API Security stories
Enterprise security teams are being pushed to track what AI agents can access and do across apps, identities and workflows before data is exposed.
Almost half of ransomware victims discovered breaches only after data theft, underscoring how attackers are evading detection for weeks.
Organisations risk missed exposures as cloud, APIs and AI systems change far faster than annual security checks can keep up.
Users of Dify's cloud service could have had private chats and files exposed after Zafran Security disclosed four flaws in the AI platform.
Security teams are being offered new tools to track shadow AI and block prompt injection as enterprises rush to deploy agents and models.
The expansion gives IT teams central control over AI agent permissions, reducing risky static keys and easing reviews as workplace use widens.
The move aims to help defenders turn faster vulnerability discovery into working fixes, as OpenAI broadens access to its cyber tools and partners.
Trusted third-party access has let attackers quietly pull large volumes of Salesforce records from enterprise systems via a Klue integration.
A single compromised laptop can expose thousands of live keys, according to GitGuardian's early field tests, as attacks shift to developer machines.
More than half of Vercel deployments are now triggered by coding agents, as monthly AI token traffic has jumped tenfold.
Security teams can now trace AI activity across employee and developer environments as Reco links Claude usage to permissions, keys and data paths.
The integrations aim to close security gaps as more firms run AI in production across gateways, APIs and models.
Enterprises gain tighter oversight of AI agents as Ping Identity extends continuous authorisation into cloud and edge environments through three partners.
Government agencies will gain wider access to application security tools as the partnership places Checkmarx products on Carahsoft's procurement channels.
Major sporting events are giving fraudsters fresh ways to scrape data, hijack tokens and abuse APIs in genuine betting apps.
Security teams are struggling to spot intrusions until after data is stolen, with 85% of leaders reporting AI-linked incidents or near misses.
Automated traffic now makes up more than half of web requests, pushing enterprises to adopt defences that work across AI agents and APIs.
Tech and software groups are most at risk as breaches, supplier access and stale credentials let attackers reach source code and customer data.
Researchers can now earn up to USD $6,000 for exposing flaws in Agoda's core web services, APIs and mobile app via HackerOne.
The deal gives customers red teaming and runtime protection for AI systems as enterprises rush to secure models and autonomous agents.
