Salt Security has announced the debut of its AI-infused API Security Protection Platform powered by Pepper, the company’s Large Language Model (LLM) artificial intelligence.
Generative AI has enabled developers to create applications and APIs faster than ever before and at a vast scale. With the speed of API creation dramatically increasing, new risks are created that current technology is not equipped to keep pace with.
According to Gartner, “The soaring prevalence of APIs, along with the lack of organisational awareness as to their extent, has created an expansive attack surface just waiting to be exploited by malicious actors.”
“Our business depends on securely and quickly delivering finance-related APIs for our partners and customers as we provide banking as a service,” said Nuno Teodoro, Vice President, Group Cybersecurity. “With the GenAI landscape evolving at a fast pace, especially targeting, directly or indirectly, software development of critical products, we must lean on core capabilities from our technological partners, especially where API security is considered.
“Salt’s AI-infused API security platform is a perfect example of supporting the delivery of secure APIs that adhere to our policies and best practices, thus giving us the confidence that cyber resilience is incorporated into the APIs security life-cycle.”
Leveraging AI, Salt claims their platform protects organisations from the risks associated with the speed and scale of new application development.
With the latest expansion to its offering, Salt claim that their platform now delivers:
Enhanced API Continuous Discovery: At the outset, Salt Security’s AI engine is said by the company to excel in the discovery phase by acting as an exhaustive investigator across the application landscape.
Salt states that it leverages machine learning to automatically detect all APIs, including those that are undocumented or embedded within microservices, ensuring comprehensive visibility over the network, leaving no API hidden and vulnerable.
While APIs are continuously created at speed by GenAI, the Salt Platform continually analyses the API ecosystem to ensure the inventory is up to date.
API Posture Assurance: Moving to the next phase, Salt Security employs its AI-driven Posture Governance to monitor and analyse API configurations proactively.
This AI system is adept at identifying deviations from security best practices and highlighting insecure configurations. By maintaining continuous surveillance, Salt Security aids organisations in upholding a robust API security posture, thus preventing potential breaches.
Robust API Behavioral Threat Protection: In the crucial phase of threat detection, Salt Security’s patented Behavioural Threat Protection comes into play.
The AI system analyses API traffic in real-time, drawing from extensive datasets of known attack patterns. It is capable of detecting anomalies, suspicious activities, and potential zero-day exploits.
Moreover, its adaptive learning algorithm, which evolves based on new data and past incidents, provides a dynamic and robust defence mechanism that is critical in today’s fast-paced threat environment.
And to bolster the risk reduction, the Salt Labs team continues to discover API security flaws that translate to functionality added to the product.
A recent example is with the critical security flaws within ChatGPT plugins, which could have allowed unauthorised access to third-party accounts and sensitive user data. Salt now has advanced OAuth protection built into the platform.
According to the Salt Labs State of API Security Report, Q1 2023, 59% of respondents manage more than 100 APIs, and 25% manage more than 500.
A further 27% also stated that they’ve more than doubled their API count over the past year. This number is only set to increase as organisations leverage generative AI within business operations, which can lower the timeline of code and API creation from days to minutes or even seconds.
Traditional API security solutions, such as API gateways, web application firewalls (WAFs) and content delivery network (CDN) solutions, already struggle to keep pace with the expanding API attack surface and the introduction of generative AI further impedes their ability to deliver robust API protection.
With these enhancements, Salt believes that users can now deliver an API-first model for modern applications to quickly and securely scale business operations, while simultaneously ensuring that they remain compliant with company as well as industry API policies and standards.
“Since founding the API security market, AI and ML have always been core components of our platform in order to provide organisations with the deep context and behavioural insights needed to mitigate the most sophisticated API security threats,” said Michael Nicosia, COO and co-founder, Salt Security. “The recent growth of utilising generative AI within business operations has not only expedited the volume of APIs, but also given attackers the means to launch more tactical attack campaigns.
“Leveraging generative AI for good, we have instilled our own LLM, Pepper, into our platform to help organisations solve the complex problems which generative AI creates in an easy to use and understand interface.
“With Pepper, organisations will experience enhanced API inventory management and documentation, streamlined threat and incident response, as well as robust API posture governance.”
Salt will be hosting a webinar showcasing the new platform capabilities on Thursday, 30th May 30 at 5pm BST. To register for the webinar, “How Salt Security Uses AI for API Discovery, Posture Governance & Threat Detection,” please visit: https://content.salt.security/salt_security_ai_webinar.html or to learn more about Salt Security or to request a demo, please visit https://content.salt.security/demo.html.
Alternatively, to read more news from Eskenzi PR, click here.
