Akto’s $4.5M funding: What it means?

Super excited to announce that we have raised $4.5M seed funding!

I welcome our lead investor - Accel Partners,  our angel investors - Akshay Kothari (co-founder and COO of Notion), Renaud Deraison ( co-founder Tenable) and Milin Desai (CEO of Sentry) among others for their partnership and trust in Akto.

You can read more about the announcement here.

In the last 12 months of existence, Akto has raised a capital of $4.5M, became a team of 10 members, served few of the largest alpha customers, and processed 10 billion+ API calls. We wrote our first line of code in November last year, and now have SaaS and on-prem versions running in production environments of customers across the globe. Super looking forward to the exciting future ahead.

What problem is Akto solving? 

Over 30 million developers around the world use thousands of APIs everyday. These APIs carry sensitive data of users which if leaked can cause irreparable damage to companies. Security teams struggle to secure these APIs because of:

1. ‍Lack of API inventory - If you are a developer or security engineer reading this, you can relate to this problem and probably have faced it in your own organization. Agile and continuous release cycle movement has led to developers adding new APIs and updating existing ones very frequently. There is constant back and forth between developers and security engineers to get an updated API inventory. Over 95% of the companies we talked to face this problem. Some of them have tried to solve this by creating a process around it - every time a developer creates an API or updates an API,  he/ she will create an updated API documentation for it. Although this solves the problem but  really slows down the development work. ‍

2. Hard to do business logic API security testing - Developers and security engineers don’t have a way to test their APIs for vulnerabilities before new ones are deployed in production or when existing ones are updated with new params. Most security engineers manually test a few important APIs before a release by writing their custom tests.  Some use tools such as Burp which require a lot of manual configuration to test. Now imagine doing this manually for a large number of APIs (1000s) and a large number of tests (50+) manually checking the results for false positives and following up with developers to remove the vulnerabilities found. Now imagine this is done before every release ( almost every week for most companies). Yes, it’s very very hard to do at scale for most companies. To add to the problem, most of the difficult to detect vulnerabilities are business logic ones which are very hard to test for without context. 

Every company we talked to is struggling to solve these problems. Moreover, most teams have to spend months and devops team bandwidth to integrate a tool of their choice as current tools are very hard to install and work with.

How Akto solves this?

Akto is the world’s first plug and play API security product.  Akto deploys in less than a minute to create an inventory of APIs, detects PII data leaks, misconfigurations and continuously tests these APIs for business logic flaws like broken authentication and authorization in CI/CD pipeline.

1. We strongly believe in creating a continuous API inventory through API traffic with ZERO performance impact. To do so, you can deploy Akto in your cloud ( AWS or GCP ), select load balancers to mirror your API traffic ( staging or production ) and that’s it. Akto will now be able to generate a continuously updated API inventory for you. We are launching a very cool BURP extension this week using which you will be able to also mirror traffic through burp and load in Akto.

2. Akto solves the testing problem through its robust API security testing module (in beta). Akto continuously learns API context through rich traffic data and uses that to reduce false positives in testing. Once your API inventory is populated, you will be able to run automated business logic tests on all the APIs detected by Akto.