|
By Wallarm
Most organizations treating AI security as a model problem are defending the wrong layer. Security teams filter prompts, patch jailbreaks, and tune model behavior, which is all necessary work, while the actual attack surface sits largely unexamined underneath. That surface is the API layer: the endpoints AI systems use to retrieve data, call tools, and take action on behalf of users. This isn't a theoretical gap.
|
By Wallarm
Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol (MCP), the fast-growing standard for connecting AI agents to external services, inherits that gap from the models it sits on top of.
|
By Wallarm
Your legal team just handed you a 400-page document and said "figure out compliance." The EU AI Act is live, your organization falls under its scope, which is broader than many expect. Even non‑EU companies must comply if their AI systems are used, deployed, or produce effects within the European Union. In practice, that means that global organizations building or integrating AI models cannot treat the Act as a regional regulation.
|
By Wallarm
AI risk doesn’t live in the model. It lives in the APIs behind it. Every AI interaction triggers a chain of API calls across your environment. Many of those APIs aren’t documented or tracked. That’s your real exposure. Shadow API discovery gives you visibility into those hidden endpoints, so you can find them before attackers do. If you don’t know which APIs your AI relies on, you can’t secure the system.
|
By Wallarm
Dimitris Georgiou has been a self-professed computer geek since the early 80s. At university, he studied the convergence of educational technology with computer science as part of his psychology MA – finding, to his disbelief, that systems were perilously insecure. Since then, he’s always worked in and around cybersecurity.
|
By Wallarm
Your board wants AI. Your developers are building with it. Your budget committee is asking for an ROI timeline. But as CISO, you're the one who has to answer when the inevitable question comes up: "How do we know this is secure?" If you're like most security leaders, you're caught between two impossible positions. Say yes to AI initiatives without proper security controls, and you're responsible when something goes wrong.
|
By Wallarm
AI systems are no longer just isolated models responding to human prompts. In modern production environments, they are increasingly chained together – delegating tasks, calling tools, and coordinating decisions with limited or no human oversight. Almost all that communication happens through APIs. This shift offers enormous productivity benefits. But it has also complicated security. Because as soon as systems can talk to each other, they can be attacked through each other.
|
By Wallarm
Broken authorization is one of the most widely known API vulnerabilities. It features in the OWASP Top 10, AppSec conversations, and secure coding guidelines. Broken Object Level Authorization (BOLA) and Broken Function Level Authorization (BFLA) account for hundreds of API vulnerabilities every quarter. According to the 2026 API ThreatStats report, authorization issues ranked ninth in the API Top 10, “reflecting chronic difficulty in managing roles and permissions at scale.”
|
By Wallarm
API security has been a growing concern for years. However, while it was always seen as important, it often came second to application security or hardening infrastructure. In 2025, the picture changed. Wallarm’s 2026 API ThreatStats Report revealed that APIs are now the primary attack surface for digital business, and not because bad actors discovered new zero-days, but because of compounding failures in identity, exposure, and abuse.
|
By Wallarm
The shadow technology problem is getting worse. Over the past few years, organizations have scaled microservices, cloud-native apps, and partner integrations faster than corporate governance models could keep up, resulting in undocumented or shadow APIs. We’re now seeing this pattern all over again with AI systems. And, even worse, AI introduces non-deterministic behavior, autonomous actions, and machine-to-machine decision-making. Put simply, shadow AI is much, much riskier than shadow APIs.
|
By Wallarm
In this session, business leaders will get a clear view of what is at stake and what it means for how you govern, protect, and lead.
|
By Wallarm
In this session, we take an in-depth look at what it truly means to treat APIs as critical infrastructure. Using industry data and real-world examples, we explore the gap between how much businesses rely on APIs and how well they are actually protected. And we talk about why that gap introduces operational and regulatory risks.
|
By Wallarm
Application security is at a breaking point as development teams move faster than ever, aided by AI-powered coding assistants. While these tools boost productivity, they also introduce subtle errors and insecure patterns at scale. The result: a growing backlog of vulnerabilities that outpaces traditional AppSec models. This webcast examines the risks and opportunities of AI in AppSec and who will be addressing it at RSA Conference. We’ll explore how defenders can use AI to level the playing field with automated scanning, intelligent prioritization, and secure-by-design practices.
|
By Wallarm
In this webinar, you’ll learn how attackers are targeting APIs that power AI applications and agents.
|
By Wallarm
PHISHING GOT 10X FASTER Phishing attacks sped up 10x thanks to AI what took weeks is now compressed to hours. Vulnerabilities are discovered continuously and scaled instantly Attacks became adaptive and contextual for 2025 cybersecurity In this short clip from our webinar, we break down why this is the new reality.
|
By Wallarm
You're still doing API security manually in 2026? 2016: 100 APIs → Could handle with smart people doing manual pen testing 2020: 1,000 APIs → Difficult but possible 2025: 10,000+ APIs → Physically impossible Long ago we did API security manually. There weren't many APIs. We had smart people. We'd do some pen testing and move on. That worked in 2016. But let's be honest—this problem is getting EXPONENTIALLY bigger. Every organization will realize: we can't do this manually anymore.
|
By Wallarm
Software release cycles are now too fast for traditional security tools. Rapid iterations and reliance on open-source and cloud-native tech increase vulnerabilities, challenging AppSec teams to keep up. Attackers are taking advantage, targeting applications and exploiting misconfigurations, excessive permissions, and vulnerable plug-ins.
|
By Wallarm
Software release cycles are now too fast for traditional security tools. Rapid iterations and reliance on open-source and cloud-native tech increase vulnerabilities, challenging AppSec teams to keep up. Attackers are taking advantage, targeting applications and exploiting misconfigurations, excessive permissions, and vulnerable plug-ins.
|
By Wallarm
AI agents don't think. They pattern-match. Critical to understand: Generative AI (ChatGPT, Claude, etc.) does NOT reason like humans. It: The API Security problem: When you give an AI agent access to an API, it will: AI agents can't reason. They recreate patterns based on weights. You need to be very careful: data in, data out. Practical example: text User: "Show me the account balance for user" AI agent → calls GET /api/account/123 API → returns { balance: 5000, name: "John", SSN: "123-45-6789" } AI agent → outputs EVERYTHING to user (including SSN!)
|
By Wallarm
The attack that no patch can fix Scenario:"Give me one million pizzas" API responds: "OK, one million pizzas at $0.01 each" Attacker: "Thanks!" What happened? API works exactly as designed Syntax is correct Protocol is followed WAF sees nothing wrong BUT the business logic intended: "Max 100 pizzas per order, at normal pricing".
|
By Wallarm
The main task of the run-time application security is to protect modern applications and APIs. In this endeavor the solutions face a number of challenges: Download this whitepaper to learn how Wallarm solves the difficult task of effective application security by relying on AI and machine learning including a unique combination of hierarchical clusterization, statistical n-gram based models, recurrent neural networks and reinforcement learning.
|
By Wallarm
Attack detection is critical for most security solutions, whether we are talking about a load balancer-based (NIDS, WAF), host-based or in-application solutions (HIDS, RASP). Interestingly, regardless of the differences in architecture and data flow, most solutions use similar detection principles and techniques. We will explore how the detection architecture evolved over time and how the new generation of detection logic, such as the architecture implemented by Wallarm, is principally different from that of the legacy solutions.
|
By Wallarm
In this comprehensive Q2-2023 report, we reflect on an intensified API threat landscape, underlining prevalent threat vectors, susceptible APIs, and new dimensions in the API security arena. With the inclusion of bug bounty analysis and our inaugural API Security Awards, this report provides granular insights into the current state of API security.
|
By Wallarm
The following guidelines will help senior stakeholders set strategy to secure modern applications, learning: Applications are the operational mechanism for how a modern enterprise conducts transactions and uses data. Whether internal or customer-facing, apps are critical for your successful business operations. That means securing apps should be a business priority.
|
By Wallarm
This 2022 recap report looks back at the deteriorating API threat landscape, the most prevalent types of threat vectors, the most vulnerable types of APIs, and much more to provide API security and DevOps teams the data-driven insights needed to improve API security in 2023. One of the main take-aways is that the API threat landscape is becoming ever more dangerous. We make this assessment based on the 2022 data, and specifically these four trends.
- April 2026 (5)
- March 2026 (6)
- February 2026 (7)
- January 2026 (10)
- December 2025 (14)
- November 2025 (10)
- October 2025 (12)
- September 2025 (11)
- August 2025 (14)
- July 2025 (17)
- June 2025 (7)
- May 2025 (16)
- April 2025 (14)
- March 2025 (12)
- February 2025 (13)
- January 2025 (13)
- December 2024 (10)
- November 2024 (15)
- October 2024 (15)
- September 2024 (16)
- August 2024 (9)
- July 2024 (7)
- June 2024 (5)
- May 2024 (4)
- April 2024 (4)
- March 2024 (7)
- February 2024 (3)
- January 2024 (5)
- December 2023 (2)
- November 2023 (5)
- October 2023 (3)
- September 2023 (11)
- August 2023 (8)
- June 2023 (2)
- May 2023 (1)
- April 2023 (2)
- March 2023 (5)
- February 2023 (1)
- January 2023 (2)
Security and DevOps teams choose Wallarm to discover all cloud-native APIs and legacy web applications running in their environment, and to detect & respond to threats against them.
Whether you need to protect your brand-new cloud-native APIs or your legacy web apps, Wallarm API Security platform delivers all the capabilities to secure your business against emerging threats.
Comprehensive Protection for APIs and Web Applications:
- Coverage: Protect all your internal and public-facing APIs & web applications regardless of protocol across your entire infrastructure to ensure comprehensive protection.
- Detection: Identify, consolidate and prioritize advanced risks – including OWASP Top-10 risks, API-specific threats, and API abuse – to improve security team effectiveness and reduce workload.
- Response: Assess and remediate any weaknesses which expose you to attack and automatically add new against any further breaches.
Protect Apps in a Cloud-Native Era.