Connect with us

Hi, what are you looking for?


Artificial Intelligence

Applying AI to API Security

While there is quite a bit of buzz and hype around AI, it is a technology that can add tremendous value to security programs.

It is hard to go anywhere in the security profession these days without the topic of artificial intelligence (AI) coming up. Indeed, AI is a popular topic.  Like many popular topics, there is quite a bit of buzz and hype around it. All of a sudden, it seems that everyone you meet is leveraging AI in a big way.

As you can imagine, this creates quite a bit of fog around the topic of AI. In particular, it can be difficult to understand when AI can add value and when it is merely being used for its buzz and hype. Beyond buzz and hype, however, how can we know when AI is being leveraged in a useful way to creatively solve problems?

In my experience, AI works best when applied to specific problems. In other words, AI needs to be carefully, strategically, and methodically leveraged in order to tackle certain problems that suit it.  While there are many such problems, API security is one such problem that I’ve experienced AI producing good results for.

Let’s take a look at five ways in which AI can be leveraged to improve API security:

  1. API discovery: AI can be leveraged to study request and response data for APIs.  Behavioral analysis can be performed to discover previously unknown API endpoints.  Once discovered, these previously unknown APIs can be included in asset inventory, asset management, security policy, and security monitoring activities.  In this way, API discovery is an important contributor to overall API security.
  2. Schema enforcement/access control: As AI studies request and response data for APIs, there are other benefits beyond API discovery.  Schemas for specific API endpoints can be learned and then enforced, and subsequent departures from learned schemas can be observed and then mitigated.  Functions can be generated that accurately fit metrics such as request size and response size, latency with and without data, request rate and error rate, response throughput, and others.  Subsequent departures from these metrics can also be observed and then mitigated.  This provides improved access control capabilities across API endpoints  The ability to enforce schemas and to improve access control is another important contributor to overall API security.
  3. Exposure of sensitive data: Yet another benefit to AI studying request and response data for APIs is the ability to identify sensitive data in transit.  This includes the detection and flagging of Personally Identifiable Information (PII) that is being exposed.  The exposure of sensitive data, including PII, is a big risk for most enterprises.  Improving the ability to detect and mitigate the exposure of sensitive data improves overall API security.
  4. Layer 7 DDoS protection: While most enterprises have DDoS protection at layers 3 and 4, they may not have it at layer 7.  With APIs, layer 7 is where the bulk of the action is.  Thus, AI can be leveraged to help protect API endpoints from the misuse and abuse that can happen at layer 7.  AI can be applied to analyze metrics and log data collected from an enterprise’s API endpoints.  The visibility generated by this continuous analysis and baselining of API endpoint behavior provides insights and alerting on anomalies, which can then be used to generate layer 7 protection policies.  Improved layer 7 DDoS protection means improved API security.
  5. Malicious user detection: Malicious users, or clients, pose a significant risk to most enterprises.  All client interactions, including those with API endpoints, can be analyzed for the enterprise over time, and outliers can be identified.  Then, each client can be given a risk score based on all of their interactions with specific API endpoints.  Based on each client’s specific activities, the client’s threat level will rise or fall over time.  Policies and processes can be put in place to define how these malicious users/clients are handled.  This opens up yet another path to improved API security.
Five ways in which artificial intelligence (AI) can be leveraged to improve API security to  help enterprises  improve their security posture.

Both AI and API security are top of mind for most security professionals these days.  While there is quite a bit of buzz and hype around AI, it is a technology that can add tremendous value to security programs.  Not surprisingly, like many technologies, AI works best when applied to specific problems that suit it.  In my experience, API security happens to be one of those problems.  By carefully, strategically, and methodically applying AI to API security, enterprises can improve their overall security postures.

RelatedSecurityWeek to Host Cyber AI & Automation Summit

Written By

Joshua Goldfarb (Twitter: @ananalytical) is currently Global Solutions Architect - Security at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Artificial Intelligence

Microsoft and Mitre release Arsenal plugin to help cybersecurity professionals emulate attacks on machine learning (ML) systems.

Application Security

Thinking through the good, the bad, and the ugly now is a process that affords us “the negative focus to survive, but a positive...

Artificial Intelligence

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring...