Casco

The AI Security Gap

As AI systems deploy at unprecedented scale, the attack surface has expanded far beyond what traditional security tools can cover. Seventy-three percent of enterprises experienced at least one AI-related security incident in the past year, with average incident costs reaching $4.8 million. Annual penetration tests and legacy vulnerability scanners simply cannot keep pace with the speed at which modern applications — especially those powered by AI — evolve and introduce new risks.

What They're Building

Casco is an autonomous security testing platform that continuously evaluates web applications, APIs, cloud infrastructure, and AI systems for vulnerabilities. Rather than relying on periodic manual assessments, Casco uses AI-driven attack simulation paired with human expert validation to find critical security flaws before attackers can exploit them. Its agentic red-teaming engine simulates sophisticated multi-step attacks, delivering validated findings with remediation guidance mapped to SOC 2, NIST AI RMF, EU AI Act, and ISO 27001 compliance frameworks.

Traction & Recognition

Casco is already trusted by more than 300 companies, including Gusto, CrewAI, Spreedly, and Whop. The company is an OWASP Gold Sponsor and was featured on a Times Square billboard during YC Demo Day. Forgepoint Capital highlighted Casco as a standout AI-first security startup in its analysis of the YC Spring 2025 batch.