At Escape, we aim at radically improving the way engineering teams create secure software by reinventing application security tools, processes, and practices using frontier AI technology.
Application security teams are drowning in noise and siloted tools that are absurdly complicated to operationalise or even completely outdated. Relationship with the developers is a never ending conundrum. Trying to balance between reducing risk and empowering innovation ends up failing at both.
Escape investigates how the ongoing AI revolution can help solve the biggest problems in application security tools, processes, and practices - so that Artificial Intelligence empowers security and engineering teams to work together and create secure software faster.
Our research explores the fundamental connection between static code representation and runtime behavior. By analyzing Abstract Syntax Tree structures across distributed microservice architectures, we're developing novel methods to extract semantic understanding from API implementations. This approach enables our custom language models to generate precise security test cases that target business logic vulnerabilities—creating a continuous security thread from development to deployment environments that traditional tools cannot achieve.
Building on foundational work like Microsoft's REST-ler studies, we're advancing reinforcement learning techniques to enable autonomous security testing of modern applications. Our research demonstrates that AI agents can learn application behavior through exploratory interaction, allowing them to discover complex attack chains and business logic flaws that rule-based scanners consistently miss. Empirical evaluations show a 4000% increase in vulnerability detection coverage compared to conventional approaches, particularly for privilege escalation and access control vulnerabilities.
We're investigating how large language models can bridge the remediation gap between vulnerability discovery and code correction. Our research demonstrates that by creating direct linkages between runtime security findings and their source code origins, we can reduce remediation friction by 91%. This work addresses one of the most persistent challenges in application security: translating vulnerability information into actionable code changes that developers can implement with minimal disruption.
We're investigating how computer vision capabilities can resolve one of the most persistent barriers to comprehensive dynamic application security testing: authentication automation. Our research applies visual understanding models to navigate complex login interfaces without predefined scripting. This approach eliminates the configuration burden that typically prevents organizations from implementing continuous security testing across their application portfolio.
Our early-stage research examines the challenging problem of automatically mapping relationships between source code repositories and their deployed API endpoints. This work addresses a fundamental gap in existing security tooling: the inability to trace vulnerabilities through the deployment pipeline. By developing probabilistic models that can infer these relationships, we aim to create a unified security view that spans from code commit to production environment.
%20(1).png){kind=logo}
