By API security is no longer just about defending traffic—it’s about defending code. That’s the message from Akamai’s latest API Security release, which introduces three tightly integrated features designed to help security and development teams find, understand, and fix API risks earlier in the lifecycle.
In a conversation with TFiR, Stas Neyman, Director of Product Marketing at Akamai, detailed the key capabilities: a fully managed API Security service, a compliance dashboard, and a GitHub-integrated code scanning tool. Together, these tools address a major challenge: the visibility gap between runtime traffic and source code.
📹 Going on record for 2026? We're recording the TFiR Prediction Series through mid-February. If you have a bold take on where AI Infrastructure, Cloud Native, or Enterprise IT is heading—we want to hear it. [Reserve your slot
A Fully Managed API Security Service
Neyman describes Akamai’s new managed service as “the most comprehensive” offering built specifically for API security. It combines real-time traffic monitoring with expert incident response and proactive guidance.
“Enterprises need help catching threats early and cutting API risk,” he explained. “This service gives them just that—with both machine intelligence and human expertise baked in.”
A Compliance Hub for API Ecosystems
The second component is a compliance dashboard that gives security and compliance teams a centralized, always-on view of how APIs align with standards like PCI-DSS, GDPR, and others. It simplifies audit preparation and helps organizations reduce compliance risk across increasingly complex API environments.
“Think of it like a compliance hub,” said Neyman. “You can instantly check how your API stack aligns with 10+ key standards.”
Scanning the Codebase for API Risk
But perhaps the most transformational update is Akamai’s new code scanning capability. It allows teams to scan code repositories—like GitHub—for API specifications and identify security risks before they generate any traffic.
Historically, most API discovery tools relied on traffic analysis. But that model only captures APIs that are already active and exposed. Neyman highlighted the flaw in that approach: “Traffic gives you symptoms. But what developers want is the root cause.”
By mapping traffic-based vulnerabilities back to their originating code line and repository, Akamai helps bridge the gap between operations and development. This shift enables security issues to be discovered and addressed much earlier in the software delivery cycle.
Fixing Earlier, Fixing Cheaper
Neyman emphasized how the new release aligns with modern DevSecOps practices. Instead of tossing security tickets over the fence, Akamai now gives developers full context—what the issue is, where it lives in the code, and how to fix it.
“You drastically reduce mean time to remediation,” he said. “Fixing issues closer to the source is not only faster—it’s much cheaper than fixing them in production.”
A Better Path to DevSecOps Maturity
Ultimately, Akamai’s new API Security capabilities aren’t just about features—they’re about enabling a new way of working. By combining runtime intelligence, compliance insight, and static code analysis, Akamai provides a platform that brings security and development together under one roof.
“You discover all your APIs—external, internal, dormant, undocumented—you name it,” said Neyman. “And you get to fix problems with context, not just alerts.”
This release positions Akamai as a leader in API posture management and a major enabler of the next generation of secure software development.
