Offensive security is being pulled into the developer workflow, and Balderton is betting that AI agents will replace point-in-time pen tests and legacy scanners. French startup Escape has raised EUR 18 million in a Series A led by Balderton Capital, with participation from Uncorrelated Ventures, returning seed investor IRIS and Y Combinator.
The deal
Escape’s Series A was recently announced. The company positions its platform as an AI agent-driven offensive security engineering engine that can continuously discover, test and help remediate vulnerabilities.
Balderton framed the shift in operational terms. Partner statements cited by EU-Startups argue that “the days of pen-testing being a sporadic, manually driven process are over,” reflecting a broader move toward developer-first security and automation.
Why this is a with-trend round
Security leaders have been trying to scale assurance against a simple math problem: developer output keeps rising while security headcount does not. Escape’s pitch aligns with that reality by aiming to turn pentesting from a periodic service into an always-on product.
The company is explicitly going after two weak points in incumbent approaches:
- Legacy DAST and scanners that flag large volumes of issues but often miss business logic flaws and struggle to keep pace with modern application architectures.
- Point-in-time pentesting that delivers a snapshot, not continuous coverage, and is difficult to run across fast-moving releases.
Escape’s platform includes what it calls Business-Logic-Aware DAST, designed to target “real, exploitable vulnerabilities” and improve testing over time, rather than running the same static checks. The company also highlights AI-driven pentesting that can simulate sophisticated attacker behavior in multi-step workflows and production environments, where business logic vulnerabilities tend to hide.
Product and GTM implications: shifting from “audit” to “continuous control”
If Escape executes, the value proposition is less about replacing a single tool and more about changing the purchasing logic for offensive security.
- Who pays: typically security leadership and application security teams, especially where they support large engineering orgs.
- What workflow: continuous testing tied to application changes, not a quarterly or annual testing cycle.
- What pain is removed: the bottleneck of scarce human pentesters and the operational overhead of triaging noisy scanner output.
This category tends to win on implementation depth and switching costs. To be credible, an agentic pentesting product has to integrate with modern CI/CD, understand the application surface area, and produce findings that engineering teams will act on. If it can consistently identify exploitable issues in business logic and reduce false positives, it becomes embedded in how releases are approved and how remediation work is prioritised, which supports retention.
Pricing power will likely come from two levers (inference):
- Coverage-based expansion across more apps, environments and teams as usage spreads.
- Outcome credibility if customers see higher signal-to-noise and fewer production incidents compared with legacy tooling.
Traction and competitive context
Escape claims it is trusted by over 2,000 security teams globally, including BetterHelp and PandaDoc. That level of stated adoption suggests the company has found an on-ramp that resonates, likely through developer-friendly deployment and a clear “replace legacy scanners” narrative.
The competitive backdrop is crowded, but the differentiation claim is specific: agentic testing that reasons about application logic and can run in production-like workflows. Incumbent scanners are strong at breadth but can struggle with business logic and exploitability. Traditional pentesting is high-trust but hard to scale. Escape is positioning itself as the bridge: continuous automation with more attacker-like behaviour.
What the funding is likely to support
According to the reported rationale, the round will enable Escape to deepen its AI agent capabilities for agentic pentesting that reasons about application logic. The company is also reported to be looking to expand across the US and Europe, consistent with the syndicate profile and the global nature of the demand.
What this enables
- Continuous offensive testing that fits modern release velocity, not annual audits
- Higher-fidelity detection of business logic vulnerabilities versus legacy DAST alone
- A more developer-first security motion as tools embed into CI/CD and triage workflows
What to watch
- Evidence that agentic testing reduces false positives while catching exploitable business logic issues at scale
- Sales cycle reality: whether Escape lands bottom-up with teams or sells top-down as a platform standard
- Competitive response from established scanner vendors and pentesting-led platforms moving into automation
- Expansion execution in the US and Europe, including channel partnerships and security ecosystem integrations