Traceable API Security Platform Updates – April 2024

Happy RSA week to those who celebrate! This past month’s releases include an exciting new capability that extends API security to generative AI APIs, DAST for GraphQL, JIRA data center integration, and several other enhancements. 

Generative AI API Security – Now in Early Access

According to Gartner, 80% of enterprises will have used generative AI APIs or deployed generative AI in their applications by 2026. At Traceable our mission is to protect every API and generative AI APIs are no exception.

To help security teams prepare for and mitigate the new risks that generative AI introduces to applications, we’re introducing a new set of capabilities that extends our end-to-end API security to generative AI APIs. 

Generative AI introduces new security risks to applications, including those cataloged in the OWASP Top 10 for LLMs. As product and data teams experiment with generative AI to power user experiences and features such as content personalization, chatbots, and AI assistants, security teams need visibility into where generative AI is used in their applications, and the ability to monitor generative AI inputs (prompts) and outputs to guard against generative AI risks. Traceable’s Generative AI API Security allows teams to do just that. Capabilities include:

Discovery and Cataloging of Generative AI APIs

Discover everywhere generative AI is used in your applications by cataloging every generative AI API, whether the APIs are from third-party AI providers like OpenAI and Anthropic, or from an internally hosted model. 

Identify and Block Restricted Data in GenAI Requests and Responses

Monitor all requests and responses to GenAI APIs. Identify when sensitive data or other restricted data or language types are contained in requests and responses, including manipulative language indicative of prompt injection. 

Continuously Test GenAI APIs for Vulnerabilities

Traceable AST will continuously test GenAI APIs for standard API vulnerabilities as well as several AI-specific vulnerabilities in the OWASP Top 10 for LLMs, empowering security teams to identify any issues quickly. If you are a Traceable customer and your organization is building generative AI-enabled features in your applications, please reach out to speak with our product team about early access.

DAST for GraphQL APIS

DAST for GraphQL APIs is now generally available and enabled for Traceable customers within Testing Suites. This update allows you to upload a GraphQL API schema and run a scan to find vulnerabilities. You can now upload GraphQL schema and run a scan to find vulnerabilities. 

JIRA Data Center Integration

Traceable can now integrate with your JIRA Data Center deployment to power project management for customers who host JIRA on prem. Traceable previously supported integration with JIRA deployments in the cloud. The JIRA integration allows you to file a JIRA ticket directly from the Traceable platform, so you can seamlessly create JIRA tickets for the relevant teams to fix vulnerabilities and other issues identified in Traceable. 

Vulnerability Resolution and Data Retention Enhancements

We have made two updates to improve your ability to triage and investigate vulnerabilities in Traceable:

• Auto-resolution for passive vulnerabilities: This update will auto-resolve passive vulnerabilities detected via live traffic. When a previously detected passive vulnerability is not seen in subsequent traffic over a period of time, we will automatically resolve the vulnerability. 
• Increased data retention for vulnerability evidence: Traceable will now store vulnerability evidence spans for 90 days, giving you and your development team more time to complete investigations of issues discovered in Traceable. 

About Traceable

Traceable is the industry’s leading API Security company helping organizations achieve API protection in a cloud-first, API-driven world. Traceable is the only contextually-informed solution that powers complete API security – API discovery and posture management, API security testing, attack detection and threat hunting, and attack protection anywhere your APIs live. Traceable enables organizations to minimize risk and maximize the value that APIs bring to their customers. To learn more about how API security can help your business, visit https://www.traceable.ai/.