Escape raises $18M to replace pen-testers with AI agents

The timing is not coincidental. In October 2025, Escape published research that scanned more than 5,600 publicly deployed applications built with vibe coding platforms, tools like Lovable, Base44, and Bolt.new that let non-developers build and ship apps by describing what they want in plain English. The results were stark: over 2,000 high-impact vulnerabilities, hundreds of exposed secrets, and cases of personal data sitting exposed in live production systems, accessible to anyone who knew where to look.

That research made the pitch for Escape’s $18 million Series A almost write itself. The round was led by Balderton Capital, with participation from new investor Uncorrelated Ventures and existing backers IRIS and Y Combinator. It brings the company’s total funding to $23 million since its founding in 2020.

Escape was founded in New York by Tristan Kalos (CEO) and Antoine Carossio (CTO), two French engineers who met at UC Berkeley. Kalos had a background in machine learning; Carossio had worked in cybersecurity for the French government before joining Apple as a machine learning researcher. Their founding thesis was simple and uncomfortable: traditional security tools were built for a world where code was written slowly, reviewed carefully, and deployed on a predictable schedule. That world no longer exists.

“Security teams are outnumbered and managing siloed, manual processes,” Kalos said in a statement. “In a world where code is written and attacked at the speed of AI, this approach is no longer sustainable.”

Escape’s platform describes itself as “offensive security engineering”, a deliberate choice of words. Rather than waiting for vulnerabilities to be reported after deployment, its AI agents actively simulate attacker behaviour against live systems: mapping attack surfaces, generating proof-of-exploitation to demonstrate exactly how a flaw can be triggered, then proposing contextualised fixes and providing reproduction steps so security teams can verify that the patch hasn’t introduced new problems.

The emphasis on live environments, rather than code repositories, is central to the company’s argument. Many security risks only emerge when configurations, authentication flows, and business logic are running in production, not in a developer’s local environment.

The platform integrates into engineering workflows via CI/CD pipelines, meaning vulnerabilities can surface before code reaches users rather than after. It is a model that has found traction: Escape claims more than 100 enterprise customers and month-on-month revenue growth of 15% or more.

Balderton partner Suranga Chandratillake, who led the deal, described the investment as a bet on structural change rather than incremental improvement. “The days of pen-testing being a sporadic, manually driven process are over,” he said.

“As the number of software developers, both human and agentic, explodes, security teams find themselves with an impossible dilemma: rely on legacy scanners, knowing they do not have the quality of pen-testing, or continue to work with manual offensive security teams and fail to scale to the volume of code being written.”

The new funding will be used to roughly double the 32-person team over the coming year and expand enterprise go-to-market operations across the US and Europe. Kalos has said the team already reflects an unusual degree of diversity for a security startup, 30% female, more than 12 nationalities, and intends to maintain that as it scales.

The raise arrives on a day when the broader AI security sector is clearly in the money. Also announcing fresh capital today is Paris-based Qevlar AI, which secured $30 million to expand its AI security operations platform. That two European AI security startups are closing rounds on the same morning in March 2026 is less a coincidence than a signal: investors appear to have decided that the security gap opened by AI-generated code is real, large, and not going away.