The Governance Gap: How the EU AI Act Makes API Security a Compliance Imperative

Your legal team just handed you a 400-page document and said "figure out compliance." The EU AI Act is live, your organization falls under its scope, which is broader than many expect. Even non‑EU companies must comply if their AI systems are used, deployed, or produce effects within the European...

API Armor: How Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist

APIs present a security risk—that much is a given. Attacks on APIs have caused some of the most significant security incidents of the past decades. But the question now is: How can we flip the script and leverage their power to enhance security? Bybit might just have the answer. Bybit—one of the...

Protecting Against Bot-Enabled API Abuse

APIs have become the backbone of modern digital ecosystems, powering everything from mobile apps to e-commerce platforms. However, as APIs grow in importance, they also become prime targets for malicious actors. Increasingly, bots are being weaponized to exploit vulnerabilities, overwhelm systems...

Evolution of Attack Surface Management

The Early Days: Basic Asset Management While it was not called ASM, the concept of managing attack surface management began with basic asset management practices in the late 1990s and early 2000s. Organizations focused on keeping an inventory of their digital assets, such as servers, desktops, an...

Unveiling Top API Vulnerabilities and Emerging Trends: Introducing the Wallarm Q2 2024 API ThreatStats™ Report

As we move through 2024, the Wallarm Research Team continues to monitor the evolving API vulnerability and threat landscape. Our latest Q2 ThreatStats™ Report reveals critical trends and developments that are reshaping the security environment. Continuing from our Q1 findings, the surge in AI API...

How Can Deliberately Flawed APIs Help In Mastering API Security?

In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training...

What Is Network Availability?

Within the sphere of IT, 'network accessibility' is a term frequently used. Yet, does everyone understand its connotation? Simplistically put, network accessibility alludes to how readily a network or system can be accessed by its users. It quantifies to what extent a system is functioning and...

Protect your Helm chart bundled application with Wallarm WAF. 10-minutes configuration for continuous and enhanced security

Every application has its own specific goals, critical aspects, and needs. So, the logical conclusion would be that every app needs an in-depth manual configuration, right? Well, here at Wallarm, we’re security experts and developers from the real world, and we know that in many cases time,...

Choose the right ingress controller for your Kubernetes environment

Choosing the right ingress controller can help you ensure the right infrastructure, direction, and level of customization. Get the information about ingress controllers you need. The post Choose the right ingress controller for your Kubernetes environment appeared first on Wallarm Blog...

Frenemy at the Gates: The Breaching

Online businesses have to be careful. It’s a dangerous world, full of anonymous people and services wearing digital skins. It sounds horrific because it is. On the other side of a transaction, could be anyone. Extra measures have to be made to secure web interfaces and API endpoints that online...

Using Threat Modeling in Cybersecurity to Hunt and Remediate

Modern-day cyberattacks keep growing in sophistication and sheer volume. This dynamic makes it virtually impossible to detect and block all attacks using the traditional methods of comparing incoming requests to known attack signatures. To effectively operate in this new aggressive cyberthreat...

Five Reasons Why I Joined Wallarm

By Johan Nordstrom The question of “what made you change jobs?” may be old, but the answer with my move to Wallarm is new and clear. I have a vision how to address the dynamic threat landscape of today and Wallarm’s innovative approach to security is in line with these ideas. In my 30 years caree...

What Your Board Gets Wrong About AI Security

Editor's note: This article was originally published by Craig Riddell on LinkedIn. It has been republished here with the author's permission. Boards are giving AI security more airtime than ever. What they're not giving is the right framing. A year or two ago, AI was mostly a question of...

Extending Security to MCP Servers: Closing a Critical Gap

The Model Context Protocol MCP is a de facto standard for providing structured access to privileged systems for AI agents and external integrations. It acts as a USB-C port for AI, enabling faster innovation by allowing organizations to expose tools, resources, and workflows without the...

Inside Modern API Attacks: What We Learn from the 2026 API ThreatStats Report

API security has been a growing concern for years. However, while it was always seen as important, it often came second to application security or hardening infrastructure. In 2025, the picture changed. Wallarm’s 2026 API ThreatStats Report revealed that APIs are now the primary attack surface fo...

Comprehensive MCP Security Checklist: Protecting Your AI-Powered Infrastructure

With innovation comes risk. As organizations race to build AI-first infrastructure, security is struggling to keep pace. Multi-Agentic Systems – those built on Large Language Models LLMs and Multi-Component Protocols MCP - bring immense potential, but also novel vulnerabilities that traditional...

Five Uncomfortable Truths About LLMs in Production

Many tech professionals see integrating large language models LLMs as a simple process -just connect an API and let it run. At Wallarm, our experience has proved otherwise. Through rigorous testing and iteration, our engineering team uncovered several critical insights about deploying LLMs secure...

CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape

Mike Wilkes has had a career many cybersecurity professionals could only dream of. An adjunct professor, former CISO of Marvel and MLS, member of the World Economic Forum, drummer, and board member at the National Jazz Museum in Harlem, his interests and achievements are as eclectic as they are...

Threat Replay Testing: Turning Attackers into Pen Testers

API security is no longer just a concern; it’s a critical priority for businesses. With APIs serving as the backbone of modern applications, they’ve become a primary target for attackers. While automated security testing tools help detect vulnerabilities, their limitations leave organizations...

AI Agents and API Security: The Hidden Risks Lurking in Your Business Logic

Modern organizations are becoming increasingly reliant on agentic AI, and for good reason: AI agents can dramatically improve efficiency and automate mission-critical functions like customer support, sales, operations, and even security. However, this deep integration into business processes...

AI Security is API Security: What CISOs and CIOs Need to Know

Just when CIOs and CISOs thought they were getting a grip on API security, AI came along and shook things up. In the past few years, a huge number of organizations have adopted AI, realizing innumerable productivity, operational, and efficiency benefits. However, they’re also having to deal with...

Chicago API Security Summit 2024

Thank You Chicago! Earlier this week we had the pleasure of hosting a regional API Security Summit in Chicago well, actually in Lombard. These summits bring together the local cybersecurity community for half-day of API Security-focused content, including expert speakers and panelists. While this...

What Is Policy-as-Code

Decoding the Enigma: Policy-as-Code Explained The Information Technology IT sector can often feel like a maze of intricate jargon and theories. A phrase gaining traction in this field is Policy-as-Code PaC. However, what does Policy-as-Code entail? Let's demystify this enigma. Policy-as-Code...

Discovering Shadow APIs with Wallarm API firewall

Shadow APIs can be defined as active endpoints that you are not aware of. Some APIs are deployed but never documented. Others are services that don’t have an owner anymore. Some are even old v2 versions that have been deprecated for years, yet still exposed. Long story short: these APIs are not...

Exporting Nginx Access Logs to an ELK Cluster

The Wallarm WAF provides an organization with the ability to protect their applications and APIs against a wide range of attacks. However, an organization may wish to achieve a greater degree of visibility into attack traffic and alerts than is possible via the Wallarm user interface. The Wallarm...

How to easily protect any Kubernetes application?

The king of container orchestration needs the best security companion: Wallarm WAF. When it comes to speed, portability, and the advantages of microservices architecture, no other product can compete with Kubernetes as a container orchestrator. Nevertheless, even the best solutions have challenge...

An Analog Approach to Secure Operations in Kubernetes

Security is not something you achieve. It's something you continually take care of and understand as constantly transforming. Here are our tips about your K8s cybersecurity The post An Analog Approach to Secure Operations in Kubernetes appeared first on Wallarm Blog...

Shift to Microservices: Evolve Your Security Practices & Container Security

Understand the best practices of shifting left to change your DevOps into DevSecOps. Your security health will get a serious boost. The post Shift to Microservices: Evolve Your Security Practices & Container Security appeared first on Wallarm Blog...

Frenemy at the Gates: The Breaching

Online businesses have to be careful. It’s a dangerous world, full of anonymous people and services wearing digital skins. It sounds horrific because it is. On the other side of a transaction, could be anyone. Extra measures have to be made to secure web interfaces and API endpoints that online...

MTGOX: Crypto Failure is in the Name.

Understanding how cryptocurrency exchanges evolved into hacker fantasy islands is all in the name. MTGOX, a company remembered for the largest crypto breach in history, is an acronym for Magic The Gathering Online Exchange MTGOX. The absurd rise and fall of MTGOX is critical to understanding the...

Wallarm Research Releases Nuclei Template to Counter Threats Targeting LLM Apps

Wallarm Research has just released a powerful new Nuclei template targeting a new kind of exposure: the Model Context Protocol MCP. This isn’t about legacy devtools or generic JSON-RPC pinging. It’s about the protocol fueling next-gen LLM applications — and it’s already showing up exposed in the...

API Security Is At the Center of OpenAI vs. DeepSeek Allegations

With a high-stakes battle between OpenAI and its alleged Chinese rival, DeepSeek, API security was catapulted to priority number one in the AI community today. According to multiple reports, OpenAI and Microsoft have been investigating whether DeepSeek improperly used OpenAI’s API to train its ow...

Top Tool Capabilities to Prevent AI-Powered Attacks

Recent advances in AI technologies have granted organizations and individuals alike unprecedented productivity, efficiency, and operational benefits. AI is, without question, the single most exciting emerging technology in the world. However, it also brings enormous risks. While the dystopian,...

