Model Context Protocol (MCP) has, almost overnight, become a mainstay for developer tools and enterprise AI workflows. Anthropic open-sourced MCP in late 2024 and later donated it to the recently established Agentic AI Foundation (AAIF), a Linux Foundation project. As AI agents and large language model (LLM) applications start to put MCP servers into use, ...
#api security
26 posts
4 Jun
21 May
When discussing modern API security, developers frequently conflate terms like bearer token and JSON Web Token (JWT). This semantic confusion around access tokens often masks a critical architectural distinction. A bearer token specifies the transmission mechanism, while a JWT defines a specific, structured data format. But due to the extensive adoption of JWTs, there is ...
19 May
API keys often give a false sense of security: it seems like they protect access to APIs. Yet, there are plenty of API key security risks. For one, they’re simply static strings that are often exposed, leaked, and end up helping attackers. As such, leaky API keys are at the heart of many of today’s ...
14 May
The age of AI is well upon us. According to research by Microsoft, 24.7% of the working age population in the Global North is using AI, paired with 14.1% of the Global South. As AI adoption increases, organizations are increasingly finding their minds focused on not just the potential upside of AI, but on the ...
6 May
Between August 9 and August 17, 2025, malicious actors were able to export data from over 700 organizations. To make matters worse, the breach, referred to as UNC6395, was caused by insecure tokens leaked by a third-party app called Salesloft. As a representative from Google put it in a statement, “After the data was exfiltrated, ...
28 Apr
In February 2026, nearly 3,000 Google API keys were accidentally exposed. Data breaches are always damaging, but a data breach due to an authenticated, active API key can be catastrophic. An active API key allows actors to access uploaded files, cached data, and charge LLM-usage to your account, as noted by cybersecurity researcher Joe Leon. ...
21 Apr
Analysts are predicting that the digital economy is growing at three times the rate of national GDPs, driven largely by AI in various ways. Some speculators think AI-enhanced workplaces could generate nearly USD $4.91 trillion by 2026. With that kind of money involved, it’s no surprise that a whole new financial ecosystem is emerging around ...
14 Apr
New data underscores what many of us have known all along: APIs are now the most common doorway for attackers. But while the reigning API security risks may not look all that new, the new technology around agentic AI, like Model Context Protocol (MCP), seems to be disproportionately exacerbating classic API- and application-level security gaps. ...
2 Apr
Enterprise teams treated bots like volume problems for years. Scrapers. Credential stuffing. Occasional denial of service spikes. Sure, it was frustrating. But mostly it was manageable. That old playbook doesn’t work anymore. The most harmful automation of today flies under the radar, appearing as “normal” transactions happening at machine speed through your company’s own digital ...
31 Mar
APIs are the modern doorway for systems to share data, but this common pathway is often unlocked. As a result, over the past two years, we’ve witnessed a string of API security incidents, including headline-worthy API exploits at 23andMe, Avelo Airlines, Authy, Optus, Trello, Volkswagen, WhatsApp, and others. 42Crunch recently released its State of API ...
26 Mar
The autonomous future is nearly upon us. Every day seems to bring a fresh wave of headlines involving autonomous cars or self-driving trucks. Users are taking more than 700,000 autonomous taxi rides each week, according to McKinsey, while the first autonomous truck pilots are starting to hit the pavement. European countries have already hosted 35 ...
25 Feb
When it comes to APIs, access control is an incredibly important part of ensuring that your APIs are as secure and properly controlled as possible. In this context, one of the most effective methods that has arisen is role-based access control (RBAC), a security practice that segments access to digital systems based on roles. In ...
22 Jan
There’s nothing particularly new about APIs calling it quits and closing up shop. Twitter, for example, ended free access to its API in 2023 as part of a monetization push by Elon Musk. Netflix shuttered its public API for third-party developers back in 2014 and implemented strict rules around data scraping for the APIs that ...
13 Jan
The API community has been known to be on the lookout for shadow APIs for a number of years, as they are a common source of cybersecurity risks like unauthorized access and data leaks. It does not matter how robust your cybersecurity is when an endpoint falls outside of your protective barriers. Once an API ...
8 Jan
In the software field, one of the most commonly referred to and leveraged resources is the Top Ten list from OWASP. This is for good reason — OWASP stands as a platform- and vendor-agnostic voice that can highlight application security risks in a potentially more meaningful way than the litany of whitepapers and reports issued ...
23 Dec 2025
Authorization Exchange, or AuthZEN for short, is a new specification from the OpenID Foundation that aims to bring clarity and standardization to authorization. If OAuth 2.0 and OpenID Connect brought us standardized protocols for authentication and identity, AuthZEN aims to do something similar for fine-grained authorization. It defines a shared, interoperable way for applications to ...
16 Dec 2025
With their usage increasing by more than 50% since the start of the pandemic, it’s clear that eSignatures (and eSignature APIs) are here to stay. As we edge closer and closer towards a paperless world, public perception of electronic signatures has moved from “are those even legally binding?” to something used for everything from sending ...
27 Nov 2025
Authorization is having a bit of a moment in the tech world right now. Organizations like Apple are investing more heavily in policy-driven access control, signalling a shift towards policy as code. As this approach is solidified, it’s becoming clear that the next big revolution in the authorization space will be focused on a specific ...
26 Nov 2025
A cybersecurity system is only as secure as its weakest link. Consumers and developers likely had no reason to doubt the security of a fintech API used by most of the largest banks in the world, official financial institutions, and the majority of the most widely used financial software and services on the market. Unfortunately, ...
18 Nov 2025
Imagine you’re running an API gateway that routes traffic to several microservices, such as authentication, payments, order management, or analytics, for example. Now imagine that everything had been running flawlessly for months, when one night a malformed request body from a mobile client triggers a 500 Internal Server Error in your monitoring system. Even the ...
21 Oct 2025
Agentic AI has been the talk of the tech world in 2025. A quick query on Google Trends shows a 6100% uptick in Google searches for agentic AI in the last 12 months. Emergen Research anticipates that the Agentic AI market could be worth as much as $48.2 billion by 2030, with a compound annual ...
8 Oct 2025
APIs have a reputation for being the weakest link in an enterprise’s cybersecurity. This can become a self-fulfilling prophecy, as APIs’ supposed vulnerabilities make them a popular target for potential attackers and cybercriminals. This can cause all manner of security issues, as APIs can be made to divulge a wealth of sensitive information using valid ...
2 Oct 2025
Can AI work with open finance? If you know something about AI, and especially AI agents, you may have read the title of this post and be thinking, “yes, of course it can, stupid!”. The use case for AI and AI agents in the context of financial services generally is significant, with agents having the ...
1 Oct 2025
Most teams do at least some sort of injection attack testing. This testing, however, is typically focused on a small subset of particular vulnerabilities. SQL injection is a popular target, as is command injection. Some teams may even do log injection if they’ve been burned before. But when it comes to APIs — and especially ...
6 Mar 2025
API security is crucial, as it directly impacts your business’s success and safety. How well you secure your APIs can make or mar your product, and it is of utmost importance to spend time thinking about security. I have seen developers work in Postman without properly securing their credentials, often leaving API keys exposed in shared environments or logging sensitive…
6 May 2024
Bazaarvoice has thousands of clients including brands and retailers. Bazaarvoice has billions of records of product catalog and User Generated Content(UGC)from Bazaarvoice clients. When a shopper visits a brand or retailer site/app powered by Bazaarvoice, our APIs are triggered. In 2023,Bazaarvoice UGC APIs recorded peak traffic of over 3+ billion calls per day with zero […]