API security

June 6, 2025

LLM04: Data & Model Poisoning

In this blog series, we’re breaking down the OWASP Top 10 risks for LLMs and explaining how each one manifests and can be mitigated. Today’s risk is #4 on the list: Data and Model Poisoning. Read on to learn more…



May 28, 2025

Your Mobile Apps May Not Be as Secure as You Think…

Cybersecurity risks are too close for comfort. Recent data from the Global Mobile Threat Report reveals that our mobile phone applications are most likely exposing our data due to insecure practices such as API key hardcoding.



May 21, 2025

LLM03: Supply Chain

The OWASP Top 10 List of Risks for LLMs helps developers and security teams determine where the biggest risk factors lay. In this blog series from FireTail, we are exploring each risk one by one, how it manifests, and mitigation strategies. This week, we’re focusing on LLM03: Supply Chain vulnerabilities.



May 14, 2025

Closing the Loop: Continuous API Security Testing

APIs power all of the connections we take for granted in the modern internet. But as we rely on them more for new technologies like AI, securing them is harder than ever. That’s why continuous API security testing is an essential part of every cybersecurity posture.



May 8, 2025

An open letter to FireTail customers about security and data privacy

Our modern “Software as a Service” model is becoming a challenge for cybersecurity teams within large enterprises, as attacks continue to rise in volume and complexity across the cyber realm. Security needs to be a consideration from code to cloud, or any progress we make will be undone just as quickly.



April 25, 2025

AI Innovation at Risk: FireTail’s 2025 Report Reveals API Security as the Weak Link in Enterprise AI Strategies

FireTail, the leading AI & API security platform, has released its annual report, The State of AI & API Security 2025, revealing a critical blind spot in the way organizations are securing their AI investments. Despite record-breaking AI adoption, the report warns that most enterprises are overlooking the most exposed part of the AI stack: the API layer.



April 11, 2025

The New CIS API Security Guide

It’s here! The New CIS Guide for API Security provides teams with actionable steps for their own API security postures. API use is skyrocketing with the recent adoption of AI, and security teams are struggling to keep up with the rising threats. That’s where the CIS Guide comes in.



April 9, 2025

API Spec Generation: Ensuring Consistency and Security

API security is a critical issue, especially with the rise of AI, which runs on APIs. So how do we ensure consistent API security in an age of growing threats? In this blog, we’ll go over one of the most critical enabling aspects of API security: API specifications.



April 1, 2025

Prompt Injection: A Deep Dive into OWASP's #1 LLM Risk

In this blog, we are taking a closer look at Prompt Injection, the #1 vulnerability on the OWASP Top 10 list of LLM risks in 2025. Join us in the first of this 10-part series as we examine the root causes of prompt injection, how prompt injection attacks are carried out, and the best methods to avoid them.



March 20, 2025

Tomcat RCE Vulnerability Now Exploited in the Wild

Researchers recently found a vulnerability in Apache Tomcat’s servers that would allow an attacker to commit Remote Code Execution with a single PUT request to a specific API, followed by a GET. And now, this vulnerability is officially being exploited in the wild.



March 3, 2025

API Security IS AI Security

Security teams today face a dual challenge: protecting AI systems from external threats while securing the APIs that power them. The reality is clear—if your APIs aren’t secure, neither is your AI.



February 18, 2025

What We Can Learn from The New Malware Abusing Microsoft

Today’s cyber landscape is littered with threats, risks, and vulnerabilities. Every week, we are seeing an increase not only in attacks, but also in the methods used to attack. This week, a new family of malware was discovered exploiting Microsoft’s Graph API.



February 18, 2025

AI & API: Double Rainbow for Cybersecurity

AI security and API security run alongside each other, much like a double rainbow. Each one contains a full spectrum of security requirements that work in tandem with one another.



February 12, 2025

FireTail Expands with AI Security: A New Era of Protection for AI Integrations

AI is revolutionizing industries at an unprecedented pace. But as organizations integrate AI into their workflows, they are encountering serious security risks. In fact, 97% of organizations using generative AI have reported security incidents. Traditional security tools are failing to keep up, leaving companies vulnerable to data breaches, adversarial attacks, and compliance risks.



