Traceable

In academia, students are often reminded: “Look to your right and then to your left. Not everyone will make it through.” This resonates deeply in cybersecurity, where the stakes are just as high. Success demands discipline, focus—and the ability to learn from the past. Richard Bird, our Chief Security Officer, brings decades of experience to this evolving landscape. Known as an “anthropologist and archaeologist of technology,” Richard travels the world uncovering insights to help organizations address critical security challenges. Key Insights from the Article: 🕵️♂️ Unseen API vulnerabilities: Many companies can’t answer basic questions about their APIs, leaving significant security gaps. 🤖 AI adoption risks: As organizations increasingly rely on AI, the risks of data exposure and misuse are growing exponentially. ⚡ Evolving threats: The speed of modern cyberattacks demands innovative, forward-looking security solutions. Richard warns that AI-driven cyberattacks are just around the corner, and preparation is key. “If the answer to a critical security question is ‘I don’t know,’ bad things happen,” he notes. Read more here: https://bit.ly/49ecJY3

API drift—the misalignment between an API’s functionality and its documentation—is a subtle yet impactful issue that can disrupt developer productivity, client trust, and operational workflows. But addressing API drift doesn’t have to be daunting. As Rajesh Kamisetty explains: “It’s worth giving it a shot to see for yourself if it works or not. He suggests creating a drift index to quantify the amount of drift and establishing SLAs to address drift. Machine learning, such as through products like Traceable, can also help construct a schema and normalized endpoints that can be compared to an API specification, he says. Using versioning and automatically validating the specification against endpoints and payloads can also help mitigate drift." By adopting tools and practices like these, organizations can detect, quantify, and resolve drift before it becomes a larger issue. Ensuring APIs stay aligned with their specifications enhances both internal efficiency and external trust. How is your team approaching API alignment? Read the whole article here: https://bit.ly/3Z3PDyR

The latest coverage of Traceable’s 2025 Global State of API Security Report comes from Security Buzz, spotlighting why API security is an urgent priority for organizations today. Our research reveals alarming statistics: ➡️ 57% of organizations experienced an API-related data breach in the past two years. ➡️ Of these, 73% suffered three or more incidents. The risks are evolving rapidly: 🤖 Generative AI is driving a surge in API usage, with 65% of companies viewing it as a serious threat. ⚙️ Bot attacks are targeting sensitive data and login credentials, reported by 53% of organizations. 💳 API fraud is now the second most common cause of API breaches, leading to financial theft and account takeovers. Read the full article here: https://bit.ly/413C1pL

ICYMI: Richard Bird, Traceable’s Chief Security Officer, was interviewed at GovWare Singapore, and says it’s time to rethink how we protect our data. The cloud and Layer 7 have fundamentally changed the industry's approach to security, Bird said. "What we have to do, particularly those that have been in the industry for a long time, is begin to question our own assumptions and begin to question our own experiences, to say, 'Are the patterns that we see similar to what we've seen before? Are there differences?' And the acknowledgment of the differences is the most important piece." The shift toward cloud-based infrastructure has particularly affected the financial services sector, where traditional security measures such as web application firewalls and content distribution networks are falling short. These legacy tools lack the contextual awareness and intelligence needed to safeguard modern payment systems and emerging financial technologies. Watch the full interview here: https://lnkd.in/ekGecBjN

Recently, critical vulnerabilities were discovered in ownCloud, a popular platform for file storage, sharing, and collaboration. These issues allowed unauthorized access to sensitive information, tampering with oAuth parameters, and even manipulation of user files. Here’s what happened: 🔑 Admin credentials and license keys were exposed. 🔗 oAuth tokens could be redirected to attacker-controlled domains. 🗂 User files were at risk of unauthorized tampering. ✅ ownCloud has released patches. Upgrade your systems immediately to ensure your data is secure. Read the full analysis here: https://bit.ly/4fUybDM Reminder: When building with third-party APIs, always validate their security standards—or treat them like untrusted input. Vulnerabilities like these underscore the importance of safeguarding APIs, as highlighted in the OWASP API Top 10 under "Unsafe Consumption of APIs."

