Escape Technologies

Escape is a cybersecurity company that specializes in API security testing, with a particular focus on GraphQL security. The company provides automated security scanning and testing tools designed to identify vulnerabilities in API implementations. Their platform performs comprehensive security assessments that check for common misconfigurations, denial of service vulnerabilities, information disclosure issues, and other security weaknesses in GraphQL and REST APIs. The company offers both a free tool called GraphQL.Security, which performs quick security checks for 18 common security best practices on GraphQL endpoints, and a more comprehensive Live GraphQL Security Platform with authenticated endpoint scanning capabilities. Their technology leverages an open-source package called GraphDNA for fingerprinting GraphQL engines and identifying security issues. Escape's approach combines automated vulnerability scanning with security testing that examines HTTP layer configurations, CSRF vulnerabilities, query complexity attacks, batching and aliasing abuse, and information leakage through debug modes and stack traces. The company has analyzed thousands of production endpoints to develop their security testing methodologies. Founded by Tristan Kalos (former AI researcher at UC Berkeley) and Antoine Carossio (former security engineer at Apple), the company is backed by YCombinator and various venture capital firms. They target development teams and organizations that build and maintain GraphQL and REST APIs, providing them with tools to identify and remediate security vulnerabilities before they can be exploited.