42Crunch

42Crunch is an API and AI security platform that helps organizations discover, test, secure, and continuously monitor APIs across development and runtime environments. Its platform is built around OpenAPI-driven controls that let teams define security earlier, validate implementations against approved contracts, and carry those controls into production.

42Crunch takes a contract-centric, developer-first approach to API security. It embeds testing and governance into IDEs, CI/CD pipelines, and runtime deployments so development, security, and operations teams can work from a shared definition of API risk and policy. The company has also extended this model to AI use cases with guardrails for AI-generated API development and secure exposure of enterprise APIs to AI agents through MCP.

Offerings, Capabilities, and Integrations

42Crunch combines API inventory, design governance, static contract analysis, dynamic conformance and security testing, runtime enforcement, and monitoring within one platform. Security teams can standardize policies and quality gates, while developers receive remediation guidance inside familiar workflows and operations teams can deploy protection close to the API.

Its integration model is broad but targeted. 42Crunch supports IDE workflows in VS Code, JetBrains, and Eclipse; CI/CD automation through tools such as GitHub Actions, GitLab CI, Azure DevOps, and Jenkins; containerized runtime deployment on Kubernetes, Amazon ECS, and Red Hat OpenShift; and Microsoft ecosystem integrations for cloud security monitoring and governance.

Products and Services

• API Security Platform: Core platform for API security governance, testing, runtime protection, and monitoring across the API lifecycle.
• Secure MCP Server: Security control plane that exposes API-based business services to AI agents through MCP with authentication, authorization, contract enforcement, response inspection, rate limiting, and audit logging.
• Guardrails for Agentic AI Coding: Deterministic guardrails that validate AI-generated API contracts and development output, then feed structured remediation findings back into engineering workflows.
• API Security Testing: Shift-left testing capability that combines contract auditing and live API scanning to identify vulnerabilities, misconfigurations, and implementation gaps.
• API Discovery: API inventory capability that helps teams identify and track APIs from repositories and related sources for downstream governance, testing, and protection.
• API Design: Design-time capability for creating stronger OpenAPI contracts with security and quality controls applied early in the lifecycle.
• API Audit: Static analysis and linting service that scores OpenAPI contracts and checks structure, semantics, data definitions, and security configuration.
• API Scan: Dynamic conformance and security scan that tests live API implementations against the approved API contract.
• API Contract Generator: Tool that generates OpenAPI contracts from Postman collections, API traffic, and partial artifacts to accelerate documentation and downstream security workflows.
• API Protection: Runtime protection capability that uses an API micro-firewall and positive security model to enforce contract-based policies and block malicious traffic.

Target Customers

42Crunch targets enterprises that depend on large and growing API estates, especially those running distributed development teams and modern DevSecOps programs. Its users span API architects, developers, QA teams, application security leaders, and platform or operations teams that need a common control framework from design through runtime.

The platform is well suited to organizations in API-intensive and regulated environments such as financial services, insurance, telecommunications, automotive, healthcare, and public sector digital services. It also fits companies adopting agentic AI that need governed access between AI agents and internal business APIs rather than direct, unmanaged exposure.

Cloud Integrations and Marketplace

• Azure Marketplace: 42Crunch has a verified Microsoft commercial marketplace listing for its API Security Platform.
• Microsoft Defender for Cloud: 42Crunch integrates API audit and vulnerability testing with Microsoft Defender for Cloud to extend API security visibility from development into runtime governance.
• Microsoft Sentinel: 42Crunch supports monitoring and alerting workflows through Microsoft Sentinel using API telemetry and security event data.

Key People

• Jacques Declas: CEO & Co-Founder
• Philippe Leothaud: CTO and Co-Founder
• Isabelle Mauny: Co-Founder
• Maria McWalter: CFO
• Hugh Carroll: CMO
• Matthieu Estrade: VP Engineering
• Axel Grosse: Global Head of PreSales
• Anthony Lonergan: Head of Product Marketing / Editor APIsecurity.io

Key Facts

• Headquarters: Dublin, Ireland
• Employees: Approximately 36 employees
• Annual Revenue: Undisclosed
• Parent Company: 42Crunch Ltd
• Subsidiaries: 42Crunch Inc.; 42Crunch SAS; 42Crunch Security Systems Ltd.
• Publicly Listed: Private

Analyst Recognitions

• Gartner: 2017 Gartner Cool Vendors in Monitoring and Management of Threats to Applications and Data – Cool Vendor.