API security provider Cequence has added new large language model (LLM) threat detection and management capabilities along with some fresh integrations for API discovery on its Unified API protection (UAP) platform.
The revamped platform will now offer additional protection by testing for OWASP LLM Top 10 Threats, AI app vulnerabilities, visualizing API traffic, boosting third-party API security, and autonomously detecting AI bot threats, according to the company.
“Cequence’s Unified API Protection (UAP) platform secures organizations against the growing API attack surface, including the threat of sophisticated bots,” Ameya Talwalkar, chief executive officer at Cequence Security. “By automating API management, customizing security testing, and leveraging advanced threat prevention, Cequence empowers organizations to defend against fraud, data breaches, compliance risks, and bot attacks, while minimizing operational overhead.”
The enhancements are already available to customers with their existing UAP subscriptions.
Adds GenAI and AI bots protection
With the upgrades, Cequence’s UAP will now feature a test suite to evaluate applications using Large Language Models (LLMs) against the OWASP LLM Top 10 threats. This means the advancements will protect organizations looking to deploy LLM applications against threats like prompt injection, insecure output handling, training data poisoning, model denial of service, supply chain vulnerabilities, sensitive information disclosure, insecure plugin design, excessive agency, overreliance, and model theft.
“We identified indirect prompt injection vulnerabilities in several popular generative AI applications,” Talwalkar said. “While standard prompts yielded no response, malicious prompts successfully extracted additional information from the AI systems.”
Melinda Marks, senior analyst at ESG Global, thinks this is an important capability for an API and bot security provider which justifies several industry players adopting OWASP top 10 protection recently. “Other vendors in the API security space, such as Salt and Traceable, have added capabilities to address ensuring data protection with usage of AI,” Marks said. “Traceable also has testing capabilities for the OWASP LLM top 10 and capabilities to detect and block attacks. Noname is another key player in API security, and we can expect some similar capabilities as it has been acquired by Akamai to bring more network visibility to detecting and blocking API threats.”
Additionally, Cequence has added automated detection and blocking of AI bot activity without user configuration in a bid to enable security teams to effectively manage and mitigate AI bot-driven threats against exposed content.
Integrations for API discovery
Cequence has also made new integrations to help security teams identify hidden APIs and discover and manage all API gateways and infrastructure. The integrations made include F5 High Speed Logging (HSL), Citrix ADC Content Inspection, and WSO2 API Gateway.
“Cequence’s UAP platform offers advanced API discovery and mapping capabilities to ensure comprehensive security coverage,” Talwalkar added. “By automatically identifying all API gateways and infrastructure, including those on cloud platforms like AWS and Azure, the platform eliminates blind spots often associated with traditional security tools.”
API discovery, according to Marks, is a significant challenge in API security and the new enhancements and integrations Cequence now has will help secure its customer data effectively. “Visibility is still a big issue as organizations face challenges identifying APIs,” Marks added. “This is because developers may quickly build applications without properly documenting the APIs they create. There are also often cases of zombie APIs, which are deprecated or abandoned APIs that may still be operational. So organizations need to detect these APIs and determine whether to bring them into management, block them, or eliminate them.”
To further strengthen API visibility, Cequence has added a new “Flow graph” which is aimed at delivering an end-to-end API flow, enabling personnel to take action on malicious flows. These are useful updates to Cequence’s UAP to provide a complete API security solution, including API discovery and tracking, testing, compliance, and threat detection, with new features to address AI adoption which can further proliferate APIs and the attack surface, Marks noted.