By rssfeeds-admin 
Related: Mistaking AI pattern matching for wisdom
This reality is highlighted in a just-released Salt Security survey of 250 security and IT leaders which found nearly half (48%) reporting API security concerns slowing down their organizations’ AI adoption.
It tracks. Generative AI relies on connecting models to internal data and functions — often through complex webs of APIs. But most companies still don’t have full visibility into their APIs, let alone control over how they behave in real time. Shadow APIs, zombie APIs, weak governance — these gaps are translating into AI blockers.
The recent OneLogin breach is a case in point. Attackers used a compromised API key to access internal apps and customer data — and the intrusion went undetected for weeks. Traditional tools like WAFs, gateways, and static scans missed it. They weren’t built to track today’s fast-changing API traffic or catch business logic abuse in production.
Live monitoring
As microservices and SaaS sprawl expand, API security has become table stakes. It needs to be built into incident response, not bolted on later. Security teams must be able to see what APIs are doing now — not what they looked like in staging last month.
That’s the shift security leaders are now embracing: treating API security not as a bolt-on but as a live, first-class discipline — essential to containing risk in modern software environments. Salt Security, among others, has been helping teams make that pivot. In this Q&A, Eric Schwake, Head of Security Operations, outlines a practical roadmap. His core message: AI success starts with API hygiene — and API security is no longer optional.
LW: What’s stalling enterprise AI adoption — and how are APIs at the center of the delay?
Schwake: Enterprise AI adoption faces delays due to trust issues with the infrastructure. Our research indicates that API security worries are hindering AI implementations in roughly 50% of organizations. Since AI models need extensive access to sensitive data and essential business operations, they rely on APIs for connectivity. However, without proper visibility and governance of their complex API systems, organizations struggle to securely integrate these advanced AI tools with their most valuable assets.
LW: Why do APIs remain the biggest blind spot in modern enterprise security?
Schwake: APIs remain a blind spot due to their rapid and decentralized growth. The adoption of microservices, cloud computing, and AI agents has led to a proliferation of “shadow” and “zombie” APIs that security teams are often unaware of. Many organizations still lack a real-time inventory of their APIs, echoing early cloud and BYOD challenges. Without visibility, effective protection is impossible.
LW: Why can’t traditional tools like WAFs and gateways keep up with API threats?
Schwake: Traditional tools mainly serve as perimeter defenses that monitor north-south traffic, data entering or leaving the network. They tend to overlook east-west traffic, which involves internal service communication. This results in a significant blind spot, as an internal AI agent interacting with other applications via APIs remains invisible to a WAF or gateway. Even for the north-south traffic they detect, these tools remain unaware of the most critical modern threats: cases where an attacker with valid credentials exploits business logic to manipulate an API’s intended functions.
LW: What does “muscle memory” look like in real-world incident response?
Schwake: “Muscle memory” means your team has practiced so consistently that their reaction to a threat becomes automatic and immediate, greatly reducing response time. This is accomplished by using a single platform for threat detection, tabletop drills, and live incident response. When your team develops habits around a unified workflow, from triage to investigation and mitigation, they can respond swiftly during an actual attack without needing to learn new tools or processes in high-pressure situations.
LW: What are a few practical habits security teams can build now to stay ahead?
Schwake
Schwake: A crucial habit is establishing a baseline of normal activity, beginning with identifying all APIs and tagging those that process sensitive data. After defining this baseline for critical endpoints, you can better spot anomalies. Additionally, integrating security early in development via practices like purple teaming enables testing defenses against real attack scenarios before deployment in production.
LW: As we look to 2026, where is the API threat landscape headed next?
Schwake:The landscape is evolving from attacks led by humans to those automated by machines. As the deployment of AI agents increases, they are likely to become the primary means for attacks, leading to new types of large-scale misuse and leakage of API secrets. Concurrently, regulatory pressures concerning AI and data privacy will grow stronger, compelling organizations to advance their API security measures from mere reactive responses to essential prerequisites for operating.
Acohido
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
(LW provides consulting services to the vendors we cover.)
The post SHARED INTEL Q&A: API gaps expose AI fault lines — an urgent call for hygiene, active monitoring first appeared on The Last Watchdog.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.