The State of AI & API Security 2025 - FireTail's latest report on the evolving AI threat landscape.
APIs power all of the connections we take for granted in the modern internet. But as we rely on them more for new technologies like AI, securing them is harder than ever. That’s why continuous API security testing is an essential part of every cybersecurity posture.
It’s here! The New CIS Guide for API Security provides teams with actionable steps for their own API security postures. API use is skyrocketing with the recent adoption of AI, and security teams are struggling to keep up with the rising threats. That’s where the CIS Guide comes in.
Researchers recently found a vulnerability in Apache Tomcat’s servers that would allow an attacker to commit Remote Code Execution with a single PUT request to a specific API, followed by a GET. And now, this vulnerability is officially being exploited in the wild.
Today’s cyber landscape is littered with threats, risks, and vulnerabilities. Every week, we are seeing an increase not only in attacks, but also in the methods used to attack. This week, a new family of malware was discovered exploiting Microsoft’s Graph API.
AI security and API security run alongside each other, much like a double rainbow. Each one contains a full spectrum of security requirements that work in tandem with one another.
Star Health suffered a massive data leak via API access. The personal information of millions of victims has been compromised, and worst of all, there may have been an insider who facilitated the breach.
Ecovac customers in Australia were startled when their vacuums began talking back to them, most notably using racial slurs. This was made possible through remote access and manipulation of the “smart” devices.
In Wisconsin, nearly a million Medicare users’ personally identifiable information has been exposed as a result of the moveIT breaches of yester-year.
There is also a massive lack of awareness around APIs and API endpoints. Many developers buy 3rd party software packages without realizing that they contain a variety of APIs with their own unique vulnerabilities.
Google Cloud Security released an updated Threat Horizons report containing information about the top security risks. Here are our notes from the report.
Location-sharing services, like much of the modern internet, are powered by APIs. Because these APIs handle personally identifiable information such as addresses, phone numbers and more, breaches in these apps can lead to serious safety issues for users everywhere.
With new API threats popping up every day, no one is safe from vulnerability. This is especially dangerous when it comes to large, widely used servers such as Apache HugeGraph.
A new type of API attack has been discovered- and it’s particularly pernicious. The target? Exposed Docker APIs. The objective? Spreading cryptojacking malware.
Let’s talk about a recent example of an API vulnerability that was exploited to gain access to data within the German government.
Researcher Sam Curry recently discovered some alarming vulnerabilities in his modem, a Cox Panoramic wifi gateway. It all started when he noticed an unknown IP address was copying his same HTTP requests.
We're excited to announce the release of our latest State of API Security 2024 report! With the rapid adoption of microservice-based architectures, cloud-native solutions, containerization, and AI, the API attack surface is expanding faster than ever.
The cloud might be a popular talking point, but the edge of the cloud – where APIs and distributed computing intersect – is the true unsung hero of modern cloud application development and deployment. Today, we’re going to look at APIs at the edge of modern cloud applications.
In the travel sector, securing a competitive edge is vital. In a hyperconnected industry, where demand fluctuates, pricing is dynamic and customers have endless options, efficient and well-secured APIs can make a huge difference.
Fintech is a growing industry, and with this growth comes data. With data - and the sensitivity of the data in financial services in particular - comes the need to implement security solutions effectively at scale. Thankfully, fintech providers can turn to many readily available solutions to increase their security posture and deliver better, more secure products at scale.
The modern web is more connected than ever before. The move from monoliths to containerization and microservice-based architectures means API security is a must. In this blog, we look at what it takes to build secure modern internet services.
FireTail CTO Riley found a web application vulnerability. He noticed when the app was open, and he had tools open, one of the requests was going to an API instead of a web application.
Gateways are great, but not for security. API gateways are useful when it comes to API management but they were never designed with security in mind. They can't actively monitor API traffic, they don’t see inside payloads or detect real-time manipulation. They won’t stop most API attacks.
As they continue to rise in use, APIs are becoming a critical attack surface for ransomware groups.
The addition of FireTail marks a significant milestone in our mission to provide state-of-the-art API security solutions to organizations around the world. Now, AWS customers can unleash the power of FireTail quickly, easily and confident in the knowledge that the platform integrates perfectly with their cloud environment.
FireTail researcher Viktor Markopoulos discovered a vulnerability in a European Shipping Company’s APIs that allowed him to download internal files without authentication.
We were delighted to have the opportunity to present at Apidays Hong Kong this year. The hybrid event was a wonderful way to connect with some of the brightest minds in API security from all across the region and our CEO, Jeremy Snyder, took to the stage to deliver a talk entitled ‘API Security: Analysis of Breaches, Attack Vectors and Strategies.’ Watch the full presentation now…
An unauthenticated API belonging to a fast food company exposed receipts from all of its stores in India.
More companies are starting as API services, boosting the API economy.
By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
%20%5BRecovered%5D.png)
%20%5BRecovered%5D.png)
.png)
