API Summit 2024: Security Challenges, AI, and What’s Next

After a long 20-hour travel journey (and making the mistake to fly into Dublin the Thursday before St Patrick’s Day), I’m back from the Austin API Summit.

As expected, I learned a great deal and connected with some of the leaders in not just API security but APIs in general. I listened to some insightful talks and had some fantastic conversations. I also was very kindly accepted to speak too.

But before I get into that, I wanted to start with a few of the big-picture thoughts that stuck with me after the summit.

For one, developers have a lot to worry about that isn’t security, from API performance to documentation efforts to profitability for API projects. It’s no wonder security isn’t a major priority at the moment. API professionals are still looking to leverage their API efforts with AI, whether in automated testing, generating documentation automatically, or generating code snippets. While nothing has been crowned the latest AI disruptor, it’s clear we’re still looking for it.

There are also some interesting new paradigms for API security, whether that’s implementing an OAuth-style standard for authorization or hiding API calls in SDKs. Security isn’t something you buy, it’s something you build from the ground up – leveraging tools where you can but also having a strong foundation of people and culture.

The boundary between what is appsec and what is API security is blurry, but any security professional should be aware of the key components of modern APIs – from Gateways to cloud to appsec.

These are just a few of my initial observations from the API Summit. Next, I give a bit more detail for each.

5 Takeaways from the API Summit 2024

1) It’s not just security Those of us in the security bubble know how important API security is, [and] breaches are a weekly occurrence. However, for API developers and architects, there is no shortage of high-priority items – from API performance, to documentation efforts, to profitability for API projects. It’s no wonder security isn’t a major priority at the moment.

2) API security is important While it’s not just about security, it is important, with API breaches becoming more and more common. In my own talk, I highlighted how easy API hacking can be, enabling attackers to increase their attack surface across multiple applications. The summit served as a stark reminder of the critical need for robust security measures in API development.

3) AI is still in API professionals are still looking to leverage their API efforts with AI, whether in automated testing, generating documentation automatically, or [generating] code snippets. While nothing has been [crowned] the latest AI disruptor, it’s clear we’re still looking for it.

4) Deploying and Operationalizing APIs API gateways have been around for a while now, and they continue to make API deployment unique when compared to other types of web applications. Security professionals must grasp the nuances of the API attack surface and its implications for cloud and application security.

5) New paradigms for API security There are some interesting new paradigms for API security, whether that’s implementing an OAuth-style standard for authorization or hiding API calls in SDKs. Security isn’t something you buy, it’s something you build from the ground up – leveraging tools where you can but also having a strong foundation of people and culture.

About Traceable

Traceable is the industry’s leading API Security company helping organizations achieve API visibility and attack protection in a cloud-first, API-driven world. Traceable is the only intelligent and context-aware solution that powers complete API security – API discovery and posture management, API security testing, attack detection and threat hunting, and attack protection anywhere your APIs live. Traceable enables organizations to minimize risk and maximize the value that APIs bring their customers. To learn more about how API security can help your business, book a demo with a security expert.