Panel Discussion: API Security in DevSecOps. Register Now

Panel Discussion: API Security in DevSecOps. Register Now

Panel Discussion: API Security in DevSecOps. Register Now

Akto’s $4.5M funding: What it means?

This blog is about Akto's seed funding announcement.

Ankita Gupta

8 min read

Akto-seed-funding
Akto-seed-funding
Akto-seed-funding

Super excited to announce that we have raised $4.5M seed funding!

I welcome our lead investor - Accel Partners,  our angel investors - Akshay Kothari (co-founder and COO of Notion), Renaud Deraison ( co-founder Tenable) and Milin Desai (CEO of Sentry) among others for their partnership and trust in Akto.

You can read more about the announcement here.

In the last 12 months of existence, Akto has raised a capital of $4.5M, became a team of 10 members, served few of the largest alpha customers, and processed 10 billion+ API calls. We wrote our first line of code in November last year, and now have SaaS and on-prem versions running in production environments of customers across the globe. Super looking forward to the exciting future ahead.

What problem is Akto solving? 

Over 30 million developers around the world use thousands of APIs everyday. These APIs carry sensitive data of users which if leaked can cause irreparable damage to companies. Security teams struggle to secure these APIs because of:

  1. Lack of API inventory - If you are a developer or security engineer reading this, you can relate to this problem and probably have faced it in your own organization. Agile and continuous release cycle movement has led to developers adding new APIs and updating existing ones very frequently. There is constant back and forth between developers and security engineers to get an updated API inventory. Over 95% of the companies we talked to face this problem. Some of them have tried to solve this by creating a process around it - every time a developer creates an API or updates an API,  he/ she will create an updated API documentation for it. Although this solves the problem but  really slows down the development work. 

  2. Hard to do business logic API security testing - Developers and security engineers don’t have a way to test their APIs for vulnerabilities before new ones are deployed in production or when existing ones are updated with new params. Most security engineers manually test a few important APIs before a release by writing their custom tests.  Some use tools such as Burp which require a lot of manual configuration to test. Now imagine doing this manually for a large number of APIs (1000s) and a large number of tests (50+) manually checking the results for false positives and following up with developers to remove the vulnerabilities found. Now imagine this is done before every release ( almost every week for most companies). Yes, it’s very very hard to do at scale for most companies. To add to the problem, most of the difficult to detect vulnerabilities are business logic ones which are very hard to test for without context. 

Every company we talked to is struggling to solve these problems. Moreover, most teams have to spend months and devops team bandwidth to integrate a tool of their choice as current tools are very hard to install and work with.

How Akto solves this?

Akto is the world’s first plug and play API security product.  Akto deploys in less than a minute to create an inventory of APIs, detects PII data leaks, misconfigurations and continuously tests these APIs for business logic flaws like broken authentication and authorization in CI/CD pipeline.

  1. We strongly believe in creating a continuous API inventory through API traffic with ZERO performance impact. To do so, you can deploy Akto in your cloud ( AWS or GCP ), select load balancers to mirror your API traffic ( staging or production ) and that’s it. Akto will now be able to generate a continuously updated API inventory for you. We are launching a very cool BURP extension this week using which you will be able to also mirror traffic through burp and load in Akto.

  2. Akto solves the testing problem through its robust API security testing module (in beta). Akto continuously learns API context through rich traffic data and uses that to reduce false positives in testing. Once your API inventory is populated, you will be able to run automated business logic tests on all the APIs detected by Akto. 

Monthly product updates in your inbox. No spam.

Monthly product updates in your inbox. No spam.

Monthly product updates in your inbox. No spam.

Our customers

Well, I cannot be more thankful to our early customers who have supported us in every way possible to make a great product. Thanks for believing in us, being patient with the building and solving for bugs. We promise to keep you happy with our roadmap. 

Some of the largest companies around the world are using Akto to discover and test their APIs. Akto has discovered more than 100,000 APIs and detected 100+ auth vulnerabilities for its customers.

What we did in last 12 months?

  1. Our first 5 months: were about building our product for scale which required real production data. We thank each of our first five customers, who believed in two people without any company existence, used our product and gave continuous feedback. Within six months, Akto was able to handle 10B requests a day (Google-scale traffic).

  2. First 5 team members: After multiple rejections, no shows, I am so thankful to each of our first five team members for believing in Ankush and me and our vision to solve for the API security world.

  3. First 5 BOLA vulnerabilities: Well! To look at the joy on our developer’s faces when a customer discovers a critical broken authorization vulnerability using Akto is a real treat to eyes. We have discovered 100s of those now and each time we feel it’s better that Akto discovers it first than an attacker outside. 

  4. Our first public roadmap: We wanted to give visibility to our users and build product through user feedback. To that end we have made our roadmap public starting this quarter. There are some surprise  items we are building for the community besides the roadmap here. 

  5. Passionate experiments: We strongly believe in solving the problem for individual users in the easiest way possible. To do so, we are doing a bunch of experiments and launching interesting products at Akto in the next few months. Watch out for the announcements on twitter handle or be part of the community to get early access.

Road ahead? Taking Akto to 30M developers and security engineers

  1. Robust testing in CI/CD: In the next six months, we will add more than 100+ automated tests to our testing module. Every developer and security engineer wanting to test APIs for vulnerabilities will be able to do so with Akto in CI/CD. 

  2. Global Access: We believe that security teams deserve an awesome API security platform. We will make every effort to make them know we exist and that we are here for them. 

  3. The Akto experience:  We have dedicated a team to work on making sure we deliver a world class customer experience - the Akto experience.

Thank you!

My heartfelt gratitude to our team members, customers and investors for believing in us. Last 12 months have been supremely awesome building Akto and we can’t wait to delight every developer and security engineer with the fastest API security platform. 

Want to ask something?

Our community offers a network of support and resources. You can ask any question there and will get a reply in 24 hours.

Want to ask something?

Our community offers a network of support and resources. You can ask any question there and will get a reply in 24 hours.

Want to ask something?

Our community offers a network of support and resources. You can ask any question there and will get a reply in 24 hours.

Follow us for more updates

Experience enterprise-grade API Security solution