The latest Salt Labs State of API Security report is out, and we’re excited to share with you some of the key findings. The security industry news has frequently covered high-profile application programming interface (API) breaches over the past few years, so it’s no surprise that our research found that attackers have upped their activity. Salt Labs analyzed the past year of Salt customer data and found a 400% increase in unique attackers just over the last six months alone.

We’ve already had the first major API-related cybersecurity incidents for 2023. The T-Mobile API breach exposed the personally identifiable information (PII) of 37 million customers. The API attack had been going on since November but was not discovered and disclosed until January 19, illustrating the threat of the “low and slow” approach of API attacks, which are increasing at a steady pace.

I’m excited to share the latest evidence of Salt leadership in API security, with two powerful tributes. First – Salt Security has been honored as winning the “Peace of Mind” category during the first-ever Ally Technology Partner Awards! Ally Financial, the nation’s largest digital-only bank and leading auto finance company, highlighted five suppliers for their outstanding service excellence across a broad array of criteria.

Keeping our customers’ data safe so that they can move forward with business innovation is our constant north star here at Salt. But it’s even more gratifying when our mission is in service to a higher purpose, as it is with today’s announcement of our deployment at Guild Education. With its Career Opportunity Platform, Guild Education helps employees forge a better career path through education.

Last week, three golds. This week, two more. Wow – the accolades keep coming. Salt took top honors in two Globee® Cybersecurity World Award categories: Hot Security Company of the Year for Security Software, and API Management and Security! You can read all the formal details in our announcement. We’ve earned five awards in the past two weeks, and the month isn’t even half over.

The OWASP API project has recently decided to refresh the popular API Security Top 10 threat map. The team at Salt Security has always been actively involved in this project, having been a key contributor to the initial creation of the list. And we continue to be deeply involved in the thinking process, data gathering, and brainstorming in updating it. As of the writing of this post, the final version of API Security Top 10 2023 has not been officially released.

It’s our own version of the triple crown! Salt Security has won gold in not one, not two, but three categories in the 2023 Cybersecurity Excellence Awards! It’s like being at the Oscars and winning Best Picture, Best Actor, and Best Director! Check out our award announcement! This year, Salt won highest honors for: Being recognized as the top solution for API security means a lot to our team.

API attacks have dominated the cybersecurity news cycle lately. In early 2023, T-Mobile made news for an API-based breach of 37 million PII records of its past and present customers. And last year, Optus, a major telecommunications company in Australia, experienced an API security incident that exposed around 10 million customer records. And API attacks that aren't quite as ”newsworthy” happen every single day.

Salt has long benefited from the unique support that comes from being part of the Y Combinator accelerator program (Salt was in the Winter 2016 batch), and all these years later, we’re thrilled to have been named to not one but two of YC’s Top Company lists – the Top Private YC companies 2023 and the YC Breakthrough Companies 2023. For the Top Private list, it’s deja vu all over again, since we made that list last year as well.

OAuth (Open Authorization) is a modern, open authorization standard designed to allow cross-application access delegation – for example, allowing your application to read data from your Facebook profile. Combined with the proper extensions, OAuth can also be used for authentication – for example, to log into your application using Google credentials. Since its first introduction in 2006, OAuth has gained tremendous popularity.