Agentic artificial intelligence (AI) is emerging as a new frontier in enterprise cybersecurity. Autonomous systems are increasingly designed to behave like real attackers and continuously probe software.

Instead of relying on annual or quarterly penetration tests (pen tests), platforms aim to probe applications constantly as software evolves. One of those companies is Equixly, a Florence‑based startup developing an autonomous penetration‑testing platform powered by what it describes as an “agentic AI hacker.”

“A lot of our competitors seem to be doing one‑off pen testing. Yes, it’s AI‑powered, but it doesn’t have that continuous element as our solution does,” Gavin Sutton, Head of Marketing at Equixly, told TechJournal.uk in an interview during TechEx Global 2026 in London on February 4.

“We’re very much in our own lane at the moment. Our product is different from what’s out there,” he said. “Our solution takes away that human element, and it’s all run on an agentic AI hacker.”

Founded in 2022, the Italian startup is part of a broader shift toward automated offensive security as traditional testing struggles to keep pace with modern development cycles and the growing adoption of APIs.

The startup targets a niche within cybersecurity focused on continuous, automated offensive testing. Its platform simulates adversarial behaviour across APIs and applications as they evolve, rather than waiting for scheduled audit windows or annual security reviews.

Across the industry, many security vendors still rely on point‑in‑time assessments, even when AI automates parts of the workflow. In practice, testing often remains tied to fixed schedules while software is updated far more frequently.

Continuous testing model

The traditional penetration testing cycle has remained largely unchanged for decades.

“If you think about pen testing, the traditional model is very much periodic — tests once a year, maybe once a quarter. When it comes to applications and APIs, they change so often that having tests that infrequently brings so much risk within business,” Sutton said.

This gap between development speed and security review can leave vulnerabilities exposed for months.

He said the agentic AI runs continuous penetration tests against APIs and applications. This allows organisations to test immediately whenever an API changes or a new application is released.

The system adapts to each customer’s environment over time. It learns how APIs interact and develops knowledge from operating within enterprise infrastructure.

Emerging AI risks

The rise of AI in software development is introducing new security challenges for enterprises.

“Our plan for this year is to enhance the solution. We’ve got new features coming that will elevate what companies can do and broaden the testing capabilities,” he said.

He said the introduction of AI is creating new types of vulnerabilities that interact with APIs and applications and remain largely unknown.

As enterprises integrate AI into customer service, financial systems, and operations, APIs increasingly act as the connective tissue between services. This architecture expands the potential attack surface, especially when testing fails to keep pace with rapid code changes.

Enterprises often manage hundreds or thousands of APIs across banking, retail, transport, and energy environments. Continuous monitoring can reduce the lag between deployment and detection of exploitable flaws.

Scaling in Europe

Equixly has around 30 employees, most of them engineers who built the platform in‑house. Following a recent funding round, the firm is expanding its commercial team.

The company raised €10 million in a Series A funding round last December and is expanding across Europe and the UK. It currently has around 25 enterprise customers, mainly in Europe.

“We’ve got around 25 customers, mainly in Europe — large enterprises, big banks, retail customers, transport and energy,” he said. “Once they’ve tried the product and they see what it can do. There’s a lot of wow factors, and they can see straight away the value that it can bring.”

The funding is being used to grow the team, advance proprietary AI models, and accelerate international expansion, including strengthening the company’s commercial presence in the UK.

In a press release, Equixly said APIs now account for more than half of global web traffic. The average enterprise manages between 500 and 2,500 APIs. They have become the fastest‑growing battleground for hackers, with 44% of malicious bots already targeting APIs and attacks projected to rise by 548% by 2030. In 2025 alone, API attacks cost global businesses about $200 billion.

The company said its platform can identify up to 80% more vulnerabilities than traditional Dynamic Application Security Testing tools and uncover the 10–20% of “shadow” endpoints many organisations do not know they have, while keeping false positives below 1%.

Backed by 33N Ventures, 360 Capital, Alpha Intelligence Capital, and JME Ventures, the startup has also been recognised by Gartner, UniCredit, and BCG for its work in agentic AI security testing. The platform integrates into existing systems and CI/CD pipelines, enabling automated testing across the development lifecycle to identify risks earlier and reduce remediation costs.