January 23, 2025

OpenAI? Also Open to Abuse

In 2025, AI is the biggest advancement in cybersecurity and the talk of all tech-sperts. But as AI continues to develop, we are seeing a surge in not only the benefits, but also the risks of artificial intelligence.



January 10, 2025

Closing the AI Compliance Gap: Avoiding GDPR Violations in the AI Era

GDPR demands transparency, accountability, and user control over personal data. However, many organizations are inadvertently falling short of these obligations due to the unmonitored integration of AI tools—often via APIs—into their systems. The result? Compliance gaps that could lead to fines, operational chaos, and reputational damage.



December 10, 2024

API Discovery: The Foundation of Security

Many security teams are still not aware of all the APIs in their landscape. Read the latest blog from FireTail to learn about the importance of API discovery and how you can discover all the APIs in your landscape today.



November 20, 2024

API Security: The Overlooked Threat Now Overshadowing Cloud Misconfigurations

The latest blog from the C-suite at FireTail attempts to answer the essential question: “Which is a bigger threat today - cloud misconfigurations or API vulnerabilities?”



November 14, 2024

Crossbarking via Chrome Extension

Attackers used an attack method known as “crossbarking” via a malicious Chrome extension to inject custom code into the target’s Opera browser.



November 11, 2024

Microsoft Sharepoint Vulnerability Disclosure

Microsoft Sharepoint recently patched vulnerabilities that highlighted the need for highly privileged user access to happen via secure APIs.



October 16, 2024

Star Health Data Leak: The Call is Coming from Inside the House

Star Health suffered a massive data leak via API access. The personal information of millions of victims has been compromised, and worst of all, there may have been an insider who facilitated the breach.



October 15, 2024

Ecovacs Hurl Obscenities at Unsuspecting Users

Ecovac customers in Australia were startled when their vacuums began talking back to them, most notably using racial slurs. This was made possible through remote access and manipulation of the “smart” devices.



October 9, 2024

Hackers Exploiting Docker Swarm, Kubernetes, & SSH Servers

Researchers from DataDog recently discovered that hacker groups are targeting Docker Swarm, Kubernetes and SSH servers in one orchestrated attack using Docker API endpoint vulnerabilities.



October 1, 2024

Versa is Vulnerable

Web application and service creation platforms rely on APIs for their functionality. However, one such platform, Versa Director, is vulnerable to API attacks and token theft.



September 26, 2024

The Problem with APIs

APIs are everywhere and in every part of our lives. However, in recent years, attackers have been increasingly targeting APIs. So how do you secure an API, and whose responsibility is it?



September 20, 2024

Feeld Dating App API

APIs are used for everything, including dating apps. Feeld, a dating app targeted at multi-person relationships, recently faced an API vulnerability that exposed sensitive data, leaving users unsettled.



September 19, 2024

Escalating from Reader to Contributor in Azure API Management

APIs can have many different types of security challenges, even those of tech giants such as Microsoft. In this blog, we’ll explore a recent vulnerability that affected Microsoft’s Azure API Management, and explore what that implies for the cloud shared responsibility model



September 10, 2024

MoveIT Breaches have Lasting Impacts on Wisconsin Medicare

In Wisconsin, nearly a million Medicare users’ personally identifiable information has been exposed as a result of the moveIT breaches of yester-year.



September 10, 2024

FireTail Selected for TechCrunch Disrupt’s Startup Battlefield 2024

We are thrilled to announce that FireTail has been selected to compete in TechCrunch Disrupt’s prestigious Startup Battlefield 2024! Being part of this prestigious event is an honor and testament to the hard work our team has put into building a cutting-edge API security platform.



August 28, 2024

The Challenges of API Logging

APIs can run almost anywhere, including any type of compute platforms and network infrastructure services on AWS. In this blog, we’ll go over the different types of compute platforms, network infrastructure services, and how they relate to your APIs and API security.



