French startup Escape successfully raised $3.9 million (€3.6 million) in a recent funding round for their cybersecurity solution. The company, which just completed Y Combinator's winter 2023 cohort, is focused on strengthening security for APIs before their public launch. The funding round was led by French VC firm Iris, with participation from Frst, existing investors Irregular Expressions, Tiny Supercomputers, Kima Ventures, and angel investors Philippe Langlois, Mehdi Medjaoui, and Roxanne Varza.
Escape offers an agentless solution that directly integrates into the development pipeline. By implementing an integration in the continuous integration/continuous delivery flow (CI/CD), every new code commit triggers Escape to dynamically scan for security flaws. This innovative approach allows for potential vulnerabilities to be identified and addressed in real-time, preventing significant issues down the line.
For example, Escape can detect rate-limiting problems, which could be exploited by bad actors to extract large volumes of data. Additionally, the platform ensures that invalid actions are properly blocked, preventing unauthorized data manipulation. It integrates seamlessly with Snyk, enabling Escape-generated issues to appear on the user's Snyk code issues list.
Initially, Escape chose to focus on GraphQL APIs, as it identified this area as the best go-to-market strategy. However, the company is now expanding its support to REST APIs, which are more commonly utilized than GraphQL-based APIs. This expansion opens the potential for greater market reach and increased application across a broad range of industries.
With its unique approach to API security, Escape has already attracted around 20 clients, including Sorare, Shine, and Neo4J. The company aims to target bigger clients in sensitive sectors, such as banking and financial services. For each client, Escape's contracts have the potential to be worth tens of thousands of euros per year, making this an attractive and lucrative opportunity for the startup.
It should be noted that Escape does not intend to replace pentests entirely. Pentests typically encompass broader areas of security in addition to APIs. Instead, Escape's objective is to identify and resolve security flaws at the API level as soon as they appear. By fixing these issues early, security firms conducting pentests will find that most vulnerabilities have already been resolved, making the overall process much more efficient and effective.
The recent funding round and the evolution of Escape showcase the growing need for more comprehensive and effective API security solutions. With no-code platforms like AppMaster offering tools to develop backend, web, and mobile applications, APIs have become an integral part of modern software development. Users can now utilize platforms like AppMaster to effortlessly build applications that are not only visually appealing but also secure and scalable.
