More Generative AI Tools, More APIs, More Problems

According to the survey, 40% of the respondents reported that over half of their company was vulnerable to attacks through third-party APIs
Listen to this story

A lot has transpired within a span of just a few months – that’s the speed of AI for you. From tech that seemed gimmicky at first, generative AI tools have made AI infrastructure more accessible. What seemed far-flung from mainstream society is now cheap, fast and easy to build for developers across the spectrum. Several startups have either cropped up or pivoted to building platforms anchored around these open-source and closed-source models from companies like OpenAI

Survey conducted to judge the importance of APIs, Source: DEVOPSdigest

Rise in APIs

Important LLMs like OpenAI’s GPT-3 and other foundational models like Stable Diffusion have been made commercially available via API across applications. As the need for connected software increases, APIs have become ubiquitous. 

APIs first came about in the early 2000s when companies like Salesforce, Amazon and eBay developed their own APIs for their developers to access. Up until a few years ago the usage of APIs escalated as the world became more digital. What we are witnessing now is another wave of AI applications, which will result in SaaS companies being focused around generative software, pushing the application of APIs over the edge. 

The interface of Stable Diffusion available with the option to run with API

API-related attacks

By the second half of the 2010s, MIT research fellow Marshall Van Alstyne published work around business platforms and how companies that used APIs showed 12.7% more growth in their market capitalisation within a four-year time period as compared to companies that did not adopt APIs. 

But as the possibilities grew, so did the threats related to API abuse. In 2019, Gartner predicted in a report that API hacks would eventually become the most commonly found type of cyberattacks by 2022. The prediction has unfortunately come true. Salt Security conducted a survey among 200 enterprise security officials and concluded that 91% of companies reported API-related security issues last year. The study stated that around 56% of organisations experienced between 10 and 55 attacks each month while 22% faced between 51 to 200 API-related attacks each month. 

The report titled ‘Salt’s State of API Security Q1’ also mentioned that malicious API calls increased on a monthly per-customer basis from 2.73 million in December 2020 to 21.32 million in December 2021. API protection platform Salt has Web Application Firewalls that almost every API gateway was able to cross. 

Best automated API testing tools in 2022, Source: Katalon

Need for API security 

A more recent survey, by Radware, noted that organisations are now grappling with sustaining security across platforms. According to the survey 40% reported that more than half of their company was vulnerable to attacks through third-party APIs. 

But an API is only as good as its security. The danger of these increasing number of attacks indicate that companies that see the value behind APIs must also see the value behind adopting API management platforms. The recent history of API attacks on enterprises attest to this. 

In April, the Microsoft 365 Defender Threat Intelligence Team revealed that they had discovered a ‘low volume’ of attempts to hack its cloud services via Spring4Shell, an application framework for Java

Source: Salt Security report

Last year, LinkedIn suffered from a data breach that exposed over 92% of user profiles including their full names, email addresses and passwords. Investigation showed that the hacker had breached LinkedIn’s database through their open authentication-free developer API and scraped through the LinkedIn database, which eventually landed up for sale on the dark web. The data breach questioned how endangered social media platforms were owing to a failure to check security of third-party vendors. 

Mobile payment service Venmo exposed details of over 200 million subscribers via its API. The PayPal-owned payment application had made their data accessible because they offered a public API that was set as its default. This allowed hackers to download the data containing the names of senders, descriptions of the transaction memos and the transaction values. 

HubSpot, another prominent CRM tool, reported a data breach in mid-March that affected more than 1.6 million users, emails and associated contact numbers of accounts of the company’s internal customer support portal. HubSpot later revealed that its internal systems had been compromised and a portion of its internal systems accessed. Moreover, a few customer accounts in the cryptocurrency industry, including NYDIG, Swan, and BlockFi, were tampered with by an insider.

Download our Mobile App

Poulomi Chatterjee
Poulomi is a Technology Journalist with Analytics India Magazine. Her fascination with tech and eagerness to dive into new areas led her to the dynamic world of AI and data analytics.

Subscribe to our newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day.
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

Our Recent Stories

Our Upcoming Events

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox