Pay Attention to the Intersection of API Security and AI Proliferation
The integration of artificial intelligence (AI) technology into applications and services is growing, and with it comes a greater reliance on APIs for AI operations. What does this mean for an organization’s security posture?
Here, Security magazine talks with Rupesh Chokshi, Senior Vice President and General Manager of Akamai’s Application Security portfolio, about the intersection of API security and AI proliferation.
Security magazine: Tell us about your background and career.
Chokshi: As Senior Vice President and General Manager of Akamai’s Application Security portfolio, I lead product management, engineering, threat research, and go-to-market strategies for cybersecurity solutions like App & API Protector, API Security, Bot & Abuse Protection, and Client-Side Protection & Compliance.
Before Akamai, I held executive roles at AT&T, where I launched transformative software-defined networking and security products that earned widespread industry recognition. I also led Alien Labs Open Threat Exchange, advancing crowdsourced threat intelligence to better protect organizations globally.
My passion lies in delivering intelligent security solutions that make customer environments safer, more resilient, and better equipped to counter evolving cybersecurity threats.
Security magazine: Can you explain what the intersection of API security and AI proliferation means?
Chokshi:
Every AI-powered application and service relies on APIs to access and integrate data from various sources. As AI adoption grows, so does API usage — often exponentially. A single application usually utilizes multiple APIs, making them essential yet vulnerable points of access. With sensitive data flowing through APIs, they’ve become prime attack vectors.
Attackers can also use AI to find API vulnerabilities faster. Tools like AI-powered fuzzers automate testing for weak authentication or improper configurations.
On the other hand, AI is a powerful ally in API security. It augments workflows, identifies anomalous behavior, and enables faster detection and responses. This is the intersection of where both risk and opportunity coexist.
Security magazine: Why should security leaders pay attention to the intersection of API security and AI proliferation?
Chokshi:
AI empowers both attackers and defenders, creating a rapidly-evolving threat landscape. Securing APIs is no longer optional; it’s a business imperative. Effective API security ensures the protection of sensitive data, compliance, and resilience against AI-driven attacks, while leveraging AI-based tools can strengthen API defenses.
So, API security is a necessity in the age of AI. Large companies might excel at incorporating security into their products, smaller startups often prioritize innovation over security, so proceeding with caution is a must.
Security magazine: What are some best practices for balancing API security and AI usage within an organization?
Chokshi: You can’t protect what you can’t see. Start with discovery to gain clear visibility into AI-related APIs. Know what data they access, how they’re configured, and their security posture.
From there, organizations should implement robust authentication, data encryption, and API security solutions to prevent misuse.
API security tools that use AI can be extremely efficient at real-time monitoring, anomaly detection, and API inventory management. And, regularly auditing APIs can mitigate risks without hindering AI innovation.
Security magazine: Anything else you’d like to add?
Chokshi:
API security isn’t optional in the age of AI —
it’s essential. Akamai’s research highlights a growing disconnect: while many organizations treat API threats as emerging risks, the data tells a different story. The growing financial and operational stress on security teams proves that the impacts are already here. To have a comprehensive security strategy, the time to prioritize API security is now.
