Shadow APIs and Obscurity

a10 networks logo
A10 Networks
Dec 19, 2025
A10 Networks

Shadow APIs and Obscurity

In this clip from the A10 Networks discussion, "APIs are the Language of AI Protecting them is Critical," security experts Carlo Alpuerto and Jamison Utter focus on how the rise of Agentic AI dramatically increases the risk posed by older, internal, and often-forgotten systems.

Carlo explains that if an organization holds onto a mindset of being "self-contained" and therefore secure, it is neglecting the new reality that even antiquated systems, such as those running Windows 95 or Vista, are now connected via APIs and can be discovered by AI agents. These systems often haven't been patched for years, leaving them severely vulnerable.
Jamison introduces the idea that AI agents can be instructed to learn how to communicate with anything, even a non-internet-facing device like a refrigerator, by figuring out its API, which leads to the problem of Shadow APIs (APIs that should have been decommissioned or were never formally documented) suddenly being utilized and exposed to external threats.

The experts stress that systems that were previously "secure by obscurity" are no longer protected, making visibility and proactive security measures against these newly active endpoints essential.

Key Discussion Points:

  • The Illusion of Self-Contained Security: The belief that internal or antiquated systems are safe simply because they are "in-house" is now dangerous.
  • The Vulnerability of Older Systems: Antiquated systems (e.g., Windows 95, ME, Vista) that have not been patched in years are at high risk when exposed to new APIs.
  • AI Agents as API Discoverers: AI can learn how to communicate with any system's API, potentially activating previously unused or "zombie" APIs.
  • Shadow APIs and Obscurity: Systems previously protected only because their APIs were obscure are now easily discoverable by AI, underscoring the critical need for comprehensive API inventory and protection.

Learn more about API security and AI: https://bit.ly/48iZk2d

#apisecurity #agenticai #cybersecurity #soc #mdr #xdrp #a10networks #securityoperationscenter #infosec #threatdetection #shadowapis

Copyright © 2026 OpsMatters™. All rights reserved.