Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

APIs are more than technical components—they're business-critical assets. In this powerful moment, Jeremy Dodson lays out why frameworks aren't enough and why companies must treat API security as a core business priority. Security leaders: it’s time to shift your mindset and protect real data flows, not just check boxes.

Content delivery networks (CDNs) are great for performance—but terrible for protecting APIs. Attackers can poison the cache or route around security altogether when APIs are misconfigured. In this clip, Jeremy Dodson explains why relying on CDNs can expose critical business data.

Forget zero-days. Attackers now focus on API logic flaws like BOLA and IDOR to steal data using legitimate requests.

Unpacking Myths, Revealing Truths, Securing APIs APIs are the lifeline of digital innovation, connecting systems and enabling seamless user experiences. But with great power comes great risk. There’s a lot of misinformation out there about API security that could leave your business vulnerable if followed. ‍

Modern AI security must be layered: protections inside the agent, at the API level, and within infrastructure.

You don't need direct access to an AI model to manipulate it. Third-party content like resumes or metadata can inject malicious prompts.

Jailbreaking AI is modern hacking — tricking the system into behaving in unintended ways. It’s like truth serum for AI.

Legacy tools like WAFs and API gateways weren't built for AI threats like prompt injections. Security must evolve.

Agentic AI greatly expands the attack surface: more platforms, more APIs, and more ways for attackers to access sensitive data.

APIs are quickly becoming the primary attack surface targeted by cyber criminals. The rise of generative AI systems, which run on APIs, has driven a dramatic increase in the number of APIs in use. How can you ensure your existing APIs and growing AI deployments remain secure, compliant, and resilient? NIST has now released an initial public draft of SP 800-228: Guidelines for API Protection for Cloud-Native Systems.