Next-Generation AI for Cybersecurity Research

At Escape, we aim to radically improve the way engineering teams create secure software. We're reinventing application security tools, processes, and practices using AI technology — always developed in-house.
New York Office
Paris Office

Our mission

Application security teams are drowning in noise and siloted tools that are absurdly complicated to operationalise or even completely outdated. Relationship with the developers is a never ending conundrum. Trying to balance between reducing risk and empowering innovation ends up failing at both.

Escape investigates how the ongoing AI revolution can help solve the biggest problems in application security tools, processes, and practices - so that Artificial Intelligence empowers security and engineering teams to work together and create secure software faster.
See benchmark ->

Research Topics

Code-to-Cloud Security Intelligence
Our research explores the fundamental connection between static code representation and runtime behavior. By analyzing Abstract Syntax Tree structures across distributed microservice architectures, we're developing novel methods to extract semantic understanding from API implementations. This approach enables our custom language models to generate precise security test cases that target business logic vulnerabilities—creating a continuous security thread from development to deployment environments that traditional tools cannot achieve.
Agentic Offensive Security
Building on foundational work like Microsoft's REST-ler studies, we're advancing reinforcement learning techniques to enable autonomous security testing of modern applications. Our research demonstrates that AI agents can learn application behavior through exploratory interaction, allowing them to discover complex attack chains and business logic flaws that rule-based scanners consistently miss. Empirical evaluations show a 4000% increase in vulnerability detection coverage compared to conventional approaches, particularly for privilege escalation and access control vulnerabilities.
AI-Powered Vulnerability Remediation
We're investigating how large language models can bridge the remediation gap between vulnerability discovery and code correction. Our research demonstrates that by creating direct linkages between runtime security findings and their source code origins, we can reduce remediation friction by 91%. This work addresses one of the most persistent challenges in application security: translating vulnerability information into actionable code changes that developers can implement with minimal disruption.
Seamless DAST Authentication Through Vision AI
We're investigating how computer vision capabilities can resolve one of the most persistent barriers to comprehensive dynamic application security testing: authentication automation. Our research applies visual understanding models to navigate complex login interfaces without predefined scripting. This approach eliminates the configuration burden that typically prevents organizations from implementing continuous security testing across their application portfolio.
Intelligent Asset Correlation
Our early-stage research examines the challenging problem of automatically mapping relationships between source code repositories and their deployed API endpoints. This work addresses a fundamental gap in existing security tooling: the inability to trace vulnerabilities through the deployment pipeline. By developing probabilistic models that can infer these relationships, we aim to create a unified security view that spans from code commit to production environment.

The latest security research

API Security Checklist cover

The State of API Exposure

How we discovered 30,000 exposed APIs and 100,000 issues in the world's largest organizations
Right arrow
API Security Checklist cover

The API Secret Sprawl 2024

How we discovered over 18,000 API secret tokens by analyzing 1M domains on the web
Right arrow
State of GraphQL report cover

GraphQL security report 2024

Insights from 13,000 GraphQL API issues: A deep dive into the current state of GraphQL security
Right arrow
API Security Checklist cover

State of Public APIs 2023

Analysis of the design, performance and security of more than six thousand Public APIs
Right arrow
View all
The only DAST that works with your modern stack and tests business logic instead of missing headers
Book a live demo
Platform
API Discovery & Security
Business Logic DAST
GraphQL Security
Company
About
We're hiring
Legal
Privacy policy
Terms of service
Resources
Blog
Case studies
Docs
Proprietary Business Logic Security Testing Algorithm
API Security Academy
API Security Checklist
The Elephant in AppSec Podcast
State of GraphQL Security 2024
State of Public APIs 2023
GraphQL Security
GraphQL Armor
ChatGPT Security
Connect
Book a live demo
Slack support
Escape vs Competitors
Escape vs Noname Security
Escape vs Salt Security
Escape vs Qualys
Escape vs StackHawk
Escape vs Bright Security
Escape vs Rapid7
Escape vs Invicti
© 2025 Escape