The State of AI & API Security 2025 - FireTail's latest report on the evolving AI threat landscape.
The OWASP Top 10 List of Risks for LLMs helps developers and security teams determine where the biggest risk factors lay. In this blog series from FireTail, we are exploring each risk one by one, how it manifests, and mitigation strategies. This week, we’re focusing on LLM03: Supply Chain vulnerabilities.
Our modern “Software as a Service” model is becoming a challenge for cybersecurity teams within large enterprises, as attacks continue to rise in volume and complexity across the cyber realm. Security needs to be a consideration from code to cloud, or any progress we make will be undone just as quickly.
OWASP’s Top 10 for LLM is a good starting point for teams to learn about AI security risks. In this series, we’ll go over each risk and practices to protect against them. Today, we’re tackling LLM02: Sensitive Information Disclosure.
It’s here! The New CIS Guide for API Security provides teams with actionable steps for their own API security postures. API use is skyrocketing with the recent adoption of AI, and security teams are struggling to keep up with the rising threats. That’s where the CIS Guide comes in.
In this blog, we are taking a closer look at Prompt Injection, the #1 vulnerability on the OWASP Top 10 list of LLM risks in 2025. Join us in the first of this 10-part series as we examine the root causes of prompt injection, how prompt injection attacks are carried out, and the best methods to avoid them.
Researchers recently found a vulnerability in Apache Tomcat’s servers that would allow an attacker to commit Remote Code Execution with a single PUT request to a specific API, followed by a GET. And now, this vulnerability is officially being exploited in the wild.
Today’s cyber landscape is littered with threats, risks, and vulnerabilities. Every week, we are seeing an increase not only in attacks, but also in the methods used to attack. This week, a new family of malware was discovered exploiting Microsoft’s Graph API.
AI security and API security run alongside each other, much like a double rainbow. Each one contains a full spectrum of security requirements that work in tandem with one another.
In 2025, AI is the biggest advancement in cybersecurity and the talk of all tech-sperts. But as AI continues to develop, we are seeing a surge in not only the benefits, but also the risks of artificial intelligence.
Many security teams are still not aware of all the APIs in their landscape. Read the latest blog from FireTail to learn about the importance of API discovery and how you can discover all the APIs in your landscape today.
This blog post will answer questions such as: But where do APIs live? And how do they interact? What languages do they use?
The latest blog from the C-suite at FireTail attempts to answer the essential question: “Which is a bigger threat today - cloud misconfigurations or API vulnerabilities?”
In a world of cyber risks, authorization is one of the most critical steps in an API security strategy. However, when it comes to authorization, the C-suite of FireTail believes it is better kept apart.
Granicus, a platform offering government solutions including an efiling platform called eUniversa, was recently discovered to be vulnerable to outside attack.
Star Health suffered a massive data leak via API access. The personal information of millions of victims has been compromised, and worst of all, there may have been an insider who facilitated the breach.
Ecovac customers in Australia were startled when their vacuums began talking back to them, most notably using racial slurs. This was made possible through remote access and manipulation of the “smart” devices.
Researchers from DataDog recently discovered that hacker groups are targeting Docker Swarm, Kubernetes and SSH servers in one orchestrated attack using Docker API endpoint vulnerabilities.
Web application and service creation platforms rely on APIs for their functionality. However, one such platform, Versa Director, is vulnerable to API attacks and token theft.
Researchers found a new vulnerability that affects KIA systems and could allow anyone remote control over their vehicles using only a license plate.
APIs are everywhere and in every part of our lives. However, in recent years, attackers have been increasingly targeting APIs. So how do you secure an API, and whose responsibility is it?
APIs are used for everything, including dating apps. Feeld, a dating app targeted at multi-person relationships, recently faced an API vulnerability that exposed sensitive data, leaving users unsettled.
APIs can have many different types of security challenges, even those of tech giants such as Microsoft. In this blog, we’ll explore a recent vulnerability that affected Microsoft’s Azure API Management, and explore what that implies for the cloud shared responsibility model
In Wisconsin, nearly a million Medicare users’ personally identifiable information has been exposed as a result of the moveIT breaches of yester-year.
We are thrilled to announce that FireTail has been selected to compete in TechCrunch Disrupt’s prestigious Startup Battlefield 2024! Being part of this prestigious event is an honor and testament to the hard work our team has put into building a cutting-edge API security platform.
