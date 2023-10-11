It is hard to go anywhere in the security profession these days without the topic of artificial intelligence (AI) coming up. Indeed, AI is a popular topic. Like many popular topics, there is quite a bit of buzz and hype around it. All of a sudden, it seems that everyone you meet is leveraging AI in a big way. As you can imagine, this creates quite a bit of fog around the topic of AI. In particular, it can be difficult to understand when AI can add value and when it is merely being used for its buzz and hype. Beyond buzz and hype, however, how can we know when AI is being leveraged in a useful way to creatively solve problems? In my experience, AI works best when applied to specific problems. In other words, AI needs to be carefully, strategically, and methodically leveraged in order to tackle certain problems that suit it. While there are many such problems, API security is one such problem that I’ve experienced AI producing good results for. Let’s take a look at five ways in which AI can be leveraged to improve API security: API discovery: AI can be leveraged to study request and response data for APIs. Behavioral analysis can be performed to discover previously unknown API endpoints. Once discovered, these previously unknown APIs can be included in asset inventory, asset management, security policy, and security monitoring activities. In this way, API discovery is an important contributor to overall API security. Schema enforcement/access control: As AI studies request and response data for APIs, there are other benefits beyond API discovery.

