AI Security: Risks, Myths, and Best Practices - Webinar with Ashish Rajan, CISO of Kaizanteq
Security teams today face a dual challenge: protecting AI systems from external threats while securing the APIs that power them. The reality is clear—if your APIs aren’t secure, neither is your AI.
A BreachForum user came out claiming to have breached OmniGPT and shared samples of stolen data to back up this claim. Weeks later, researchers are still scrambling to figure out the scope, attack method, and more.
Today’s cyber landscape is littered with threats, risks, and vulnerabilities. Every week, we are seeing an increase not only in attacks, but also in the methods used to attack. This week, a new family of malware was discovered exploiting Microsoft’s Graph API.
AI is revolutionizing industries at an unprecedented pace. But as organizations integrate AI into their workflows, they are encountering serious security risks. In fact, 97% of organizations using generative AI have reported security incidents. Traditional security tools are failing to keep up, leaving companies vulnerable to data breaches, adversarial attacks, and compliance risks.
In 2025, AI is the biggest advancement in cybersecurity and the talk of all tech-sperts. But as AI continues to develop, we are seeing a surge in not only the benefits, but also the risks of artificial intelligence.
Many security teams are still not aware of all the APIs in their landscape. Read the latest blog from FireTail to learn about the importance of API discovery and how you can discover all the APIs in your landscape today.
This blog post will answer questions such as: But where do APIs live? And how do they interact? What languages do they use?
The latest blog from the C-suite at FireTail attempts to answer the essential question: “Which is a bigger threat today - cloud misconfigurations or API vulnerabilities?”
Attackers used an attack method known as “crossbarking” via a malicious Chrome extension to inject custom code into the target’s Opera browser.
In a world of cyber risks, authorization is one of the most critical steps in an API security strategy. However, when it comes to authorization, the C-suite of FireTail believes it is better kept apart.
Microsoft Sharepoint recently patched vulnerabilities that highlighted the need for highly privileged user access to happen via secure APIs.
The latest update to FireTail’s platform introduces enhanced logging capabilities for API Gateway V1, offering detailed insights into request and response data, including headers, bodies, and additional metrics.
Technology Partnership Enables Mutual Customers to Reduce Cloud Risk and Enhance API Security.
Granicus, a platform offering government solutions including an efiling platform called eUniversa, was recently discovered to be vulnerable to outside attack.
Star Health suffered a massive data leak via API access. The personal information of millions of victims has been compromised, and worst of all, there may have been an insider who facilitated the breach.
Ecovac customers in Australia were startled when their vacuums began talking back to them, most notably using racial slurs. This was made possible through remote access and manipulation of the “smart” devices.
Researchers from DataDog recently discovered that hacker groups are targeting Docker Swarm, Kubernetes and SSH servers in one orchestrated attack using Docker API endpoint vulnerabilities.
Web application and service creation platforms rely on APIs for their functionality. However, one such platform, Versa Director, is vulnerable to API attacks and token theft.
Researchers found a new vulnerability that affects KIA systems and could allow anyone remote control over their vehicles using only a license plate.
APIs are everywhere and in every part of our lives. However, in recent years, attackers have been increasingly targeting APIs. So how do you secure an API, and whose responsibility is it?
APIs are used for everything, including dating apps. Feeld, a dating app targeted at multi-person relationships, recently faced an API vulnerability that exposed sensitive data, leaving users unsettled.
APIs can have many different types of security challenges, even those of tech giants such as Microsoft. In this blog, we’ll explore a recent vulnerability that affected Microsoft’s Azure API Management, and explore what that implies for the cloud shared responsibility model
In Wisconsin, nearly a million Medicare users’ personally identifiable information has been exposed as a result of the moveIT breaches of yester-year.
We are thrilled to announce that FireTail has been selected to compete in TechCrunch Disrupt’s prestigious Startup Battlefield 2024! Being part of this prestigious event is an honor and testament to the hard work our team has put into building a cutting-edge API security platform.
APIs can run almost anywhere, including any type of compute platforms and network infrastructure services on AWS. In this blog, we’ll go over the different types of compute platforms, network infrastructure services, and how they relate to your APIs and API security.
