YC’s Escape nabs $18M from Balderton to capitalise on cybersecurity’s ‘unique moment’ — Y Combinator’s Escape raises $18 million from Balderton for cybersecurity’ AI agent
https://techfundingnews.com/escape-ai-agent-cybersecurity-balderton/
Publish Date: 2026-03-10 01:07:00
Source Domain: techfundingnews.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
Software is increasingly built and attacked by AI, and Y Combinator-backed Escape just raised $18 million from Balderton Capital to protect it with AI too. The secret to success, however, is very human: trust.
Founded in 2020 first as a research lab that later morphed into a commercial company, Escape co-founders Tristan Kalos, CEO, and Antoine Carossio, CTO, have built AI agents to ethically hack code to expose weaknesses, and then fix them.
Kalos and Carossio met at UC Berkeley during an entrepreneurship programme; they had backgrounds in machine learning and cybersecurity, respectively, and found themselves chewing the fat over how insecure everyday digital services are.
After a company Kalos had worked for was hacked, they asked each other: Why not create an AI system that can actually solve this problem? “And that’s how the original concept started,” Kalos told Tech Funding News.
OpenAI released ChatGPT in late 2022. The explosion of generative AI brought an explosion of AI-generated code, which may be more prone to weaknesses. Escape’s own research found over 2,000 serious vulnerabilities in apps built with vibe coding platforms.
At the same time, AI-driven attacks have skyrocketed, rising 89% year-on-year in 2025, according to a CrowdStrike report. Most recently, a hacker used Anthropic’s chatbot to attack Mexican government agencies and steal 150 gigabytes of data.
“It’s quite a unique moment in cybersecurity,” Kalos said, but security teams can’t move fast enough to test scripts or tackle vulnerabilities. “So what we are doing is using AI to scale the efforts of security teams and allow them to secure code at the pace of AI, against AI.”
Discover, test and remedy
Escape’s AI agents work by mapping digital infrastructure such as apps, APIs, databases, and endpoints and tests them for vulnerabilities. The agents simulate attack chains then produce proof-of-exploitation, showing exactly how a vulnerability was found and how it can be triggered.
It then works to remedy the issues through automated fixes that contextualise each vulnerability. It also supplies reproduction steps so that security teams can verify the fix and ensure the AI agent didn’t introduce more weaknesses.
“We are seeing a transformation in the way people secure applications, in the way people build applications, in the way people attack applications because the technology is changing so fast,” Kalos said.
“It was simply impossible to automate this process from discovery to remediation before. Still today, it’s very hard, right? It requires a lot of research and development, but we can see the future is about end-to-end.”
Companies rarely do vulnerability discovery, testing and remediation in one flow, which is what sets Escape apart from competitors, such as Crossbow and Terra Security, per the CEO.
The biggest challenge for him, however, has been a very human one: trust. Security is “quite a conservative market” where it can be difficult to earn the trust of teams, he said.
“Even if you have the best product or the best solution in the market, that is not enough. You also need to create trust. You need to get out there, talk to people, create trust, and those will become customers down the road, after you create this relationship.”
It’s not a typical vendor-customer relationship. Rather, vendors are like partners and the relationship needs to be cultivated and nurtured continuously, he said.
That’s one element that caught the eye of Balderton, which led the deal. “We are hugely impressed with how rapidly Escape has become a trusted platform for sophisticated organisations around the world,” said Suranga Chandratillake, partner at the firm.
“The days of pen-testing being a sporadic, manually driven process are over,” he added.
Building an international company
Chandratillake is a former founder who had success in the Valley, giving him a transatlantic perspective that can only benefit a startup building on both sides of the pond.
“We believe diversity of mindset, expertise and opinions in the cap table and in the advisors of Escape,” Kalos added, pointing to the startup’s other new investor Uncorrelated Ventures as well as existing investors IRIS and YC.
This is reflected in the startup’s 32-person team, which is 30% female, Kalos said. Over 12 nationalities are represented too. This melting pot of culture is something that Kalos himself embodies, as a French native now based in New York who used to live in Spain and South America.
The Series A, which brings the company’s total funding to $23 million, will be used to roughly double the team in the coming year and expand its core technology and products to better serve large enterprise customers.
Tapping back into the trust theme, Escape is focused on building that “partner-style” relationship that security teams expect.