August 28, 2024

A View from The C-Suite: The New CIS API Security Guide

FireTail partnered with the Center for Internet Security (CIS) to create an API security community. The end result is the first draft of The CIS API Security Guide, reviewed by cybersecurity experts from around the world before its release. Read more here.



August 2, 2024

Selenium Grid Target of Malware Attack

There is also a massive lack of awareness around APIs and API endpoints. Many developers buy 3rd party software packages without realizing that they contain a variety of APIs with their own unique vulnerabilities.



July 29, 2024

APIs and The Phantom Attack Path

APIs are a shortcut to the data. They pass through quietly, creating a phantom attack path that flows through all the other layers of protection. And although cybersecurity has come a long way, there still aren’t controls to mitigate these risks.



July 26, 2024

Cloudflare’s Application Security Report

Cloudflare released its latest Application Security Report, which contained some startling news. They found that nearly 7% of all web traffic is malicious. But what does this really mean?



July 23, 2024

Google Cloud Security Threat Horizons Report #10

Google Cloud Security released an updated Threat Horizons report containing information about the top security risks. Here are our notes from the report.



July 19, 2024

Life 360 Phone Number Leak

Location-sharing services, like much of the modern internet, are powered by APIs. Because these APIs handle personally identifiable information such as addresses, phone numbers and more, breaches in these apps can lead to serious safety issues for users everywhere.



July 19, 2024

Apache Hugegraph Under Attack

With new API threats popping up every day, no one is safe from vulnerability. This is especially dangerous when it comes to large, widely used servers such as Apache HugeGraph.



July 11, 2024

Apple Leaks Location Data

Some companies position privacy as a key value proposition of their products and services. But that may not always be as true as advertised.



July 10, 2024

Cuckoo for CocoaPods

A researcher at EvaSec recently discovered a vulnerability in the CocoaPods ecosystem that could potentially affect an undetermined (but huge) number of web users.



July 8, 2024

MFA Breached via Unauthenticated APIs

What happens when the system designed to authenticate you to your online accounts is vulnerable itself? Threat actors recently verified phone numbers for millions of Authy users via an unsecured API endpoint.



July 1, 2024

New Cryptomining Campaigns Use Exposed Docker APIs

A new type of API attack has been discovered- and it’s particularly pernicious. The target? Exposed Docker APIs. The objective? Spreading cryptojacking malware.



June 28, 2024

FireTail Using FireTail- Eating Our Own Dog Food

When Jeremy and I founded FireTail in 2022, our mission was to improve API security for everyone. And that included ourselves.



June 17, 2024

Google's GitHub Goof

Google probably didn’t want this to happen. The tech giant accidentally posted a whole host of sensitive internal documents to GitHub that partly detailed the way the search engine ranks web pages.



June 13, 2024

Sensitive Meeting Data Left Vulnerable to Cyber Infiltration

Let’s talk about a recent example of an API vulnerability that was exploited to gain access to data within the German government.



June 10, 2024

When the Internet Connects to You

Researcher Sam Curry recently discovered some alarming vulnerabilities in his modem, a Cox Panoramic wifi gateway. It all started when he noticed an unknown IP address was copying his same HTTP requests.



June 7, 2024

What CISOs Need to Know About API Security in 2024

In this talk, Jeremy will cover key knowledge from the cybersecurity landscape for CISOs in 2024. Tune in to hear valuable insights and takeaways every CISO can apply in their own security posture today. API security is the cornerstone of strong cybersecurity for CISOs.



May 29, 2024

Home Access Control APIs Leave Users in Hot Water

A lot of our API use happens at home, in places you might not even expect. What happens when these APIs are left vulnerable?



May 23, 2024

Vulnerabilities found in Fluent Bit Logging Tool API

Many companies use Fluent Bit, or tools built on top of the underlying fluentd package, for tracking performance, observability and system events, and create metrics and monitoring alerts. However recently, a new vulnerability has come to light on the platform.



May 21, 2024

API Security By Design

API security by design is all about breaking down how security considerations can be brought into the various stages of an APIs lifecycle and simplifying the API security process from the developers’ standpoint.



