teissTalk: Securing applications and infrastructure in the AI era

Views on news

While both cyberwar and cyberwarfare will increase through 2026, cyberwarfare is likely to grow more dramatically. The difference between the two should not be gauged by damage, but by primary intent. This difference is important because criminal activity can harm a business or industry, while nation state activity can damage whole countries. Cyberwar is primarily motivated by financial gain, whereas cyberwarfare by political gain, which means the perpetrator can be a nation or an ideologically motivated group. About 80 per cent of internet traffic is through APIs (non-human systems creating traffic), which, if not secure, can serve as backdoors for criminals. Nowadays, cars rely on APIs with hundreds of endpoints, and even IoT is now built with APIs. Although the internet was designed with human-to-human communication in mind, today a huge percentage of this traffic is machine-to-machine. Starting a smart phone involves 1,000 API calls.  And API connections are also made when you start your laptop – most of these connections are no longer web transactions. 

API security

The massive API growth driven by AI took place in the past two or three years, which means that old practices must be aligned with modern API security. But the change is not only about the volume of APIs but how central to our software systems they’ve become. In API security, access management is key. A simple API mustn’t get admin level privilege. Therefore, businesses must first understand what APIs they have and what goes in and out through them. Even clients might exploit their suppliers’ API vulnerabilities and then decide to bypass them. Verifying the data that you get from third parties using ML is yet another challenge.

 

Rather than classifying connections as good or bad, now you must also consider what entity – malign or benign – made that particular connection. Entity tracking broadens the picture and will flag up incidents that are not illegal but risky. When monitoring the entity, not the transaction, you are more likely to detect that something is suspicious and intervene before it escalates into an attack. 

Given the wide use of APIs, excel sheets with IP addresses can no longer do the job. While the mainline API tends to be highly protected, it might be on the same server as other, less protected APIs, and therefore can be brought down via a DDoS attack.  When selecting vendors, prefer the ones that have access controls in place and avoid the ones who will re-activate MCPs or ML that you’ve deactivated. For AI vendors too, data security and sovereignty are slowly but surely becoming differentiators.

The panel’s advice

• APIs are the new IoT.
• 80% of all internet traffic goes through APIs, including the ones built for websites, as well as APIs for applications.
• There are three steps to making APIs secure – seeing them, knowing what they are doing and, finally, securing them if any anomalies have been detected.
• Start building bridges inside the company to understand why they are using APIs and what the value of these APIs is.
• Model Context Protocol (MCP) will be the next REST API.
• As a rule of thumb, you use three or four APIs per supplier.