42Crunch raises $17m in Series A to solve global API security threat

London, UK – 42Crunch, the API security leader, today announces that it has secured $17 million in a Series A investment led by Energy Impact Partners, a leading global investment firm, joined by Adara Ventures. 42Crunch is the creator of the world’s first Application Programming Interface (API) micro-firewall and a pioneer in protecting APIs against attacks listed in the OWASP Top 10 for API Security.

As stated in the Gartner report, ‘API Security: What You Need to Do to Protect Your APIs, “By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.”

“What do the recent data breaches at Facebook, MGM Grand and Clubhouse have in common? They all came about due to API vulnerabilities,” said CEO and Co-Founder of 42Crunch, Jacques Declas. “83% of internet traffic now comes from APIs but traditional firewall approaches are not adapted to cope with the specific threats that APIs create.”

Traditional firewalls rely on patterns and signatures to detect potential issues – an approach which does not work for API traffic and results in a massive number of false positives. The 42Crunch platform has been designed to individually protect each API, stopping common cyber-attacks such as injections but also API-specific attacks such as those affecting the iPhone call recorder app and SolarWinds. Moreover, 42Crunch’s micro-firewall has been designed to be embedded with the APIs they protect, providing defence in-depth for microservice architectures, without the latency or deployment cost usually associated with traditional firewall solutions.

Isabelle Mauny, Co-founder and CTO of 42Crunch, said, “Protecting APIs from threats at runtime is only part of the story. APIs will only be truly secured when security becomes part of the developer’s flow, rather than an afterthought.” 42Crunch is focused on securing APIs by empowering DevOps teams with automated cybersecurity tools. It is the only platform that allows continuous discovery, audit, scanning and protection of APIs throughout their entire lifecycle – from design to production – enabling enterprises managing thousands of APIs to deliver security at scale. 42Crunch is also dedicated to educating the developer community through its forum

Isabelle Mauny added, “Development has changed in the past decade, becoming extremely agile, with the adoption of loose coupling architectures and Kubernetes. The cost of fixing security flaws at production time is a major issue for enterprises. Our mission is to make API threat protection as agile and automated as development. The overwhelming success of our platform plugins, which have now been installed by 200k developers, is proof that security can truly become part of the whole API lifecycle, provided developers are equipped with the right tools.”

Nazo Moosa, Co-Managing Partner, Energy Impact Partners added: “42Crunch’s ‘shift-left approach’ to the creation of secure-by-design APIs fits strongly with EIP’s vision of protecting global critical infrastructure. The company’s six-digit customer wins last year were catalytic to our decision to lead the round. Having established partnerships with companies such as Mulesoft and Qualys and secured Fortune 500 customers in the financial, automotive and insurance industries, our goal is to help 42Crunch build on this commercial traction and expand in the US, APAC and Europe.”

Jacques Declas, Co-founder and CEO, 42Crunch, added: “Energy Impact Partners shares our vision of helping developers to be the driving force behind API security. With this new investment, we will be able to accelerate product innovation, expand our go-to-market strategy, and accelerate customer acquisition in 2021 and beyond.”

About 42Crunch

42Crunch bridges the gap between API development and security teams with a simple, automated platform that provides auditing, live endpoint scanning, and micro API firewall protection. Unlike other solutions on the market, the 42Crunch platform empowers development, security and operations teams with a set of integrated tools to easily build security into the foundation of the API and enforce those policies throughout the API lifecycle. By delivering security as code you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing integrity. Visit to learn more. Visit our online community at

About Energy Impact Partners

Energy Impact Partners (EIP) is a global investment platform leading the transition to a sustainable energy future. EIP brings together entrepreneurs and the world’s most forward-looking energy and industrial companies to advance innovation. With over $1.5 billion in assets under management, EIP invests globally across venture, growth, credit and infrastructure – and has a team of more than 45 professionals based in its offices in New York, San Francisco, Palm Beach, London, Cologne and soon Oslo. For more information on EIP, please visit


Media contact: Emma Thorpe,, +44 (0)7909 974958

Latest Resources


Something Old, Something New – OWASP API Security Top 10 in 2023

42Crunch’s Colin Domoney takes a look at the new OWASP API Security 2023 listing, identifying which vulnerabilities are new, which have not changed and which have been removed.


How to Embed API Security Testing into the Development Lifecycle without Delaying Production Rollout

By Mark Dolan | September 19, 2023

This is the first in a 3-part series of blogs exploring how 42Crunch assists enterprises with API security compliance. In her seminal blogpost, “Shifting Security to the Left” Shannon Lietz explains how including security testing earlier in the development lifecycle makes for longer-lived and more resilient software. The principles she advocates for are also what guides us at 42Crunch..


APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.