The limits of traditional application security tools have become apparent as API-first architectures expand. Dynamic scanners such as DAST have long formed the basis of automated testing, while manual pentests provided much-needed depth. The former only detect classic technical vulnerabilities, the latter cannot keep up with the scale of modern environments. Between these two approaches, space has been created for a new form of automation based on agentic AI, capable of reproducing human reasoning while supporting an industrial volume of analysis.
While large companies now operate several hundred APIs, sometimes several thousand, in environments that are continuously renewed, vulnerabilities become immediately exploitable and occasional recourse to manual testing is no longer enough to maintain operational visibility on changing attack surfaces. In this context, players like Equixly seek to combine logical understanding, scalability and test continuity.
The approach consists of moving the center of gravity of the pentest towards a contextual analysis logic. The agents developed by Equixly reconstruct application flows and simulate behaviors close to those of an experienced attacker. Once integrated into CI/CD pipelines, these agents identify vulnerabilities that traditional scanners miss, particularly those related to business logic or undocumented endpoints. The objective is to bring the depth of a manual audit closer to the deployment rate of product teams.
For Mattia Dalla Piazza, co-founder and CEO of Equixly, the challenge lies in the ability of companies to adapt their practices to the pace of transformation of digital systems. He declares on this subject “Businesses can no longer rely on static or ad hoc testing to secure their systems, which serve millions of customers and now support entire swaths of global markets. With the arrival of new regulations and the rapid growth of APIs, the demand for autonomous security will become even more essential. Equixly makes advanced security testing continuous, autonomous, and accessible to all development and security teams. Thanks to an agentic infrastructure and models developed entirely in-house, teams benefit from a level of reasoning comparable to that of a human expert, at the scale demanded by modern software, while maintaining maximum control over data and preserving confidentiality. »
This development also reflects a response to the increase in API-related incidents. A significant portion of attacks now target exposed endpoints, including those that companies no longer identify or identify as critical. Automation, in this context, goes beyond the simple optimization of productivity and becomes a condition for preserving a form of operational clarity.
Goncalo Borges, of 33N Ventures, discusses this transformation “Equixly builds the security layer of modern software, in a context where development is transformed by AI and infrastructure is defined by APIs. Its solution strengthens the work of application security teams by offering a scalable, contextual and real-time approach, while identifying vulnerabilities that traditional vendors generally do not detect. This team is positioned to lead European cybersecurity innovators and become a global leader in the next generation of application security. »
The rise of AI-first uses also increases pressure on these environments. Generative models produce code, generate automatic agents, and introduce new API dependencies. This movement increases the complexity and multiplies the exhibition surfaces. Companies must integrate security as a component of the technological cycle, without a break between development and protection.
The advent of a post-DAST era is thus gradually taking shape; if it does not replace historical methods, it rearticulates them around a capacity for continuous and contextualized analysis, where AI agents constitute the point of balance between deep understanding and industrial pace.
Equixly, founded in 2022 in Verona by Mattia and Alessio Dalla Piazza, develops an API security platform based on proprietary AI agents. The company announces a fundraising of 10 million euros in Series A from 33N Ventures, Alpha Intelligence Capital, JME Ventures, 360 Capital and Fondazione Cassa di Risparmio di Firenze. This operation should finance a strengthening of the teams, and the opening of a commercial presence in the United Kingdom.