FireTail partnered with the Center for Internet Security (CIS) to create an API security community. The end result is the first draft of The CIS API Security Guide, reviewed by cybersecurity experts from around the world before its release. Read more here.
There is also a massive lack of awareness around APIs and API endpoints. Many developers buy 3rd party software packages without realizing that they contain a variety of APIs with their own unique vulnerabilities.
APIs are a shortcut to the data. They pass through quietly, creating a phantom attack path that flows through all the other layers of protection. And although cybersecurity has come a long way, there still aren’t controls to mitigate these risks.
Cloudflare released its latest Application Security Report, which contained some startling news. They found that nearly 7% of all web traffic is malicious. But what does this really mean?
Google Cloud Security released an updated Threat Horizons report containing information about the top security risks. Here are our notes from the report.
Some companies position privacy as a key value proposition of their products and services. But that may not always be as true as advertised.
A researcher at EvaSec recently discovered a vulnerability in the CocoaPods ecosystem that could potentially affect an undetermined (but huge) number of web users.
What happens when the system designed to authenticate you to your online accounts is vulnerable itself? Threat actors recently verified phone numbers for millions of Authy users via an unsecured API endpoint.
A new type of API attack has been discovered- and it’s particularly pernicious. The target? Exposed Docker APIs. The objective? Spreading cryptojacking malware.
When Jeremy and I founded FireTail in 2022, our mission was to improve API security for everyone. And that included ourselves.
Google probably didn’t want this to happen. The tech giant accidentally posted a whole host of sensitive internal documents to GitHub that partly detailed the way the search engine ranks web pages.
Let’s talk about a recent example of an API vulnerability that was exploited to gain access to data within the German government.
In this talk, Jeremy will cover key knowledge from the cybersecurity landscape for CISOs in 2024. Tune in to hear valuable insights and takeaways every CISO can apply in their own security posture today. API security is the cornerstone of strong cybersecurity for CISOs.
A lot of our API use happens at home, in places you might not even expect. What happens when these APIs are left vulnerable?
API security by design is all about breaking down how security considerations can be brought into the various stages of an APIs lifecycle and simplifying the API security process from the developers’ standpoint.
In February of 2021, Postman launched a public API platform where developers could collaborate to build software. Now in 2024, Postman has the largest collection of public APIs. Naturally, this makes it a prime target for attackers.
The Cambridge Analytica Data Scandal led to the collapse of the company, court cases and massive fines for Meta. It highlighted the massive impact that technology was having on society, politics and democracy. Now, almost a decade later, we take a look at how a poorly configured API started it all.
Based on trends in changing compute architectures, it seemed logical that Endpoint Detection and Response companies would shrink their overall install base. Instead, EDR has evolved into Extended Detection and Response.
Fintech is a growing industry, and with this growth comes data. With data - and the sensitivity of the data in financial services in particular - comes the need to implement security solutions effectively at scale. Thankfully, fintech providers can turn to many readily available solutions to increase their security posture and deliver better, more secure products at scale.
Open Banking can best be thought of as a “microservices” approach to banking. It's a powerful concept that enables porting from service to service, and allows consumers to integrate this data with other providers. APIs are at the core and effective API security is a must.
The reality is that failing to invest in a proven API security posture might save you dollars in the short-term, but can cost millions in the long-term. We take a look at how increasing regulatory oversight is leading to massive fines.
The modern web is more connected than ever before. The move from monoliths to containerization and microservice-based architectures means API security is a must. In this blog, we look at what it takes to build secure modern internet services.
Everybody is talking about AI right now. It's the hottest topic in tech. But few people are talking about the APIs that underpin these AI platforms. Here we look at why effective API security is a must for any organization who wants to harness the power of AI.
FireTail CEO Jeremy Snyder sits down with Philip Rees, CTO at Tidal Cloud to discuss the reasons, roadblocks and rewards of cloud migration as well as how Tidal Cloud uses FireTail to protect its API inventory.
At FireTail, we usually say that two or more things need to go wrong in order for attackers to be successful. So what went wrong with Spoutible's leaky API? Basically, everything.
