Italy-based cybersecurity startup Equixly has secured €10 million in a Series A funding round for its AI-powered API security platform. Led by venture capital firm 33N Ventures, with participation from Alpha Intelligence Capital and existing investors JME Ventures, 360 Capital and Fondazione Cassa di Risparmio di Firenze, the investment will fuel the company's mission to combat the escalating crisis in API security. Founded in 2022 by brothers Mattia and Alessio Dalla Piazza, Equixly aims to provide a proactive defense against sophisticated threats targeting modern digital services.
The Growing Threat to API Security
Application Programming Interfaces, or APIs, are the essential channels connecting different software systems and enabling data exchange. They form the foundational backbone of today's digital economy, powering everything from mobile apps to enterprise platforms. Their widespread adoption, however, has created a vast and attractive attack surface for cybercriminals seeking to exploit vulnerabilities.
Industry analysts have long warned that APIs are becoming a primary attack vector for web applications, as attackers increasingly target business-logic weaknesses instead of only known technical exploits. Traditional security measures like Web Application Firewalls and basic scanning tools often struggle with novel attacks that exploit complex workflows and edge-case behaviors. These tools are typically tuned to block known threats, which can leave organizations exposed to more adaptive hacking techniques.
A Novel Approach with Agentic AI
In response, Equixly has developed a platform that leverages agentic AI to simulate the behavior of human hackers. This approach is designed to identify complex vulnerabilities that conventional automated scanning tools frequently overlook. By mirroring the reasoning of a skilled attacker, the platform provides a more comprehensive security assessment across modern API environments.
The platform deploys autonomous AI agents that intelligently explore an organization's APIs to understand their specific business logic. These agents then conduct simulated attacks, testing for weaknesses in authentication, authorization, and data-handling protocols. This process includes automated reconnaissance and attempts to bypass security controls to find potential data-exfiltration paths.
By continuously running these focused attack simulations, Equixly enables organizations to proactively discover and remediate security flaws. This constant vigilance helps development and security teams flag issues in real time before they can be exploited, improving both security posture and remediation speed.
Strategic Funding for Market Expansion
The €10 million Series A investment was led by 33N Ventures, with participation from Alpha Intelligence Capital and existing backers JME Ventures, 360 Capital and Fondazione Cassa di Risparmio di Firenze. Equixly’s leadership team, including CEO and co-founder Mattia Dalla Piazza and co-founder Alessio Dalla Piazza, brings experience from roles at IBM, UniCredit and Accenture, combining cybersecurity, enterprise software and financial-services expertise.
Equixly will allocate the new capital toward accelerating product development and enhancing the intelligence of its autonomous agents. The funding will also support the expansion of its engineering and go-to-market teams, including plans to establish a UK sales and marketing presence as it scales internationally.
The company is targeting the fast-growing API security segment, driven by the proliferation of APIs, rising regulatory scrutiny, and the added complexity introduced by AI-generated code. Early adoption by European customers in sectors such as banking, energy, insurance and retail has already demonstrated the platform’s value.
With its new funding and a pioneering approach to security, Equixly is well positioned to address critical digital vulnerabilities. The company’s use of agentic AI to mimic hacker behavior offers a robust defense against threats that traditional methods often miss, strengthening the resilience of API-driven systems as the attack surface continues to expand.