APIs can run almost anywhere, including any type of compute platforms and network infrastructure services on AWS. In this blog, we’ll go over the different types of compute platforms, network infrastructure services, and how they relate to your APIs and API security.
FireTail partnered with the Center for Internet Security (CIS) to create an API security community. The end result is the first draft of The CIS API Security Guide, reviewed by cybersecurity experts from around the world before its release. Read more here.
There is also a massive lack of awareness around APIs and API endpoints. Many developers buy 3rd party software packages without realizing that they contain a variety of APIs with their own unique vulnerabilities.
APIs are a shortcut to the data. They pass through quietly, creating a phantom attack path that flows through all the other layers of protection. And although cybersecurity has come a long way, there still aren’t controls to mitigate these risks.
Cloudflare released its latest Application Security Report, which contained some startling news. They found that nearly 7% of all web traffic is malicious. But what does this really mean?
Google Cloud Security released an updated Threat Horizons report containing information about the top security risks. Here are our notes from the report.
Location-sharing services, like much of the modern internet, are powered by APIs. Because these APIs handle personally identifiable information such as addresses, phone numbers and more, breaches in these apps can lead to serious safety issues for users everywhere.
With new API threats popping up every day, no one is safe from vulnerability. This is especially dangerous when it comes to large, widely used servers such as Apache HugeGraph.
Some companies position privacy as a key value proposition of their products and services. But that may not always be as true as advertised.
A researcher at EvaSec recently discovered a vulnerability in the CocoaPods ecosystem that could potentially affect an undetermined (but huge) number of web users.
A new type of API attack has been discovered- and it’s particularly pernicious. The target? Exposed Docker APIs. The objective? Spreading cryptojacking malware.
When Jeremy and I founded FireTail in 2022, our mission was to improve API security for everyone. And that included ourselves.
Google probably didn’t want this to happen. The tech giant accidentally posted a whole host of sensitive internal documents to GitHub that partly detailed the way the search engine ranks web pages.
Let’s talk about a recent example of an API vulnerability that was exploited to gain access to data within the German government.
Researcher Sam Curry recently discovered some alarming vulnerabilities in his modem, a Cox Panoramic wifi gateway. It all started when he noticed an unknown IP address was copying his same HTTP requests.
In this talk, Jeremy will cover key knowledge from the cybersecurity landscape for CISOs in 2024. Tune in to hear valuable insights and takeaways every CISO can apply in their own security posture today. API security is the cornerstone of strong cybersecurity for CISOs.
A lot of our API use happens at home, in places you might not even expect. What happens when these APIs are left vulnerable?
Many companies use Fluent Bit, or tools built on top of the underlying fluentd package, for tracking performance, observability and system events, and create metrics and monitoring alerts. However recently, a new vulnerability has come to light on the platform.
API security by design is all about breaking down how security considerations can be brought into the various stages of an APIs lifecycle and simplifying the API security process from the developers’ standpoint.
Many application developers are still grappling with the integration challenge. Microsoft’s Graph API attempts to solve this problem, however, their solution comes with its own drawbacks.
The Cambridge Analytica Data Scandal led to the collapse of the company, court cases and massive fines for Meta. It highlighted the massive impact that technology was having on society, politics and democracy. Now, almost a decade later, we take a look at how a poorly configured API started it all.
Based on trends in changing compute architectures, it seemed logical that Endpoint Detection and Response companies would shrink their overall install base. Instead, EDR has evolved into Extended Detection and Response.
FireTail CEO, Jeremy Snyder, explores the evolution of cloud security and where we are at in 2024. Examining breaches like CapitalOne and identifying where breaches occur based on his 4 quadrant model, Jeremy looks at Platformization and how the need for end-to-end API security is more pronounced than ever.
FireTail CTO Riley found a web application vulnerability. He noticed when the app was open, and he had tools open, one of the requests was going to an API instead of a web application.
Various APIs belonging to a data service are leaking their Git repositories, at a backend API which contain the APIs' source code.
Unauthorized users could gain access to sensitive financial information via an application's API using the data leaked via Github.
FireTail researcher Viktor Markopoulos discovered a vulnerability in a European Shipping Company’s APIs that allowed him to download internal files without authentication.
An unauthenticated API belonging to a fast food company exposed receipts from all of its stores in India.
By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
%20%5BRecovered%5D.png)
%20%5BRecovered%5D.png)