Few technologies have become as ubiquitous in as short a timeframe as serverless computing. Serverless offers both benefits and downsides to API security. However, with proper knowledge of the best practices, we can reap these benefits while mitigating the threats.
FireTail CTO Riley found a web application vulnerability. He noticed when the app was open, and he had tools open, one of the requests was going to an API instead of a web application.
Jeremy Snyder, the CEO and Co-Founder of FireTail, talks to Teja Yenamandra of Gun.io about his entrepreneurial journey, insights on various tech trends and FireTail's mission to secure the world's APIs.
As we approach the end of the year, it's often the case that we look back and chat with colleagues about the highs and lows of the last twelve months. One such friend recently shared a story with us about the worst API they found in the wild during 2023. Could this be the worst API ever?
2023 has been a transformative year for the FireTail platform. Our engineering teams have delivered countless new features and capabilities that will help you to achieve true protection across all of your APIs. Here are some of the highlights…
FireTail CEO Jeremy Snyder hosts an insightful discussion with a panel of cybersecurity experts. Mikko Hypponen, Sounil Yu and Ted Julian shared their thoughts on the emerging threats and cybersecurity trends likely to shape the next 12 months.
Various APIs belonging to a data service are leaking their Git repositories, at a backend API which contain the APIs' source code.
When it comes to investigating and preventing API breaches, context is king. In this piece, we take a look at why application layer visibility is essential to effective digital forensics and incident response.
With an ever-changing threat landscape, increased regulatory oversight and a desire among authorities to hold individual executives accountable for data breaches, these are tough times for CISOs. And as APIs become the attack vector of choice for bad actors, it’s more important than ever to prioritize effective API security at your organization.
Unauthorized users could gain access to sensitive financial information via an application's API using the data leaked via Github.
SecOps Vision for 2024, powered by Techstrong Learn, gave industry professionals the opportunity to connect and share security strategies. FireTail CEO, Jeremy Snyder, was pleased to provide the assembled audience with insights into the importance of API security at the intersection of cloud and application security.
API security solutions focused on ML/AI pattern recognition analyze behavior ‘out-of-band’ to identify anomalies, reporting issues after the fact. Prone to false positives, this approach also means attackers will have some success before you learn from it. That’s not acceptable.
Gateways are great, but not for security. API gateways are useful when it comes to API management but they were never designed with security in mind. They can't actively monitor API traffic, they don’t see inside payloads or detect real-time manipulation. They won’t stop most API attacks.
Recently announced OpenAI changes mean users will be able to call any API. That’s great for business and the economy but a potential headache for security teams.
As they continue to rise in use, APIs are becoming a critical attack surface for ransomware groups.
While Web Application Firewalls, or WAFs, are often touted as a go-to solution for web app security, they frequently fall short – and in many cases, offer little more than an artificial sense of protection that is not backed by actual protection. But why isn’t a WAF good enough? Where do they fall short, and what is the better alternative? Let’s dive a bit deeper.
Since 2016, ECSO has been leading the way in European cybersecurity, building upon the foundation left behind by the Public-Private Partnership in Cybersecurity (cPPP). At FireTail, we are excited to be a part of this journey to bring even greater innovation to the European Cybersecurity landscape.
FireTail researcher Viktor Markopoulos discovered a vulnerability in a European Shipping Company’s APIs that allowed him to download internal files without authentication.
At FireTail, we are very pleased to announce that we have achieved SOC 2 Type 2 accreditation. This certification is an important milestone in our ongoing journey to ensure we adhere to the highest industry standards when it comes to data protection and cybersecurity.
APIs and Artificial Intelligence are two of the most important developments in tech of the last 10 years. In this post, we look at the dual impacts that connect these two hot topics that make our online worlds work.
Poorly secured APIs at Points.com resulted in serious vulnerabilities that could have exposed the loyalty programs of some of the world’s best-known airlines and hospitality brands.
FireTail is proud to announce our partnership with CYFIRMA, a leading provider of external threat management solutions.
During Defcon, a security researcher presented his findings from assessing a global transportation system, leveraging APIs.
A file transfer software called moveIT experienced a vulnerability starting in mid-2023 that created a mass breach across many organizations and geographies. The breach is started by injection against an API administrative endpoint, and data is exfiltrated via administrative API calls.