340 secretos JWT débiles que debes revisar en tu código

¿Qué pasa con JWT? El token web JSON, usualmente identificado por sus siglas JWT, brinda un recurso eficaz para autenticar y habilitar el acceso en los programas web. No obstante, un uso inadecuado de esta herramienta puede resultar en serios fallos de seguridad. En este escrito, discutiremos los...

What is The Dark Web ?

The Undernet, a term frequently shrouded in enigma and often linked with unlawful activities, is a concealed segment of the digital world that is purposefully veiled and unreachable via regular internet browsers. This chapter aims to unveil the secrets of the Undernet, step by step demythifying i...

Most Common Types of Cyber Attacks

Pioneering Perspectives on Prevalent Cyber Threats for Beginners Delving into the technology-powered period, it's indispensable to perceive technology as more than just a tool. Indeed, it has become an essential aspect of our day-to-day activities. As we navigate this interconnected realm, it's...

Building Security into Cloud Native Apps with NGINX

Industries from hospitality to taxis/transportation and food delivery are being disrupted by new age companies like Airbnb, Uber and DoorDash that have a cloud-based software infrastructure as one of their main enablers. Why do all these new companies use cloud and what advantage does it give the...

Is your org structure threatening your IT security infrastructure?

In a hyper-competitive environment, keeping up with customer usability demands often means adopting a hyper-agile development process. It’s a dangerous devil’s bargain. Security gets left on the cutting room floor in pursuit of highly responsive, first-to-market, code-to-customer feature flow...

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol MCP, the fast-growing standard for connecting AI agents to external services, inherits that gap...

Why API Security Is No Longer an AppSec Problem – And What Security Leaders Must Do Instead

APIs are one of the most important technologies in digital business ecosystems. And yet, the responsibility for their security often falls to AppSec teams – and that’s a problem. This organizational mismatch creates systemic risk: business teams assume APIs are “secured,” while attackers exploit...

APIs Are the Retail Engine: How to Secure Them This Black Friday

Can you ever imagine the impact on your business if it went offline on Black Friday or Cyber Monday due to a cyberattack? Black Friday is the biggest day in the retail calendar. It’s also the riskiest. As you gear up for huge surges in online traffic, ask yourself: have you protected the APIs on...

Fail-Open Architecture for Secure Inline Protection on Azure

Every inline deployment introduces a tradeoff: enhanced inspection versus increased risk of downtime. Inline protection is important, especially for APIs, which are now the most targeted attack surface, but so is consistent uptime and performance. This is where a fail-open architecture comes in...

Addressing API Security with NIST SP 800-228

According to the Wallarm Q1 2025 ThreatStats report, 70% of all application attacks target APIs. The industry can no longer treat API security as a sidenote; it’s time to treat it as the main event. NIST seems to be on board with this view, releasing the initial public draft of NIST SP 800-228, a...

The API Security Challenge in AI: Preventing Resource Exhaustion and Unauthorized Access

Agentic AI is transforming business. Organizations are increasingly integrating AI agents into core business systems and processes, using them as intermediaries between users and these internal systems. As a result, these organizations are improving efficiency, automating routine tasks, and drivi...

Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk

Despite advancements in API security, access control vulnerabilities, such as broken object-level authentication BOLA and broken function-level authentication BFLA, remain almost impossible to detect. This blog will explore why these vulnerabilities are so difficult to detect, the limitations of...

Beyond Passwords: Advanced API Authentication Strategies for Enhanced Security

Passwordless authentication for end users is taking the world by storm, offering organizations and individuals alike unprecedented security, user experience, and efficiency benefits. By all indications, the next generation of authentication for end users has finally arrived, sending the password...

API Gateways and API Protection: What’s the Difference?

Modern businesses are increasingly reliant on APIs. They are the building blocks facilitating data exchange and communication between disparate systems. Because of their prevalence and importance, they are also under attack by actors exploiting vulnerabilities and misconfigurations. Unauthorized...

Elasticidad de la nube

Descripción general de la elasticidad de la nube La flexibilidad es uno de los atributos cardinales de la informática en la nube, conocido formalmente como elasticidad de la nube. Este atributo es esencial en el campo de las tecnologías de la información, facilitando el ajuste fluido de los...

CISO: funciones y responsabilidades laborales 🛡️

Significado de CISO En el ámbito corporativo, CISO es un acrónimo ampliamente reconocido que denota a "Chief Information Security Officer", que se puede interpretar en español como el Encargado Principal de Salvaguardar la Información. Este encargo representa una posición esencial en el organigra...

Security Assessor – Job Description and How to Become

Introduction It requires a ton of work to turn into a QSA and keep your affirmation. In truth, there is an enormous rundown of standards to meet to be thought of. What is a Cyber security control assessor? The Security Control Assessor SCA is a cybersecurity personnel that utilizes security testi...