TL;DR AI risk doesn’t live in the model. It lives in the APIs behind it. Every AI interaction triggers a chain of API calls across your environment. Many of those APIs aren’t documented or tracked. That’s your real exposure. Shadow API discovery gives you visibility into those hidden endpoints, so you can find them before attackers do. If you don’t know which APIs your AI relies on, you can’t secure the system. AI Is Quietly…
Dimitris Georgiou has been a self-professed computer geek since the early 80s. At university, he studied the convergence of educational technology with computer science as part of his psychology MA – finding, to his disbelief, that systems were perilously insecure. Since then, he’s always worked in and around cybersecurity. He’s had roles as a computer science teacher, a technology manager, and a cybersecurity consultant, before finally landing in his current role: Chief Security Officer at…
Your board wants AI. Your developers are building with it. Your budget committee is asking for an ROI timeline. But as CISO, you’re the one who has to answer when the inevitable question comes up: “How do we know this is secure?” If you’re like most security leaders, you’re caught between two impossible positions. Say yes to AI initiatives without proper security controls, and you’re responsible when something goes wrong. Say no or slow things…
AI systems are no longer just isolated models responding to human prompts. In modern production environments, they are increasingly chained together – delegating tasks, calling tools, and coordinating decisions with limited or no human oversight. Almost all that communication happens through APIs. This shift offers enormous productivity benefits. But it has also complicated security. Because as soon as systems can talk to each other, they can be attacked through each other. And it’s just a…
Broken authorization is one of the most widely known API vulnerabilities. It features in the OWASP Top 10, AppSec conversations, and secure coding guidelines. Broken Object Level Authorization (BOLA) and Broken Function Level Authorization (BFLA) account for hundreds of API vulnerabilities every quarter. According to the 2026 API ThreatStats report, authorization issues ranked ninth in the API Top 10, “reflecting chronic difficulty in managing roles and permissions at scale.” Obviously, security and development teams know…
The shadow technology problem is getting worse. Over the past few years, organizations have scaled microservices, cloud-native apps, and partner integrations faster than corporate governance models could keep up, resulting in undocumented or shadow APIs. We’re now seeing this pattern all over again with AI systems. And, even worse, AI introduces non-deterministic behavior, autonomous actions, and machine-to-machine decision-making. Put simply, shadow AI is much, much riskier than shadow APIs. And it’s a problem we must…
