London API security software 42Crunch raises £12M funding to ensure protection from security threat


At a time when a majority of staff are working from home, security becomes a priority. As most platforms we use every day are powered by API, it becomes imperative to keep them protected. However, this has been an overlooked issue for many years. London-based 42Crunch is an API security software designed to individually protect each API, thereby stopping common cyberattacks.

£12M Series A funding

Now, 42Crunch hit the headlines as it bagged $17 million (nearly £12 million) in a Series A funding round. The investment round was led by Energy Impact Partners, a leading global investment firm alongside Adara Ventures.

Nazo Moosa, Co-Managing Partner, Energy Impact Partners added: “42Crunch’s ‘shift-left approach’ to the creation of secure-by-design APIs fits strongly with EIP’s vision of protecting global critical infrastructure. The company’s six-digit customer wins last year were catalytic to our decision to lead the round. Having established partnerships with companies such as Mulesoft and Qualys and secured Fortune 500 customers in the financial, automotive and insurance industries, our goal is to help 42Crunch build on this commercial traction and expand in the US, APAC and Europe.”

Jacques Declas, Co-founder and CEO, 42Crunch, added: “Energy Impact Partners shares our vision of helping developers to be the driving force behind API security. With this new investment, we will be able to accelerate product innovation, expand our go-to-market strategy, and accelerate customer acquisition in 2021 and beyond.”

Why 42Crunch?

Established by Isabelle Mauny, Jacques Declas, and Philippe Leothaud in 2016, 42Crunch is the creator of the world’s first Application Programming Interface (API) micro-firewall and a pioneer in protecting APIs against attacks listed in the OWASP Top 10 for API Security.

As stated in the Gartner report, API abuses will move from an infrequent attack to the most-frequent attack by 2022, thereby resulting in data breaches for enterprise web applications.

“What do the recent data breaches at Facebook, MGM Grand, and Clubhouse have in common? They all came about due to API vulnerabilities,” said CEO and Co-Founder of 42Crunch, Jacques Declas. “83% of internet traffic now comes from APIs but traditional firewall approaches are not adapted to cope with the specific threats that APIs create.”

The company protects from common cyber-attacks such as injections and API-specific attacks such as those affecting the iPhone call recorder app and SolarWinds. Its micro-firewall has been designed to be embedded with the APIs they protect, providing defence in-depth for microservice architectures, without the latency or deployment cost usually associated with traditional firewall solutions.

42Crunch secures APIs by empowering DevOps teams with automated cybersecurity tools. It is the only platform that allows continuous discovery, audit, scanning and protection of APIs throughout their entire lifecycle – from design to production – enabling enterprises managing thousands of APIs to deliver security at scale. 42Crunch is dedicated to educating the developer community through its forum apisecurity.io.

Isabelle Mauny, Co-founder and CTO of 42Crunch, said, “Protecting APIs from threats at runtime is only part of the story. APIs will only be truly secured when security becomes part of the developer’s flow, rather than an afterthought. Development has changed in the past decade, becoming extremely agile, with the adoption of loose coupling architectures and Kubernetes. The cost of fixing security flaws at production time is a major issue for enterprises. Our mission is to make API threat protection as agile and automated as development. The overwhelming success of our platform plugins, which have now been installed by 200k developers, is proof that security can truly become part of the whole API lifecycle, provided developers are equipped with the right tools.”