Salt Security has made another industry breakthrough by creating the first artificial intelligence-enabled API security platform to address the proliferation of GenAI application development

Salt's Pepper solution has been used for years to prevent API attacks, and now it has been extended to the continuous API discovery and security phases of the API Security lifecycle.

Salt Security, the leader in API security, announced the launch of its Pepper artificial intelligence-enabled API security defense platform, developed by Large Language Model (LLM). The launch of the platform marks the next generation of API security, leveraging AI in all aspects of the API lifecycle to simplify and strengthen API discovery, security and threat detection to mitigate risks faster.

Generative AI has enabled developers to build applications and APIs faster than ever before and at massive scale. With the dramatic increase in the speed of API creation comes new risks that current technologies can't keep up with.

According to Gartner, "The rapid proliferation of APIs, as well as organizations' lack of awareness of their scope, has created a vast attack surface just waiting to be exploited by attackers*."

"Our business depends on the secure and fast delivery of finance-related APIs to our partners and customers, as we provide banking as a service," said Nuno Teodoro, Group Vice President of Cybersecurity. "With the rapid evolution of the GenAI landscape, especially those directly or indirectly focused on software development for mission-critical products, we need to build on the core capabilities of our technology partners, especially when it comes to API security. Salt's AI-enabled API security platform is a great example of supporting the delivery of secure APIs that comply with our policies and best practices, giving us confidence that cyber resilience is included in the API security lifecycle."

Using generative artificial intelligence, the Salt platform protects organizations from the risks associated with the speed and scale of new application development. Because APIs are at the core of current and future applications, with the launch of the new Salt platform, the company is uniquely positioned to ensure the next phase of application security.

With the latest expansion of its offerings, the Salt platform is now providing its services:

• Advanced continuous API discovery: Salt Security's AI engine excels in the discovery phase, acting as an exhaustive explorer of the entire application landscape. It uses machine learning to automatically detect all APIs, including those undocumented or embedded in microservices, providing a complete view of the network, leaving no hidden and vulnerable APIs behind. This level of comprehensive detection is unparalleled in the industry and ensures that no API is left undetected or vulnerable. While APIs are constantly being created by GenAI, the Salt platform constantly analyzes the API ecosystem to ensure the registry is up to date.
• Ensuring API Reliability: Moving to the next step, Salt Security uses its artificial intelligence-based Posture Governance system to proactively monitor and analyze API configurations. This artificial intelligence system is adept at identifying deviations from security best practices and highlighting insecure configurations. By supporting continuous monitoring, Salt Security helps organizations maintain robust API security and thereby prevent potential breaches.
• Robust API behavioral threat protection: Salt Security's patented behavioral threat protection comes into play at the crucial stage of threat detection. The artificial intelligence system analyzes API traffic in real time, drawing on extensive databases of known attack patterns. It is able to detect anomalies, suspicious activities and potential zero-day exploits. Moreover, its adaptive learning algorithm, which evolves based on new data and past incidents, provides a dynamic and robust defense mechanism, which is essential in today's rapidly changing threat environment.

And to further mitigate risks, the Salt Labs team continues to discover security flaws in APIs that lead to the addition of functionality to the product. A recent example was critical security flaws in ChatGPT plugins that could allow unauthorized access to third-party accounts and sensitive user data. The Salt platform now incorporates enhanced OAuth security.

According to the Salt Labs State of API Security Report, Q1 2023, 59% of respondents manage more than 100 APIs and 25% manage more than 500. 27% also stated that the number of APIs has more than doubled in the past year. This number will only grow as organizations embrace generative artificial intelligence in business operations, which can reduce code and API creation time from days to minutes or even seconds. Traditional API security solutions such as API gateways, web application firewalls (WAFs) and content delivery networks (CDNs) are already struggling to keep up with the growing API attack surface, and the introduction of generative AI further limits their ability to provide robust API protection.

With these enhancements, customers can now implement an API-first model for modern applications to quickly and securely scale business operations while ensuring compliance with company and industry API policies and standards. Salt is the first security vendor to utilize artificial intelligence in an API security platform. The new offering is available to organizations as a SaaS solution or managed security service provided by Salt.

"Since the inception of the API security market, artificial intelligence and ML have always been core components of our platform to provide organizations with the deep context and behavioral insights needed to combat the most sophisticated API security threats," said Michael Nicosia, COO and co-founder of Salt Security. "The recent growth in the use of generative AI in business operations has not only accelerated the increase in API volume, but has also given attackers the means to launch more tactical attack campaigns. Using generative AI for good, we've incorporated our own LLM, Pepper, into our platform to help organizations solve the complex problems that generative AI creates with an easy-to-use and easy-to-understand interface. With Pepper, organizations will be able to better manage API inventory and documentation, streamline threat and incident response, and provide robust API position management."