Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

APIs Are Critical Infrastructure. Why Aren't We Treating Them That Way?

Mar 18, 2026 By Wallarm In Wallarm
‍In this session, we take an in-depth look at what it truly means to treat APIs as critical infrastructure. Using industry data and real-world examples, we explore the gap between how much businesses rely on APIs and how well they are actually protected. And we talk about why that gap introduces operational and regulatory risks.
View Video

AppSec in the age of AI: An RSA Conference preview

Mar 13, 2026 By Wallarm In Wallarm
Application security is at a breaking point as development teams move faster than ever, aided by AI-powered coding assistants. While these tools boost productivity, they also introduce subtle errors and insecure patterns at scale. The result: a growing backlog of vulnerabilities that outpaces traditional AppSec models. This webcast examines the risks and opportunities of AI in AppSec and who will be addressing it at RSA Conference. We’ll explore how defenders can use AI to level the playing field with automated scanning, intelligent prioritization, and secure-by-design practices.
View Video
salt security

An AI Agent Didn't Hack McKinsey. Its Exposed APIs Did.

Mar 13, 2026 By Roey Eliyahu In Salt Security
This week’s McKinsey incident should be a wake-up call for every enterprise moving fast to deploy AI. Not because AI itself is inherently insecure. But because too many organizations are still thinking about AI security at the model layer, while the real enterprise risk sits in the action layer: the APIs, MCP servers, internal services, and shadow integrations that AI agents can reach, invoke, and manipulate. That is the part most companies still do not see.
Read Post
The Hidden Security Risks Living Inside Your APIs

The Hidden Security Risks Living Inside Your APIs

Mar 12, 2026 By SecuritySenses In SecuritySenses
Most organisations spend serious money on firewalls, endpoint protection, and threat monitoring. Yet one of the most commonly exploited attack surfaces gets far less attention: the APIs quietly running underneath almost every modern application. APIs are the connective tissue of today's digital infrastructure. They allow apps to talk to each other, enable third-party integrations, and power the real-time data exchanges that businesses depend on daily. They are also a favourite target for attackers who know that many organisations have not secured them properly.
Read Post
wallarm

The CISO's Dilemma: How To Scale AI Securely

Mar 11, 2026 By Wallarm In Wallarm
Your board wants AI. Your developers are building with it. Your budget committee is asking for an ROI timeline. But as CISO, you're the one who has to answer when the inevitable question comes up: "How do we know this is secure?" If you're like most security leaders, you're caught between two impossible positions. Say yes to AI initiatives without proper security controls, and you're responsible when something goes wrong.
Read Post
salt security

The Economic Argument: The Real Cost of Insecure APIs in the AI Era

Mar 10, 2026 By Eric Schwake In Salt Security
When cybersecurity teams talk about risk, they usually speak in technical terms like vulnerabilities, exploits, and attack vectors. But when they walk into the boardroom, they need to speak a different language. They need to speak about cost. In the era of AI, the cost of insecure APIs has shifted from a potential liability to a tangible line item on the balance sheet. It is no longer just about the cost of a data breach.
Read Post
cloudflare

Active defense: introducing a stateful vulnerability scanner for APIs

Mar 9, 2026 By John Cosgrove In Cloudflare
Security is traditionally a game of defense. You build walls, set up gates, and write rules to block traffic that looks suspicious. For years, Cloudflare has been a leader in this space: our Application Security platform is designed to catch attacks in flight, dropping malicious requests at the edge before they ever reach your origin. But for API security, defensive posturing isn’t enough. That’s why today, we are launching the beta of Cloudflare’s Web and API Vulnerability Scanner.
Read Post
wallarm

Agent-to-Agent Attacks Are Coming: What API Security Teaches Us About Securing AI Systems

Mar 6, 2026 By Wallarm In Wallarm
AI systems are no longer just isolated models responding to human prompts. In modern production environments, they are increasingly chained together – delegating tasks, calling tools, and coordinating decisions with limited or no human oversight. Almost all that communication happens through APIs. This shift offers enormous productivity benefits. But it has also complicated security. Because as soon as systems can talk to each other, they can be attacked through each other.
Read Post
wallarm

Everyone Knows About Broken Authorization - So Why Does It Still Work for Attackers?

Mar 2, 2026 By Wallarm In Wallarm
Broken authorization is one of the most widely known API vulnerabilities. It features in the OWASP Top 10, AppSec conversations, and secure coding guidelines. Broken Object Level Authorization (BOLA) and Broken Function Level Authorization (BFLA) account for hundreds of API vulnerabilities every quarter. According to the 2026 API ThreatStats report, authorization issues ranked ninth in the API Top 10, “reflecting chronic difficulty in managing roles and permissions at scale.”
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.