Unleash Your Inner Ethical Hacker! ⚔️ 🗓 When: Thursday, November 21 at 9am PT 🎓 Why Attend: Learn actionable API security techniques and earn your API Masterclass Certificate by completing the series. This live session is for security pros, developers, and hackers who want to sharpen their ability to uncover and secure APIs. Topics include GraphQL introspection, uncovering RESTful CRUD APIs, and more advanced techniques to help you stay ahead of attackers. What you’ll learn: 🔍 Where APIs are typically located in applications, covering major API types 📖 Techniques for API reconnaissance: introspection, Swagger files, and developer docs 🛠 Tools and techniques for uncovering hidden endpoints ⚠️ How to identify APIs that are most likely vulnerable to attack Meet Your Expert Guide: Dr. Katie Paxton-Fear, a leading authority in API security, will walk you through the strategies to discover, test, and secure APIs—even when visibility is limited. 👉 Register here: https://bit.ly/490sbH9

Our recent 2025 State of API Security Report reveals a concerning trend: 57% of organizations faced at least one API-related breach in the past two years. 😭 Why are breaches on the rise? 📈 Increased API usage: APIs are everywhere, and security often struggles to keep up. 🤖 Evolving threats: Attackers are using automated tools and bots, making it easier to exploit API vulnerabilities. 👀 Visibility gaps: API sprawl and shadow APIs make it challenging for teams to secure every endpoint effectively. For a closer look at API security trends, access the full report: https://bit.ly/48wAjin

Our latest State of API Security report reveals alarming gaps in API security across industries, with many organizations unaware of the potential threats they face. As APIs now drive essential digital services, the importance of securing these gateways has never been more critical. Richard Bird, Chief Security Officer at Traceable, emphasizes the need for immediate action: “APIs are essentially the foundation of our digital economy today. Without robust security measures, businesses are exposing their most sensitive data through these ‘invisible’ doors, often without even realizing it. The time for companies to get serious about API security is now, before a breach puts both their data and reputation at risk.” Our findings are a call for organizations to prioritize API security as a core element of their digital strategy. Read the coverage from Hosting Advice here: https://bit.ly/3CD5T1W

Delta Airlines and cybersecurity provider CrowdStrike are locked in a high-stakes legal battle following the July IT outage that disrupted over 7,000 Delta flights. Delta has accused CrowdStrike of negligence due to a flawed update that triggered massive disruptions across industries, hitting airlines particularly hard. However, CrowdStrike counters that Delta’s response time and aging tech infrastructure were the real issue, sparking a back-and-forth blame game that has now escalated to the courts. Traceable's Richard Bird shared his take in CPO Magazine on this ongoing dispute. "Delta’s lawsuit against Crowdstrike feels like a 'self-own' once you dig into the details. Every solution provider and customer agrees to liability terms when they agree to work together. Delta isn’t pursuing a contract remedy here – they are calling Crowdstrike negligent when it is clear in their own court filings that Crowdstrike was a catalyst and the root cause for the outage was antiquated technology and a completely non-functional business recovery plan. Delta failed when it came to resiliency and would have at some point with or without Crowdstrike’s help." Get the full story here: https://lnkd.in/eyF3HAPi

Neobanks’ selfie-based KYC is under attack. Criminals are exploiting easy workarounds to create fake accounts and bypass verification. Key Takeaways: 📸 Selfie Verification Loopholes: Fraudsters use virtual cameras and emulators to upload fake selfies and create fake accounts, sidestepping standard KYC checks. 🔐 Generative AI's Role: AI is making it easier for attackers to create realistic-looking photos and videos, but it leaves telltale signs—for now. 🔍 Beyond Identity Verification: Stopping fraud isn't just about KYC; it requires ongoing transaction monitoring, account freezing for suspicious activity, and behavioral tracking to detect threats in real time. 👉 Bottom Line: As generative AI and fraud tactics advance, app-based banks need to strengthen their defenses. Relying on selfies alone isn’t enough—it's time to prioritize dynamic, behavior-based security. Read the blog here: https://lnkd.in/gJiN8Qgm