Of all the interesting topics we discussed at our recent Land Rover event, here are some of the highlights…

The session, in conjunction with Akamai, explored how AI and Machine Learning (ML) are reshaping API security. These insights, combined with recent findings from Akamai’s API Security Impact Study 2024, paint a compelling picture of the challenges and opportunities in protecting APIs.

API Security: A Growing Concern

Akamai’s study revealed a sharp increase in API security incidents across the UK:

– 83% of UK organisations reported API security breaches in the past year, a 14% rise from the previous year.

– Incidents are costly, averaging £420,000 per event in the UK – higher than in Germany (£335,277).

– Critical sectors like public services (94%), financial services (92%), and healthcare (90%) were particularly vulnerable, while retail/e-commerce, despite lower incidents (68%), leads in prioritising API security (21%).

Why API Security Matters More Than Ever

– API explosion: APIs are at the heart of digital transformation and AI solutions, yet their proliferation increases vulnerabilities.

– Sophisticated attacks: Generative AI lowers the barrier for attackers, enabling faster reconnaissance, automated vulnerability testing, and scaling of attacks.

– High stakes: APIs often access sensitive data, making breaches financially and reputationally damaging.

– Poor visibility: Only 29% of organisations with full API inventories know which APIs return sensitive data, down from 40% last year.

The AI-Driven Threat Landscape

– Automating attacks: Tools like WormGPT and FraudGPT enable phishing, malware creation, and deepfake generation.

– Real-world impacts: High-profile incidents, such as the theft of 37 million T-Mobile customer records via an API vulnerability, highlight the risks.

– Dark AI tools: Models like DarkGPT and ChaosGPT allow attackers to craft stealthy, large-scale attacks with minimal expertise.

Key Challenges for API Security Teams

– Lack of testing: Real-time API testing fell to just 13% of organisations.

– False positives: Differentiating between genuine threats and benign activity remains complex.

– Prioritisation: Teams struggle to identify which alerts demand immediate action.

– Actionable insights: Security tools often fail to provide context, delaying response times.

How Akamai Combats API Threats

Akamai showcased its AI-powered API security approach, leveraging:

1. API discovery: Clustering algorithms build accurate inventories and track API flows.

2. Anomaly detection: Advanced ML models identify abnormal behaviour.

3. False positive reduction: Tools like WAFPAFF improve precision, reducing noise.

4. Alert prioritisation: Confidence scoring ensures critical threats are addressed first.

5. Automated actions: Large language models (LLMs) generate remediation guidance and enable rapid response.

Practical Steps to Enhance API Security

To address the growing risks, Akamai and industry experts recommend:

– Enhanced visibility: Conduct a full inventory of APIs and associated microservices.

– Thorough testing: Invest in both pre- and post-production API security testing.

– Auditing: Regularly check APIs for misconfigurations and maintain detailed documentation.

– Real-time detection: Use runtime tools to monitor for abnormal behaviour.

– Proactive threat hunting: Integrate API security into broader security strategies.

Final Thoughts

The rise in API-related breaches underscores the urgency for organisations to adopt robust security measures. AI and ML are vital not just for attackers, but also for defenders. With its multi-layered approach, Akamai demonstrates how advanced technologies can help organisations stay ahead of evolving threats.

Key Questions

Are your API security measures keeping pace with modern threats?

1. How well do you know your APIs and their behaviour? ​
2. Can you spot a malicious behaviour in your APIs and automatically prevent it?​
3. During CI/CD, are API security tests performed?​
4. Can you detect and prevent against the top 10 OWASP API vulnerabilities?

If not, it’s time to invest in better visibility, testing, and AI-driven defence tools.

To find out how ITogether can help you achieve your API goals, contact us today…

📞 0113 341 0123

📧 hello@itogether.co.uk