May 20, 2024

Graph API Vulnerabilities on the Rise

Many application developers are still grappling with the integration challenge. Microsoft’s Graph API attempts to solve this problem, however, their solution comes with its own drawbacks.



May 20, 2024

The State of API Security 2024

We're excited to announce the release of our latest State of API Security 2024 report! With the rapid adoption of microservice-based architectures, cloud-native solutions, containerization, and AI, the API attack surface is expanding faster than ever.



April 30, 2024

Postman Delivering Secrets

In February of 2021, Postman launched a public API platform where developers could collaborate to build software. Now in 2024, Postman has the largest collection of public APIs. Naturally, this makes it a prime target for attackers.



April 17, 2024

APIs and Competitive Advantage in the Travel Sector

In the travel sector, securing a competitive edge is vital. In a hyperconnected industry, where demand fluctuates, pricing is dynamic and customers have endless options, efficient and well-secured APIs can make a huge difference.



April 11, 2024

Revisiting Cambridge Analytica in 2024

The Cambridge Analytica Data Scandal led to the collapse of the company, court cases and massive fines for Meta. It highlighted the massive impact that technology was having on society, politics and democracy. Now, almost a decade later, we take a look at how a poorly configured API started it all.



April 5, 2024

I was Wrong about Endpoint Security

Based on trends in changing compute architectures, it seemed logical that Endpoint Detection and Response companies would shrink their overall install base. Instead, EDR has evolved into Extended Detection and Response.



March 19, 2024

API Threats are Expanding Beyond the Enterprise

For the past couple of years, FireTail has been tracking API threats across the Internet. We recently learned of StopCrypt, a ransomware threat that leverages Windows APIs on consumer endpoints like laptop and desktop computers.



March 13, 2024

The Importance of APIs in FinTech Ecosystems

Fintech is a growing industry, and with this growth comes data. With data - and the sensitivity of the data in financial services in particular - comes the need to implement security solutions effectively at scale. Thankfully, fintech providers can turn to many readily available solutions to increase their security posture and deliver better, more secure products at scale.



March 1, 2024

An Update on the Evolution of Cloud Security

FireTail CEO, Jeremy Snyder, explores the evolution of cloud security and where we are at in 2024. Examining breaches like CapitalOne and identifying where breaches occur based on his 4 quadrant model, Jeremy looks at Platformization and how the need for end-to-end API security is more pronounced than ever.



February 29, 2024

API Security in an Era of Open Banking

Open Banking can best be thought of as a “microservices” approach to banking. It's a powerful concept that enables porting from service to service, and allows consumers to integrate this data with other providers. APIs are at the core and effective API security is a must.



February 29, 2024

They Fought the Law (And The Law Won) - API Security, Regulatory Compliance, And Avoiding Massive Fines

The reality is that failing to invest in a proven API security posture might save you dollars in the short-term, but can cost millions in the long-term. We take a look at how increasing regulatory oversight is leading to massive fines.



February 19, 2024

There's No AI Without APIs

Everybody is talking about AI right now. It's the hottest topic in tech. But few people are talking about the APIs that underpin these AI platforms. Here we look at why effective API security is a must for any organization who wants to harness the power of AI.



February 8, 2024

Leaky Spoutible API Exposes User Data: What Went Wrong?

At FireTail, we usually say that two or more things need to go wrong in order for attackers to be successful. So what went wrong with Spoutible's leaky API? Basically, everything.



January 18, 2024

API Security in Serverless Computing: Risks and Mitigations

Few technologies have become as ubiquitous in as short a timeframe as serverless computing. Serverless offers both benefits and downsides to API security. However, with proper knowledge of the best practices, we can reap these benefits while mitigating the threats.



January 17, 2024

Disclosure: Work Application Vulnerability

FireTail CTO Riley found a web application vulnerability. He noticed when the app was open, and he had tools open, one of the requests was going to an API instead of a web application.



January 5, 2024

Jeremy Snyder of FireTail on the Founder to Founder Podcast

Jeremy Snyder, the CEO and Co-Founder of FireTail, talks to Teja Yenamandra of Gun.io about his entrepreneurial journey, insights on various tech trends and FireTail's mission to secure the world's APIs.



