinator, thank you for believing in the mission.
— Tristan & Antoine
*** This is a Security Bloggers Network syndicated blog from Escape – Application Security & Offensive Security Blog authored by Tristan Kalos. Read the original post at: https://escape.tech/blog/escape-raises-18m-series-a/
About Author
