Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Every inline deployment introduces a tradeoff: enhanced inspection versus increased risk of downtime. Inline protection is important, especially for APIs, which are now the most targeted attack surface, but so is consistent uptime and performance. This is where a fail-open architecture comes in.

Andrew Storms, VP of Security at Replicated, has spent three decades on the frontlines of cybersecurity. From building Unix systems in the early ‘90s to leading incident response and AI security strategies today, he has seen the CISO role evolve from back-office function to boardroom mainstay. In this spotlight, he shares the lessons that shaped his thinking, why storytelling is a critical CISO skill, and how API security is no longer optional.

I recently sat down with Tejpal Garwhal, Application Security and DevSecOps Leader, for a conversation debunking some of the most common API security myths. From zombie endpoints to the limits of WAFS and gateways, we covered what’s really happening on the ground; and what security teams need to do differently. Here’s a quick rundown of the key takeaways, but for the full picture, watch the full webinar.

I’ve seen this story before, and I’m seeing it again. When we founded Salt Security in 2016, APIs already powered the digital economy, Kubernetes started to accelerate the growth of APIs, yet almost nobody was monitoring them. Visibility was near zero, context was missing, and protection was an afterthought. Fast-forward to 2025, and the same blind spot is forming, only bigger. AI agents are no longer just generating content; they are also creating it.

Legislative, regulatory, and advisory bodies the world over are waking up to the importance of API security. Most recently, the UK’s National Cyber Security Centre (NCSC) has published detailed guidance on best practices for building and maintaining secure APIs. In this blog, we’ll break down that guidance and explore how Wallarm’s platform can help you align with each one.

In today’s digital-first world, APIs serve as the core infrastructure of modern business. They power mobile applications, facilitate critical cloud integrations, and support digital transformation initiatives. It's therefore understandable that 73% of CISOs consider API security a top or critical concern. However, a recent survey of 300 security leaders uncovers a troubling paradox: a large gap between awareness and action.

AI has officially moved out of the novelty phase. What began with people messing around with LLM-powered GenAI tools for content creation has rapidly evolved into a complex web of agentic AI systems that form a critical part of the modern corporate landscape. However, this transformation has given new life to old threats, transforming the API security landscape all over again.