Artificial intelligence accelerates code production. It also accelerates the appearance of vulnerabilities. As software build tools spread across development teams, attack surfaces expand and detection cycles shorten. In this context, a new generation of cybersecurity tools seeks to automate penetration testing and vulnerability detection.
The startup Escape, specializing in automated offensive security, announces a fundraising fifteen million euros in Series A in order to accelerate the development of its platform. The operation is led by Balderton Capital, with the participation of Uncorrelated Ventures and historical investors IRIS and Y Combinator.
AI changes the temporality of cyberattacks
The ongoing transformation is primarily due to a change of pace. Software development cycles have accelerated significantly with the rise of code generation platforms and programming assistance tools.
In this context, vulnerabilities appear more quickly and become exploitable sooner. According to data cited by Escape, organizations experience on average 1,968 cyberattacks per weeka level that has increased significantly in recent years.
🚨 SMARTJOBS
- MISTRAL – Account Executive, Enterprise, France – Paris
- ANTHROPIC – Startup Partnerships – France & Southern Europe
- CONTEXT – HR Director – Human Resources Director
- ECOLE POLYTECHNIQUE – Director/Deputy Director of International Relations (F/M)
- CLAROTY — Sales Development Representative
- FRACTTAL — Account manager (France)
- BRICKSAI — Founding Growth Manager
👉 Find all our offers on the DECODE MEDIA Jobboard
đź“© Are you recruiting and want to strengthen your employer brand? Discover our partner offers
This gap between development speed and security capacity creates increasing pressure on cybersecurity teams. In most technology companies, security teams remain largely in the minority compared to development teams, which limits their ability to continuously analyze all systems in production.
This asymmetry explains the growing interest in automated approaches capable of simulating the behavior of an attacker and identifying vulnerabilities before they are exploited.
The limits of traditional approaches
Until now, application cybersecurity mainly relies on two types of tools.
Automated scanners can identify certain known vulnerabilities, but they are often limited to technical signatures. At the other end of the spectrum, penetration testing carried out by human experts allows you to explore the application logic of a system, but their cost and duration make it difficult to deploy on a large scale.
In an environment where applications are continuously updated, these methods become difficult to maintain.
Attackers now primarily target production environments, where the critical elements of an application are located: real configurations, authentication flows, integrations between services and business logic.
It is precisely this layer that new automated offensive security tools seek to analyze.
Agents capable of simulating an attacker
The platform developed by Escape is based on artificial intelligence agents capable of reproducing the strategies of an advanced attacker in order to explore the vulnerabilities of an application.
These agents can in particular analyze the application logic of a service, detect configuration errors, identify data leaks or even simulate attacks exploiting flaws present only in a production environment.
This approach aims to automate the entire offensive security cycle: attack surface mapping, continuous penetration testing and contextualized remediation recommendations.
The principle is less about producing reports and more about maintaining an ongoing process of detection and remediation.
According to the company, this automation would significantly reduce the time required for security testing. Some users report a reduction in audit processes from days to hours.
The challenge of “vibe coding”
A recent phenomenon contributes to reinforcing this problem: the proliferation of applications produced using automated code generation tools, sometimes referred to as “vibe coding”.
This mode of development, often faster and accessible to non-security specialists, can introduce vulnerabilities that are difficult to detect using traditional tools.
Escape claims to have identified more than two thousand serious vulnerabilities in 5,600 public applications resulting from this type of developmentof which 175 cases directly exposing sensitive data. These flaws were present in production and potentially exploitable within a few hours.
For security teams, the challenge lies in the very nature of these vulnerabilities: they often rely on business logic or interactions between different services, rather than isolated code errors.
An evolution towards continued security
This transformation is part of a broader evolution of cybersecurity practices, marked by the progressive integration of security tools into development pipelines. The objective is to move from one-off audits to continuous securityintegrated directly into production cycles. Solutions capable of automating penetration tests and analyzing application behavior could thus become a standard component of DevSecOps architectures.
In an environment where code production continues to accelerate, the ability to continuously simulate the behavior of an attacker could gradually become a basic requirement for securing applications.
Escape in brief
Escape is a startup specializing in application cybersecurity and automated offensive security. The company is developing a platform capable of simulating cyberattacks in order to identify application vulnerabilities and help teams correct them.
The company was founded by Tristan Kalos And Antoine Carossiorespectively CEO and CTO. The startup comes from the program Y Combinator and initially specialized in securing application programming interfaces (APIs) using artificial intelligence.
With this new funding from fifteen million euros in Series Aled by Balderton Capital with the participation ofUncorrelated Ventures, IRIS And Y Combinatorthe company plans to accelerate its recruitment of engineers and strengthen the development of its artificial intelligence agents dedicated to automated intrusion testing.
