Traceable AI Enhances API Security Platform


By: Mary Jander

Traceable AI, a San Francisco startup specializing in security for application programming interfaces (APIs), has enhanced its platform with new capabilities for tracking and preventing threats. At the Black Hat conference this week in Las Vegas, the company will demonstrate enhancements that help in identifying malicious API bots, API abuse and fraud, and account takeovers.

The startup’s goal is to make its take on API compromises as granular as possible. The Traceable AI platform can, for instance, now track sensitive data as it flows through APIs, along with tracking the behavior of APIs, users, and devices. It can establish a baseline of normal API and user behavior. And it can categorize users according to their role in an application -- some might be classed as partners, others as data owners, and some as threat actors, the vendor says.

Enhancements also include the ability to identify API anomalies relative to specific types of data, such as loyalty point counters, gift cards, and other kinds of customers credits. In addition, the platform has been enhanced with the ability to organize custom datasets in order to keep data more secure. And sensors have been added to detect a range of bot types typically used to compromise APIs.

Upping the API Security Ante

All of this points to the priority companies are placing on API security – importance measurable in the number of startups clamoring in this space, including Ghost Security, Cequence, and 42Crunch, to name just a few. As well, the market growth is evident in the investors backing it: Traceable AI, for instance, garnered $60 million in Series B funding back in May 2022, bringing its total raised to $450 million. Competitors also have been raking in the cash, even in a subdued venture market: At the end of 2021, Noname Security scored $135 million in Series C funding, giving it a $1 billion valuation. And in February 2022, Salt Security raised $140 million in Series D funding, bringing its valuation to $1.4 billion.

All of which points to the expanded threat landscape associated with today’s microservices-based, cloud-enabled applications. Data on the trend abounds: A recent survey report from Salt Security showed that among 350 Salt customers, API usage had increased 82%, from an average of 89 APIs used in July 2021 to over 162 in July 2022. API traffic also grew 168%. At the same time, 94% of respondents acknowledged they have had security issues with their APIs, with nearly one-third reporting data exposure or privacy compromises.

"APIs are the largest attack vector for data loss, business logic abuse and fraud in nearly every industry," stated CTO and co-founder of Traceable AI, Sanjay Nagaraj, in today's release. "Organizations are seeing more APIs being abused for account takeovers, manipulate inventory or prices, fraud in referral or digital payments or exfiltrate sensitive data such as social security numbers and banking information.”

In this environment, we can expect to see companies such as Traceable AI continue to home in on ever-more-specific and targeted ways to analyze and trace API behavior.