Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Fast, Secure, Resilient: Modernizing Application Security at Scale

Jan 30, 2026 By Wallarm In Wallarm
Software release cycles are now too fast for traditional security tools. Rapid iterations and reliance on open-source and cloud-native tech increase vulnerabilities, challenging AppSec teams to keep up. Attackers are taking advantage, targeting applications and exploiting misconfigurations, excessive permissions, and vulnerable plug-ins.
View Video
salt security

Measuring Agentic AI Posture: A New Metric for CISOs

Jan 29, 2026 By Eric Schwake In Salt Security
In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers indicate to the Board how quickly we respond when issues arise. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised, data exfiltration happens in milliseconds rather than days. If you are waiting for an incident to measure your success, you have already lost.
Read Post

Fast, Secure, Resilient: Modernizing Application Security at Scale

Jan 29, 2026 By Wallarm In Wallarm
Software release cycles are now too fast for traditional security tools. Rapid iterations and reliance on open-source and cloud-native tech increase vulnerabilities, challenging AppSec teams to keep up. Attackers are taking advantage, targeting applications and exploiting misconfigurations, excessive permissions, and vulnerable plug-ins.
View Video

AI is Actively LEAKING Your Data (And You Don't Know It) #apisecurity #airisks #dataprotection #ai

Jan 29, 2026 By Wallarm In Wallarm
AI agents don't think. They pattern-match. Critical to understand: Generative AI (ChatGPT, Claude, etc.) does NOT reason like humans. It: The API Security problem: When you give an AI agent access to an API, it will: AI agents can't reason. They recreate patterns based on weights. You need to be very careful: data in, data out. Practical example: text User: "Show me the account balance for user" AI agent → calls GET /api/account/123 API → returns { balance: 5000, name: "John", SSN: "123-45-6789" } AI agent → outputs EVERYTHING to user (including SSN!)
View Video
wallarm

Why API Security Is No Longer an AppSec Problem - And What Security Leaders Must Do Instead

Jan 29, 2026 By Wallarm In Wallarm
APIs are one of the most important technologies in digital business ecosystems. And yet, the responsibility for their security often falls to AppSec teams – and that’s a problem. This organizational mismatch creates systemic risk: business teams assume APIs are “secured,” while attackers exploit logic flaws, authorization gaps, and automated attacks in production. As Tim Erlin noted recently, “These are not exploits of a specific vulnerability, but abuse of an API.”
Read Post
astra

What is API Security Management? A Complete Guide

Jan 28, 2026 By Sanskriti Jain In Astra
The fact that you’re here is proof enough that API is somewhere disturbing your or your security team’s sleep. Whether it is 99% of organizations reporting API security issues in recent surveys, or it’s a compliance/client mandate. We know you are (fear you soon will be) grappling with shadow APIs, misconfigured endpoints leaking sensitive data, BOLAs, unauthorized access, and more.
Read Post
salt security

Stop Staring at JSON: How GenAI is Solving the API "Context Crisis"

Jan 28, 2026 By Eric Schwake In Salt Security
There is a moment that happens in every SOC (Security Operations Center) every day. An alert fires. An analyst looks at a dashboard and sees a UR: POST /vs/payments/proc/77a. And then they stop. They stare. And they ask the question that kills productivity: "What does this thing actually do?" Is it a critical payment gateway? A test function? Does it handle credit card numbers or just transaction IDs?
Read Post

How to integrate third-party APIs in Drupal

Jan 27, 2026 By miniOrange In miniOrange
Learn how to create and manage Custom REST API endpoints in Drupal using the Custom API module. This step-by-step tutorial shows how to build APIs without writing complex backend code, using Drupal’s core REST and routing system. Comprehensive Documentation: Don't forget to subscribe to our channel and click on the bell icon to get notifications about new uploads.
View Video

Business Logic Abuse: The Attack You Can't Patch #businesslogic #apisecurity #cybersecurity

Jan 27, 2026 By Wallarm In Wallarm
The attack that no patch can fix Scenario:"Give me one million pizzas" API responds: "OK, one million pizzas at $0.01 each" Attacker: "Thanks!" What happened? API works exactly as designed Syntax is correct Protocol is followed WAF sees nothing wrong BUT the business logic intended: "Max 100 pizzas per order, at normal pricing".
View Video
salt security

From the Data Lake to the Edge: Why Universal Visibility is the Future of API Security

Jan 22, 2026 By Eric Schwake In Salt Security
If you look at an enterprise architecture diagram from five years ago, it looks relatively tidy. You had a data center, maybe a cloud provider, and a few gateways. Today, that diagram looks like a constellation. Data is living in AI platforms like Databricks. Frontend applications are pushed to the edge on Netlify. Logic is scattered across microservices, serverless functions, and legacy IIS servers. For security teams, this fragmentation creates a massive headache: Blind Spots.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.