Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In a landmark move to safeguard the integrity and scalability of India’s real-time payment infrastructure, the National Payments Corporation of India (NPCI) released the UPI API Security Guidelines (OC-215/2025-26). It is a transformative mandate that goes beyond regulatory compliance. These guidelines redefine how Payment Service Providers (PSPs), acquiring banks, and UPI app providers design, deploy, monitor, and govern their API interactions.

Today, Snyk is launching a powerful enhancement to our API discovery capabilities through a strategic partnership with Akamai. This integration is designed to solve one of the most significant challenges in modern application security: the difficulty of providing API schemas for DAST scanning. By directly ingesting API inventories and their corresponding schemas from Akamai, we are transforming a difficult manual process into a seamless, automated workflow within the Snyk platform.

It is becoming increasingly common for APIs to be exploited by threat actors. Broken Object Level Authorization (BOLA) attacks are also on the rise and represent a critical general vulnerability. The problem is relevant for a broad range of teams, including API-first companies, fintech teams, SaaS platforms, and mobile app backends. The impact of a BOLA vulnerability is significant, including data exposure and regulatory fines.

APIs are essential in today's digital landscape, supporting everything from mobile apps to vital backend systems. As their importance grows, they also become attractive targets for advanced attackers who bypass traditional security methods. These adversaries do not simply exploit API flaws; instead, they mimic normal user behavior to launch subtle, slow-and-low attacks that are difficult for conventional tools to detect.

CrowdStrike is announcing a native integration between CrowdStrike Falcon Shield SaaS security and the OpenAI ChatGPT Enterprise Compliance API, adding visibility and security posture capabilities for mutual customers’ ChatGPT Enterprise environments. This integration helps security teams inventory and monitor AI agents across their organization — including who created them, what they access, and how they’re shared — so teams can consistently apply existing security controls.

Security teams face a daunting mix of relentless alerts, complex investigations, and limited resources. It’s not just about detecting threats; it's also about responding quickly and efficiently. Elastic Security has long provided prebuilt capabilities for detection, investigation, and response. But what really sets Elastic apart is its open, API-first approach that gives you the power to build and automate specific workflows at your security operations center (SOC).