Paris-founded Escape, an offensive security engineering platform, has raised €15.4 million ($18 million) in Series A funding to automate the entire security lifecycle with AI agents.
The round was led by Balderton with participation from Uncorrelated Ventures and existing investors IRIS and Y Combinator.
“Security teams are outnumbered and drowning in siloed, manual processes. In a world where code is written and attacked at the speed of AI, this cannot continue. We are building Escape as the offensive security engineering platform to solve that problem at scale,” said Tristan Kalos, CEO and co-founder of Escape.
Founded in 2020 by Tristan Kalos and Antoine Carossio, specialises in offensive security engineering, a new approach that replaces legacy scanners and manual processes with AI agents that discover, test, and remediate vulnerabilities directly in engineering workflows.
It supports lean security teams in defending themselves amid the rapid pace of code creation and attacks. The company states that AI has shortened the window from code deployment to vulnerability exploitation to just hours. Although recent industry efforts emphasise securing code at the developer’s IDE, this is only part of the picture. Attackers target live systems, focusing on actual configurations, integrations, authentication processes, and business logic that are present only in production.
This is where Escape’s AI agents operate, claims the company. The agents mimic the behaviour of a sophisticated attacker to find exploitable logic flaws and data leaks that exist only in live environments, and remediate before attackers get to them first.
Point-in-time pentesting and fragmented legacy tools can’t keep pace, leaving security teams who are currently outnumbered 100-to-1 by developers, overwhelmed and exposed. Escape states that it was founded to fix this broken model by replacing legacy scanners and manual offensive security processes with AI agents that automate the full lifecycle.
Its three offerings include: Attack Surface Management, which identifies and verifies exposure in modern applications, APIs, and infrastructure from code to cloud; Business-Logic-Aware Dynamic Application Security Testing (DAST), which replaces traditional DAST with smarter, evolving testing that helps teams address genuine, exploitable vulnerabilities; and AI Pentesting, a scalable alternative to manual pentests and bug bounty programmes.
According to the company, its agents continuously discover, test and fix vulnerabilities directly within engineering workflows. They automate attack surface discovery, continuous security testing, and contextual remediation. Instead of generating a report that sits in a queue, Escape’s agents keep the system moving from the moment a vulnerability is found to the moment it’s fixed. This helps Escape multiply the impact of security teams at scale, without increasing headcount or alerts.
To highlight the scale of the threat, Escape said its team recently uncovered more than 2,000 high-impact vulnerabilities hidden in 5,600 publicly available vibe-coded applications. This included 175 instances where personal data was exposed, often with several sensitive secrets revealed at once. Every vulnerability was present in live production systems and discoverable in hours.
“As the number of software developers – human and agentic – explodes, security teams find themselves with an impossible dilemma: rely on legacy scanners, knowing they do not have the quality of pen-testing or work with manual offensive security teams and fail to scale to the volume of code. Escape has solved this challenge with the world’s first AI-native, offensive security platform that blends the scalability and relentless capacity of technology with the ingenuity of your security team,” said Suranga Chandratillake, partner at Balderton Capital.
The fresh capital will enhance the platform’s AI agent capabilities, including agentic pentesting that reasons about application logic rather than scanning for known patterns. It will also support the expansion of the engineering and go-to-market teams to meet increasing enterprise demand in the US and Europe.
Fresh out of Y Combinator’s 2023 cohort, the company announced a €3.6 million Seed funding round.
The company is used by more than 2,000 security teams globally, including companies such as BetterHelp, PandaDoc, CyberCube and Arkose Labs. It reports that one of its recent customers witnessed a 393% ROI after deploying Escape, shrinking its security testing processes from five days to five hours.
Overall, Escape now conducts over 300,000 security assessments each month worldwide, amounting to days of manual testing that security teams regain every month.
Read the orginal article: https://www.eu-startups.com/2026/03/yc-backed-escape-raises-e15-4m-series-a-led-by-balderton-for-its-ai-powered-offensive-security-engineering-platform/