December 22, 2023

The worst API ever?

As we approach the end of the year, it's often the case that we look back and chat with colleagues about the highs and lows of the last twelve months. One such friend recently shared a story with us about the worst API they found in the wild during 2023. Could this be the worst API ever?



December 21, 2023

Product Wrap 2023 - A busy year at FireTail

2023 has been a transformative year for the FireTail platform. Our engineering teams have delivered countless new features and capabilities that will help you to achieve true protection across all of your APIs. Here are some of the highlights…



December 20, 2023

FireTail at Apidays Paris 2023

Apidays Paris 2023 was a wonderful event for cybersecurity professionals of all kinds and anyone interest in the power of APIs. Our co-founder and CEO Jeremy Snyder gave a talk that dove into the complex new challenges in API security, including how to bridge the gap between developers and security teams.



December 19, 2023

Webinar: The Cyber Landscape Outlook 2024

FireTail CEO Jeremy Snyder hosts an insightful discussion with a panel of cybersecurity experts. Mikko Hypponen, Sounil Yu and Ted Julian shared their thoughts on the emerging threats and cybersecurity trends likely to shape the next 12 months.



December 18, 2023

Disclosure: Remote Data Service

Various APIs belonging to a data service are leaking their Git repositories, at a backend API which contain the APIs' source code.



December 5, 2023

DFIR & API Breaches: Why Context Matters

When it comes to investigating and preventing API breaches, context is king. In this piece, we take a look at why application layer visibility is essential to effective digital forensics and incident response.



November 15, 2023

FireTail at SecOps Vision for 2024

SecOps Vision for 2024, powered by Techstrong Learn, gave industry professionals the opportunity to connect and share security strategies. FireTail CEO, Jeremy Snyder, was pleased to provide the assembled audience with insights into the importance of API security at the intersection of cloud and application security.



November 13, 2023

Behavioral Analysis & API Security: After the Fact and Behind the Curve

API security solutions focused on ML/AI pattern recognition analyze behavior ‘out-of-band’ to identify anomalies, reporting issues after the fact. Prone to false positives, this approach also means attackers will have some success before you learn from it. That’s not acceptable.



November 13, 2023

API Gateways: Great for Management but Not for Security

Gateways are great, but not for security. API gateways are useful when it comes to API management but they were never designed with security in mind. They can't actively monitor API traffic, they don’t see inside payloads or detect real-time manipulation. They won’t stop most API attacks.



November 10, 2023

OpenAI Updates Will Open API Floodgates

Recently announced OpenAI changes mean users will be able to call any API. That’s great for business and the economy but a potential headache for security teams.



November 7, 2023

API Security by Design - API World 2023

Timo Rüppell, VP of Product at FireTail, looks at the concept of ‘API Security By Design,' showing how to protect your APIs from inception to operation. Recorded live at API World 2023



November 2, 2023

Unsecured APIs are now a Popular Delivery Mechanism in Ransomware Attacks

As they continue to rise in use, APIs are becoming a critical attack surface for ransomware groups.



September 27, 2023

FireTail Now Available on AWS Marketplace

The addition of FireTail marks a significant milestone in our mission to provide state-of-the-art API security solutions to organizations around the world. Now, AWS customers can unleash the power of FireTail quickly, easily and confident in the knowledge that the platform integrates perfectly with their cloud environment.



September 24, 2023

Disclosure: European Shipping Company

FireTail researcher Viktor Markopoulos discovered a vulnerability in a European Shipping Company’s APIs that allowed him to download internal files without authentication.



September 14, 2023

The Complex Connections between Generative AI and API Security

APIs and Artificial Intelligence are two of the most important developments in tech of the last 10 years. In this post, we look at the dual impacts that connect these two hot topics that make our online worlds work.



September 6, 2023

Unlimited airline miles courtesy of Points.com’s insecure APIs

Poorly secured APIs at Points.com resulted in serious vulnerabilities that could have exposed the loyalty programs of some of the world’s best-known airlines and hospitality brands.