A recent advisory has highlighted the increasing threat posed by IDOR vulnerabilities. In this article, we explain Insecure Direct Object Reference (IDOR) attacks, explore their rise, and examine how these vulnerabilities impact API security.
There’s a big API security problem most organizations need to address. It’s the gap that emerges between application and security teams. Here we look at what it takes to keep application and security teams on the same page when it comes to APIs.
A cybersecurity maturity model (CMM) provides an effective framework for optimizing your security posture. But, when it comes to API security, even sophisticated organizations will find that they still have a lot of work to do.
Jeremy Snyder, founder and CEO of FireTail.io, a leading cloud security & cybersecurity company. Discover the crucial importance of API security in today's cloud-based world.
Jeremy Snyder introduces several best practices for securing APIs and the various apps that they connect with.
Jeremy Snyder talks about his experience with APIs, API security, and shares some tips, common mistakes, and more!
In this episode of the Ask a CISO podcast, we talk about threat modeling with guest Adam Shostack.
The sheer number of APIs presents a challenge when it comes to ensuring that they operate correctly, efficiently, and above all, securely.
In this episode of the Ask a CISO podcast, we talk about application security with guest Tanya Janca.
After a brief hiatus, we are back with Season 3 of the Ask A CISO podcast. There are quite a few things we are doing differently this season (details below), but first, let's welcome our first guest for the new season: Fausto Lendeborg, Co-Founder and Chief Customer Officer of Secberus, and learn more about his start in cybersecurity, DDoS attacks, dealing with alert fatigue, and understanding what IaC, SaC, and PaC are.
Join us on this episode of the Ask A CISO podcast as we discuss AI and ML in cybersecurity with Diana Kelley, CISO and co-founder of Cyberize. With International Women's Day in a week, we also look at the challenges of recruiting women and diversity in the tech sphere.
As attackers become more knowledgeable about different APIs, they can exploit these weaknesses to gain access to sensitive information or execute malicious code on vulnerable systems.
On this podcast episode, we learn about mobile security from Amit Modi, the Chief Technology Officer (CTO) and CISO of Movius Interactive Corporation, a leading global provider of cloud-based secure mobile communications software. The company helps enterprises deliver better engagement for their clients., and connect with their customers in more convenient, cost-effective, and compliant ways.
On this episode, we had the opportunity to speak to Tyler Young, the CISO at BigID, a leading modern data security vendor that helps organizations with their data security, privacy, compliance, and governance.
In this last episode, we speak to our CEO, Paul Hadjy, Natasha, and Adi from our Indonesia office, Raphael Peyret, Vice-President of Product, and our US host, Jeremy Snyder, about their experience hosting the podcast.
Veteran cybersecurity professional and our U.S.-based host Jeremy Snyder sits in the guest seat this week to talk about his new startup, FireTail.io, a company that offers simple yet effective API security.
Host Evgeniy Kharam of the Cyber Inspiration podcast invites Jeremy Snyder on to speak about his experience as FireTail CEO.
Sounil Yu, the bestselling author of The #Cyber #Defense #Matrix, joins host Jeremy Snyder this week to talk about his book, and what we could all learn from it.
This week, we are joined by Mikko Hypponen, bestselling author of If It's Smart, It's Vulnerable.
In this episode, we are joined George Finney, author of Well Aware and Zero Trust.
Jeremy Snyder, Founder and CEO of FireTail.io joins Reece and Nelson to chat about the integral role that strong authentication plays in API security.
We speak to Harlan Carvey, Senior Incident Responder in R&D at Huntress, to understand what threat hunting is, and even learn how surprisingly easy it is to tell if an account has been compromised!
Dan Lohrmann, award-winning CISO, keynote speaker, mentor, columnist, and bestselling co-author of the book Cyber Mayday and the Day After joins us this week to talk about cybersecurity.
Jeremy Snyder spoke with Dave Sobel of the Business of Tech Podcast about why IT Security Spend is not a tax
Dr. Chase Cunningham is Chief Strategy Officer at Ericom Software, a company that provides web isolation and remote application access software to businesses.
By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
.png)
.png)
%20(1).png)
%20(2).png)
.png)
