• Business

    Why API security is the hidden fabric of modern business

    AnyFans Posted on

    Why API security is the hidden fabric of modern business

    The proliferation of artificial intelligence tools to reshape enterprise operations has created a parallel security challenge: The surge in application programming interface traffic driven by AI agents and protocols, such as Model Context Protocol and application-to-application. In short, APIs are the new frontier of threats, and API security will be critical to sustainable AI-driven innovation.
    Founded in 2018, Salt Security Inc. was built around a simple but pressing mission: Protect APIs. Today, that mission has expanded to encompass the growing world of AI agents, where APIs remain the lifeblood of digital interactions.
    “We basically help discover, govern and protect against any potential malicious activity that might be happening with these bad actors that are trying to infiltrate these applications or these APIs,” said Michael Nicosia (pictured, right), co-founder and chief operating officer of Salt Security. “If you think about APIs, think about how they come up with about 85% of applications. Think about a mobile app, a web app and microservices. All of these things are bound by APIs, and there’s a lot of sensitive data that basically gets housed in these APIs that are beneficial for obviously these bad actors to try to infiltrate.”
    Nicosia and Michael Callahan (left), chief marketing officer of Salt Security, spoke with theCUBE’s Dave Vellante and Rebecca Knight for a keynote analysis at Fal.Con, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed why APIs are the foundation of digital transformation — and why securing them has never been more critical. (* Disclosure below.)
    API security hits at the hidden fabric of modern business
    With the rise of agentic AI, API exposure has proliferated. Agents fan out call paths and amplify traffic, effectively turning APIs into the enterprise “plumbing” of operations, according to Callahan. This has created the “API fabric” — a complex, constantly moving mesh of connections that enterprises struggle to see, let alone secure.
    A large part of the API security conversation is on the role of MCP, an open standard championed by Anthropic PBC, and A2A, Google’s protocol for agent-to-agent interactions, according to Nicosia. Both sit atop existing APIs, acting as brokers to manage data retrieval and collaboration between agents.
    “For us, the visibility of the AIs and the MCPs … the protocols are so paramount because you can’t protect what you don’t know,” Nicosia said. “Having that visibility from either a zombie API or a zombie MCP protocol server, we give you that visibility. At least you’re aware of all of this proliferation that’s going on with the organization. And then how do you govern it? And then how do you protect against it?”
    Salt’s momentum has been bolstered by its close partnership with CrowdStrike Holdings Inc. The company is a Falcon Fund portfolio company and has integrated its API security solutions with CrowdStrike’s Falcon platform and next-generation security information and event management. Together, they provide customers with unified visibility across APIs and AI-driven workflows, Nicosia added.
    “We can spin up our dashboard directly from their agent to integrate to their next-generation SIEM,” he said. “And then we’re also starting to talk about what’s next in terms of integration points from an AI perspective, and what would that better together story look like.”
    Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of Fal.con:
    (* Disclosure: TheCUBE is a paid media partner for Fal.Con. Neither Salt Security Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
    Photo: SiliconANGLE

    You Might Also Like