Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

APIs serve as the foundation for modern digital innovation, supporting everything from mobile applications to intricate business integrations. However, as their numbers soar, with many companies experiencing annual growth rates of 50-100%, they have also become a significant target for cyber attackers. Relying on "good enough" API security could leave your most vital assets perilously unprotected.

In an era where APIs are the connective tissue of enterprise ecosystems, authentication and authorization can no longer be treated as mere checklist items. They must become strategic disciplines—crafted thoughtfully to align security with business velocity, regulatory expectations, and evolving threat landscapes.

Mike Wilkes has had a career many cybersecurity professionals could only dream of. An adjunct professor, former CISO of Marvel and MLS, member of the World Economic Forum, drummer, and board member at the National Jazz Museum in Harlem, his interests and achievements are as eclectic as they are impressive.

The conversation around API design often defaults to technical preferences—developers choosing CRUD APIs for simplicity or REST APIs for structure. However, for enterprise leaders responsible for risk, compliance, and digital resilience, the implications of this choice are far more profound. The CRUD vs. REST debate is not merely architectural; it’s strategic.

Open banking has evolved from a regulatory obligation into a competitive imperative. What began as a movement to give consumers control over their financial data has become the engine powering innovation in fintech. At the heart of this transformation sits an often-underestimated player: the API aggregator.

Open banking is often mischaracterized as a purely technical transformation—an initiative to expose financial services through APIs to third parties. But framing it this way overlooks the more profound shift underway. At its core, open banking is a re-architecture of digital trust, where customer data, once locked behind proprietary systems, becomes mobile, programmable, and subject to constant third-party interaction.

API latency is often an unnoticed threat in the vast digital landscape, quietly wreaking havoc on system performance, user experience, and—perhaps most critically—security. For security leaders, understanding and mitigating API latency should be more than a performance enhancement goal; it’s a foundational part of any robust cybersecurity strategy.

In today’s highly interconnected digital ecosystem, external APIs have become indispensable for organizations looking to enhance their capabilities and remain competitive. These interfaces allow businesses to seamlessly integrate third-party services, data, and functionalities into their applications, unlocking many possibilities. However, while external APIs offer immense opportunities, they also come with significant challenges, especially regarding security, governance, and risk management.

It must be the season for API security incidents. Hot on the heels of a developer leaking an API key for private Tesla and SpaceX LLMs, researchers have now discovered a set of tools for validating account information via API abuse, leveraging undocumented TikTok and Instagram APIs. The tools, and assumed exploitation, involve malicious Python packages - checker-SaGaF, stein lurks, and inner core - uploaded to PyPI.