September 1, 2023

CYFIRMA & FireTail: Working Together for Complete Visibility and Robust API Security

FireTail is proud to announce our partnership with CYFIRMA, a leading provider of external threat management solutions.



September 1, 2023

Moovit API Vulnerability - letting attackers move free of charge

During Defcon, a security researcher presented his findings from assessing a global transportation system, leveraging APIs.



August 30, 2023

API Days Connect Hong Kong

We were delighted to have the opportunity to present at Apidays Hong Kong this year. The hybrid event was a wonderful way to connect with some of the brightest minds in API security from all across the region and our CEO, Jeremy Snyder, took to the stage to deliver a talk entitled ‘API Security: Analysis of Breaches, Attack Vectors and Strategies.’ Watch the full presentation now…



August 25, 2023

moveIT - a series of breaches, all enabled by APIs

A file transfer software called moveIT experienced a vulnerability starting in mid-2023 that created a mass breach across many organizations and geographies. The breach is started by injection against an API administrative endpoint, and data is exfiltrated via administrative API calls.



August 22, 2023

IDOR Attacks and the Growing Threat to Your API Security

A recent advisory has highlighted the increasing threat posed by IDOR vulnerabilities. In this article, we explain Insecure Direct Object Reference (IDOR) attacks, explore their rise, and examine how these vulnerabilities impact API security.



August 15, 2023

API Security: Bridging the Gap Between Application and Security Teams

There’s a big API security problem most organizations need to address. It’s the gap that emerges between application and security teams. Here we look at what it takes to keep application and security teams on the same page when it comes to APIs.



August 7, 2023

Disclosure: Fast Food Delivery Service

An unauthenticated API belonging to a fast food company exposed receipts from all of its stores in India.



July 19, 2023

Cybersecurity Maturity and Why Your API Security is Lagging Behind

A cybersecurity maturity model (CMM) provides an effective framework for optimizing your security posture. But, when it comes to API security, even sophisticated organizations will find that they still have a lot of work to do.



June 27, 2023

FireTail at InfoSecurity Europe 2023 - APIs: The attack vector that connects us all...and where traditional security fails

FireTail founder Jeremy Snyder discussed API security, some traditional approaches to cybersecurity, and why the two just don't work together as well as you might think.



June 12, 2023

FireTail at API Days Helsinki 2023 - Learning from Outliers

FireTail founder Jeremy Snyder discussed what we can learn about API security from Malcolm Gladwell's 'Outliers'



May 24, 2023

FireTail at API Days New York City 2023 - A decade of API breaches, courtesy of application logic flaws

FireTail founder Jeremy Snyder discussed FireTail's research into API security incidents and data breaches at API Days New York City.



May 20, 2023

FireTail Presenting API learnings and security innovation at Infosecurity Europe 2023

Join FireTail at Infosecurity Europe in London to learn more about API security and FireTail’s approach to helping organizations eliminate API vulnerabilities with a hybrid approach to API security



April 11, 2023

FireTail at UK Cyberweek 2023 - API security

FireTail founder Jeremy Snyder discussed API security to a standing-room-only crowd at UK Cyberweek in London in April 2023.



April 10, 2023

My door is always open

Nexx smart garage door openers have been proven to contain shared, unsecured API authentication credentials.



April 5, 2023

Introduction to REST API Security

The sheer number of APIs presents a challenge when it comes to ensuring that they operate correctly, efficiently, and above all, securely.



March 30, 2023

FireTail’s Guide to Maximizing Your Experience at RSA Conference 2023

RSA is all about building bridges and connections.



March 28, 2023

FireTail CEO, Jeremy Snyder, Set to Present at UK Cyber Week 2023

Meet up with the FireTail team at stand D20 in the exhibitor area at Uk Cyber Week!



March 23, 2023

Maximizing the Power of API Microservices Architecture: Best Practices and Key Considerations

API microservices architecture is a game-changing approach that can help businesses improve their systems and processes.



March 21, 2023

FireTail at APISecure 2023 - Learning from a decade of API breaches

FireTail founder Jeremy Snyder presented at APISecure 2023; Learning from a decade of API breaches and why application-centric security is the right path

