90% of APIs Unsafe for AI Agents, Warns Security Expert

A shocking 90% of company APIs are not ready for AI agents, creating a huge security risk. This is much higher than previously thought.
By Newsroom | Technology, Security |

A significant portion of enterprise APIs, estimated at 90%, are unmanaged and lack the necessary security structures to safely interact with advanced AI agents. This gap is becoming glaringly obvious as organizations rush to implement artificial intelligence, creating a burgeoning 'API debt' that threatens security.

The core issue lies in the fundamental design of many existing APIs. They were built with the assumption that a human developer would be on the other end, a process inherently involving judgment and validation. Modern 'agentic AI' operates differently. These AI systems can discover and utilize APIs without the built-in human checks, potentially accessing sensitive data or triggering unintended actions. This bypasses existing security layers designed for human interaction.

The challenge extends beyond just undocumented or 'shadow' APIs. Even managed APIs may not be equipped for agentic consumption. Key areas requiring attention include:

Read More: Mozilla Stops Pocket App, Keeps Technology for Firefox

  • Secure Design: Building APIs that can operate safely without human judgment.

  • Access Controls: Establishing robust role-based access control (RBAC) frameworks tailored for agentic workflows.

  • Lifecycle Testing: Implementing automated API testing throughout the entire development and operational lifecycle, not just at the build stage.

Broader Industry Concerns Around Data Exposure

Beyond API management specific to AI agents, the broader landscape of data security, particularly within Software-as-a-Service (SaaS) environments, remains a focal point. Discussions highlight that data exposure in SaaS is rarely due to a single point of failure. Security practitioners are increasingly focused on defending SaaS applications against sophisticated threat actors, examining vulnerabilities and misconfigurations that can lead to scattered data exposure.

Financial Services Grapples with Agentic AI

The financial sector, in particular, is navigating the implications of agentic AI. Upcoming analyses and current discussions point to the convergence of AI in areas like financial crime mitigation and credit risk. Banks are exploring how to embed intelligence to improve processes such as account opening, balancing speed and security against digital-first challengers. The role of AI in safeguarding against fraud and enhancing compliance is a critical, evolving theme.

Read More: Balochistan train blast causes fear, disrupts travel

Frequently Asked Questions

Q: What is the main security problem with APIs and AI agents?
About 90% of company APIs are not managed well and don't have strong security for AI agents. This is a big risk because AI can use them without human checks, possibly accessing sensitive data.
Q: Why are APIs not safe for AI agents?
Many APIs were built assuming a human would use them, with built-in judgment. AI agents work differently and can find and use APIs without these human checks, bypassing security layers.
Q: What needs to be done to make APIs safe for AI agents?
Companies need to design APIs to be safe for AI, set up better access rules for AI, and test APIs automatically throughout their life.
Q: What are the wider concerns about data security with AI?
Data leaks in cloud services often happen through many small problems, not just one. Experts are looking at how to protect cloud apps from smart attackers who find weak spots and mistakes.
Q: How is the financial industry dealing with AI agents?
Banks are looking at using AI to fight financial crime and check credit risk. They want to make things like opening accounts faster but still safe, especially when competing with digital banks.