API Security

The shadow technology problem is getting worse. Over the past few years, organizations have scaled microservices, cloud-native apps, and partner integrations faster than corporate governance models could keep up, resulting in undocumented or shadow APIs.  We’re now seeing this pattern all over again with AI systems. And, even worse, AI introduces non-deterministic behavior, autonomous actions, and machine-to-machine decision-making. Put simply, shadow AI is much, much riskier than shadow APIs. And it’s a problem we must…

API security has been a growing concern for years. However, while it was always seen as important, it often came second to application security or hardening infrastructure. In 2025, the picture changed. Wallarm’s 2026 API ThreatStats Report revealed that APIs are now the primary attack surface for digital business, and not because bad actors discovered new zero-days, but because of compounding failures in identity, exposure, and abuse. From vulnerability disclosures, exploited vulnerabilities, and breaches, APIs…

It’s an unusually cold winter morning in Houston, and Craig Riddell is settling into his new role as Wallarm’s Global Field CISO. It’s a position that suits him down to the ground, blending technical depth, empathy, business acumen, and, what Craig believes, the most underrated skill in cybersecurity: curiosity.  Like so many of us, Craig got into cybersecurity by accident. He first learned Unix under the guidance of a mentor while transitioning out of the…

You probably think the security mantra “you can’t protect what you don’t know about” is an inarguable truth. But you would be wrong. It doesn’t hold water in today’s threat landscape. Of course, it sounds reasonable. Before you secure APIs, you must first discover, inventory, and document them exhaustively. The problem is that this way of thinking has hardened into dogma and ignores how attackers actually attack modern systems. Modern attackers abuse typical, legitimate behaviors…

APIs are one of the most important technologies in digital business ecosystems. And yet, the responsibility for their security often falls to AppSec teams – and that’s a problem. This organizational mismatch creates systemic risk: business teams assume APIs are “secured,” while attackers exploit logic flaws, authorization gaps, and automated attacks in production. As Tim Erlin noted recently, “These are not exploits of a specific vulnerability, but abuse of an API.”   How API Security Became…

API security is becoming more important by the day and skilled practitioners are in high demand. Now’s the time to level up your API security skillset.  Wallarm University, our free training course, provides security analysts, engineers, and practitioners with hands-on skills you can’t get from documentation, videos, or traditional courses. Run real attacks, investigate real signals, and learn exactly how to defend API environments when it counts. Here are the 7 reasons you should register. …