Back to vendors
E

Equixly

Also known as: Agentic AI Hacker

Visit site
Security / SOC agentindependentVerified 2026-07-08

Autonomous offensive security platform whose Agentic AI Hacker continuously pentests APIs and web applications, chaining interactions to prove exploitable risk.

Equixly is an offensive security platform built around a proprietary Agentic AI Hacker that continuously attacks APIs and applications the way a skilled human adversary would, at machine speed and without a fixed scope or testing window. Rather than matching requests against known signatures like a scanner, a team of AI agents maps the attack surface, chains API interactions across services, manipulates business logic, and adapts its strategy as the architecture evolves, surfacing broken object level authorization, privilege escalation paths, and cross service exploit chains. The model is purpose built for offense: Equixly starts from an open weight model and specializes it with reinforcement learning trained on thousands of security tests, owns and runs it on its own infrastructure so customer traffic and findings never leave that environment, and designs the agent orchestration around it. Tests can be triggered from a CI/CD pipeline, coverage spans REST and GraphQL APIs, single page apps, server rendered web, and even LLM applications and MCP servers, and every finding ships with working proof of concept evidence aligned to the OWASP Top 10 API Security Risks.

Vendor details

Canonical URL

https://equixly.com

Category

Security / SOC agent

Funding status

Series A of EUR 10M led by 33N Ventures, with Alpha Intelligence Capital, JME Ventures, 360 Capital, and Fondazione Cassa di Risparmio di Firenze. Founded 2022, Verona, Italy. QC2 certification from Italy's National Cybersecurity Agency (ACN). Sample vendor in the Gartner Hype Cycle for APIs 2025 and Hype Cycle for Application Security 2025.

Company status

independent

Use cases & customers

Primary use cases

continuous API penetration testingbusiness logic vulnerability testingattack surface mappingremediation validation

Target customers

enterprisesecurity teamsdevelopersAppSec

Deployment options

SaaS

Integrations

CI/CD pipeline triggering, Checkmarx integration, API definition or specification file ingestion, and procurement via Google, Microsoft, and Amazon cybersecurity marketplaces.

Capability coverage

7.5 / 14 capabilities · 54%

Integrations & Tool CallingPlatform pages document triggering autonomous pentests from a CI/CD pipeline, a Checkmarx integration that brings testing into Checkmarx environments, API definition file ingestion, and procurement through Google, Microsoft, and Amazon cybersecurity marketplaces. Integration breadth is scoped to the security and dev toolchain. Full
Workflow OrchestrationA team of AI agents maps the attack surface, chains API interactions across services, models multi step exploit chains, and adapts its strategy autonomously as it discovers new paths. The model and its agent orchestration are described as designed for each other. Full
Knowledge Grounding & RAGGrounds testing in the customer's API definition and specification files and dynamically maps application behavior, with a reinforcement learning model trained on thousands of security tests. This is security domain grounding rather than a documented RAG over enterprise documents. Partial
Human Oversight & GuardrailsFindings arrive with proof of concept evidence for human teams to prioritize and remediate, and Equixly recommends pairing continuous AI testing with targeted expert analysis for the most complex scenarios. No in product approval gate or scope guardrail construct is documented. Partial
Security, Identity & GovernanceEquixly runs inference on its own infrastructure so customer endpoints, traffic, and findings never leave its environment, relies on no third party model, and holds QC2 certification from Italy's National Cybersecurity Agency (ACN). Full
Observability & AuditabilityEvery finding is validated for exploitability and delivered with working proof of concept evidence framed for both executives and engineers, plus near real time results and a predictive remediation plan, giving clear visibility into what the agent did and found. Full
Memory & State PersistenceThe AI Hacker learns how the target system behaves, retains an evolving map of the attack surface, and validates remediation as fixes are deployed, implying persistent state about the target. No general agent memory construct is separately documented. Partial
Deployment & Data ResidencyDelivered as a SaaS platform running on Equixly's own infrastructure and procurable via cloud marketplaces. The vendor is EU based (Italy) with strong data isolation, but no explicit on premise or configurable data residency option is documented. Partial
Prebuilt Agents / Templates / PacksEquixly is a single purpose Agentic AI Hacker. Coverage of OWASP Top 10 risks and multiple architectures is inherent capability rather than a user selectable catalog of prebuilt agents, templates, or packs. Unable to verify
Triggers & Channel CoverageTests can be triggered directly from the CI/CD pipeline so new releases are challenged before reaching production, and the AI Hacker otherwise runs continuously and persistently 24/7 against live systems. Full
Model Flexibility & RoutingEquixly runs a single proprietary offensive model that it builds, trains, and owns. Its explicit positioning is that it is not a customer selectable foundation model wrapper, so no model selection or routing is offered. Unable to verify
APIs / SDKs / MCP ExtensibilityCI/CD pipeline triggering and the Checkmarx integration imply programmatic hooks, but no public API, SDK, or MCP extensibility for customers to build on the platform is documented. Equixly tests MCP servers as targets rather than exposing MCP for extension. Partial
Testing, Debugging & OptimizationEquixly tests customer applications for security flaws and validates remediation, but it does not offer an agent testing, evaluation, or debugging harness for building or optimizing agents. Its internal reinforcement learning improvement is not a user facing capability. Unable to verify
Browser / Computer-useEquixly attacks at the API and request level and models application behavior for REST, GraphQL, SPA, and server rendered targets. No browser automation or general computer use is documented. Unable to verify

Recent platform changes

No recent material changes tracked yet.

Pricing

Contact sales; no public pricing. Request a demo or start a pentest. Also available on cloud cybersecurity marketplaces.

not disclosed; likely scoped by APIs or applications under continuous test

Contact onlyMedium variable cost

Cost watchouts

Scope expands with the number of APIs and applications and with continuous testing frequency. Marketplace procurement terms may differ from direct.

Variable cost rationale

Continuous testing subscription with no public rate; cost likely scales with the number of APIs and applications under test, but the pricing axis is not disclosed.

Sales call required

Yes — required for paid access

Free / trial

No public free tier; demo on request

Lowest paid plan

Not public

Key ambiguities

No public pricing. Whether billing is per application, per API, or platform tier is not disclosed.

Verified 2026-07-08

Contact us

Found a vendor we missed? Have feedback on the index? We'd love to hear from you.