Subscribe to the Salt blog to learn about the latest developments in API Security

Blog Post

Enabling GenAI with AI-infused API Security

Michael Callahan
May 7, 2024

GenAI has the promise to transform companies, and introduce a lot of security risk.

One of the main benefits of GenAI relates to the modernization of apps. Most companies are going through some type of app modernization. They are responding to the market by delivering better and better experiences to their customers. This is largely done through the experience people have with their apps. This ranges from banking to healthcare to travel and everywhere in between. At the core of this modernization are APIs. APIs essentially power modern applications. We visualize this in the image below.

Most modern apps are a collection of APIs working in a coordinated fashion to deliver a positive end-user experience.

But how do you develop modern apps in modern times? It's a challenge for developers to keep up with demands. But it gets even more challenging for them when they have to learn multiple languages and frameworks. No one can be an expert in everything.  

When you combine the relentless march to improve customer experiences as fast as possible through the constantly changing and updating apps, you have a perfect storm of a problem that needs a solution.  

That solution is GenAI. GenAI helps developers create code at a super fast pace and volume. This is great for business. It is a nightmare for security teams. Here's a recent ad that IBM did on how to help developers in their jobs. They use Watson X Code Helper. Again, great for developers. Big challenges for SecOps, DevOps and compliance teams.

Remember the three parts of the API Security Journey: Continuous discovery of APIs, Posture Assurance (combined with discovery creates Posture Governance) and Threat Protection.

As code is developed with GenAI, the speed and volume make it impossible to keep up in these areas. APIs are developed and pushed out quickly but how do you keep up with knowing what you have? At the same time, you have policies that you've put in place or may be industry policies you need to keep up with.  How can you keep up if you are being bombarded with new APIs or versions of those APIs daily?  Of course the last step in the journey is better known but still is a challenging step. With new APIs coming in all of the time, how can you sort through billions of API calls every month to pull out the ones that are malicious?, It's impossible to keep up and protect yourself.

Until now.

Today, we are introducing Salt's new AI-infused API Security Platform powered by Pepper, our AI brain.  

This new platform infused AI throughout each stage of the API Security Journey.

  • Enhanced API Continuous Discovery: At the outset, Salt Security's AI engine excels in the discovery phase by acting as an exhaustive investigator across the application landscape. It leverages machine learning to automatically detect all APIs, including those that are undocumented or embedded within microservices, ensuring comprehensive visibility over the network, leaving no API hidden and vulnerable. This level of comprehensive discovery is unparalleled in the industry, ensuring that no API remains unnoticed or vulnerable. While APIs are continuously created at speed by GenAI, the Salt Platform continually analyzes the API ecosystem to ensure the inventory is up to date.
  • API Posture Assurance: Moving to the next phase, Salt Security employs its AI-driven Posture Governance to monitor and analyze API configurations proactively. This AI system is adept at identifying deviations from security best practices and highlighting insecure configurations. By maintaining continuous surveillance, Salt Security aids organizations in upholding a robust API security posture, thus preventing potential breaches.
  • Robust API Behavioral Threat Protection: In the crucial phase of threat detection, Salt Security's patented Behavioral Threat Protection comes into play. The AI system analyzes API traffic in real-time, drawing from extensive datasets of known attack patterns. It is capable of detecting anomalies, suspicious activities, and potential zero-day exploits. Moreover, its adaptive learning algorithm, which evolves based on new data and past incidents, provides a dynamic and robust defense mechanism that is critical in today’s fast-paced threat environment.

In addition to the API Security, we also use Pepper to power our knowledgebase. And we use Pepper to help guide people in the product to perform certain functions they may need making the Salt API Security Platform intuitive and easy to use.

We are excited to bring another innovation to the category we created six years ago. And we're not resting. You'll see more from us this year as we continue to outpace our competition and solve the real problems our customers are facing.

We are very proud of this achievement and what it means for our current and future customers and partners. To learn a little more, please join us for webinar where we'll discuss more in depth by registering here.


Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

June 21, 2024

Amanda Fitzsimmons
Head of Legal


Don't Get Salted: Why API Inventory is Key to PCI DSS 4.0 Compliance (and How Salt Security Can Help You Achieve It)

A secure API ecosystem starts with a clear understanding of what APIs you have and how they interact with your data.

Read more

June 18, 2024

Salt Labs
Research Team

Salt Labs

Increasing API Traffic, Proliferating Attack Activity and Lack of Maturity: Key Findings from Salt Security’s 2024 State of API Security Report

The latest Salt Security State of API Security Report is out now, and we’re thrilled to give a little sneak peek of its contents.

Read more

June 12, 2024

Elad Hoffer
Head of Product R/T Protection


Salt Security Leading the Way in AI-Driven API Security for Next-Generation Threat Protection and Attacker Insights

Learn how the recent introduction of advanced LLM-driven attacker insights further solidifies Salt's position as a leader in API security solutions.

Read more

Download this guide for advice on evaluating key capabilities in API Security

Learn everything you need to know to keep your APIs secure

Get the guide