As APIs become the digital backbone of every modern application, security teams face an uncomfortable reality: traditional protection tools aren’t keeping pace with evolving threats. The visibility gaps between development and production environments leave organizations exposed to misconfigurations, shadow APIs, and compliance risks that can prove devastating.

Akamai’s latest API security platform expansion directly addresses these blind spots with three significant additions that promise to transform how organizations approach API protection from development through runtime.

From Traffic Symptoms to Code Root Causes

The core innovation in Akamai’s expanded platform centers on a fundamental shift in API discovery methodology. Traditionally, security teams have relied on traffic analysis to build API inventories—a reactive approach that only reveals “symptoms” of potential issues.

“The number one way for you to understand and build your inventory of APIs has been from traffic,” explains Stas Neyman, Director of Product Marketing at Akamai. “What traffic gives you is what I would call a set of symptoms. You see vulnerabilities in traffic, but what developers actually want is the root cause—issues in the code itself.”

The new code repository scanning capability allows security and development teams to scan GitHub repos directly, finding API specifications and examining code to spot risks before deployment. This proactive approach maps traffic-based discoveries to specific repositories, code lines, and API owners, drastically reducing mean time to remediation.

“Now we give you context—like what’s wrong, what you need to do to fix it, and where to find the problem,” Neyman adds. “This is how you get to the next level of DevSecOps and build better communication between security teams and development teams.”

Managed Security for Resource-Constrained Teams

The second major addition addresses a critical resource challenge facing many organizations: the lack of specialized API security expertise. The new Akamai Managed Service for API Security provides 24/7 monitoring and expert response capabilities, essentially extending customers’ security operations centers with dedicated API security professionals.

“A lot of companies are actually struggling with limited cybersecurity resources—and specifically, expertise,” Neyman notes. “APIs have been around for some time. They have their own quirks. They have their own dedicated risks.”

The managed service includes real-time monitoring, incident investigation, and guidance on threat response. For organizations without the resources to build in-house API security teams, this approach offers immediate protection while allowing them to develop internal capabilities over time.

“We become a complete extension of your SOC team,” Neyman explains. “Experts become part of your team—they’re on 24/7, monitoring your environment, looking at what’s coming, assessing the risk.”

Compliance Simplified Through Centralized Dashboards

The third component tackles the increasingly complex compliance landscape with a centralized dashboard supporting over 10 regulatory frameworks, including PCI DSS, GDPR, HIPAA, and the emerging DORA regulation.

“The funny thing about compliance is that it never gets easier—and it doesn’t go away,” Neyman observes. “It seems like every year there’s a new regulation, a new mandate, and new rules added to existing regulations.”

The compliance dashboard provides a unified view of how APIs measure against various security and privacy standards, enabling teams to sort issues by impact and risk while providing specific remediation guidance.

Beyond Traditional Endpoint Protection

What distinguishes Akamai’s approach from crowded API security market is the comprehensive inventory methodology. The platform aggregates information from five different sources: source code, API traffic, uploaded specifications, infrastructure code configurations, and inline components like WAFs or API gateways.

“In order to build the most comprehensive inventory, you’ve got to have all five,” Neyman emphasizes. “Two hands are better than one—well, five sources of information about APIs are better than one, two, three, or even four.”

This multi-source approach enables the platform to build rich context around each API, including deployment locations, sensitive data handling, authentication controls, web page interactions, and ownership information.

Behavioral Analysis for Business Logic Protection

Perhaps most importantly, Akamai’s platform addresses the limitation of traditional security tools when it comes to business logic attacks. While WAFs and API gateways see business logic abuse as normal traffic, Akamai builds behavioral baselines for each API to detect anomalous activity.

“We build a baseline for each and every API—like, this is what typical behavior looks like,” Neyman explains. “When we see something anomalous or abnormal—a spike in requests, for example—well, why would someone suddenly start pinging this API so much? That raises the risk level.”

The platform recently detected an attack where an API’s error codes inadvertently revealed whether user accounts existed, enabling attackers to validate stolen email addresses before attempting credential stuffing attacks. Such business logic vulnerabilities are nearly impossible to detect without behavioral monitoring.

AI-Era Security Considerations

Looking ahead, Akamai is positioning API security as foundational to protecting AI-powered applications. The company recently released capabilities to identify APIs interacting with large language models and generative AI applications, feeding this intelligence into their Firewall for AI product.

“Without us, the firewall wouldn’t know what to protect,” Neyman notes. “We feed in that information and say, ‘Hey, these 10 APIs are super important—they interact with LLMs. Put the guardrails on these.'”

As autonomous systems and agent-to-agent communications become more prevalent, the comprehensive API visibility and behavioral analysis capabilities become even more critical for maintaining security posture.

The Path Forward

Akamai’s expanded API security platform represents a maturation of the API security market, moving beyond simple discovery toward comprehensive protection that spans the entire development lifecycle. By bridging the gap between security and development teams, providing expert guidance for resource-constrained organizations, and addressing the complex compliance landscape, the platform positions itself as more than just another security tool.

For organizations struggling with API security blind spots, the combination of code-level visibility, managed expertise, and compliance automation offers a path toward more robust protection in an increasingly API-driven world.

The question for security leaders isn’t whether APIs need better protection—it’s whether their current approach can keep pace with the evolving threat landscape and growing regulatory requirements.

Akamai Tackles API Security’s Biggest Challenge: Bridging the Gap Between Code and Production

The Real Building Blocks of AI Governance

OpenSearch Foundation Reports 46% Contributor Surge as Platform Powers Next-GenAI Applications

The Real Building Blocks of AI Governance

OpenSearch Foundation Reports 46% Contributor Surge as Platform Powers Next-GenAI Applications

You may also like

Near-Zero Downtime Patching With HA Clustering: Dave Bermingham, SIOS Technology | TFiR

AI Infrastructure Complexity Is Costing Enterprises Millions—Mirantis Has a Fix | TFiR

Why AI Agents Fail on Real Business Data | Michel Tricot, Airbyte | TFiR

Why anynines Rewrote Stratos UI from Scratch: CF AppStage on Cloud Controller v3 | Julian Fischer

Your AI Agents Are a Security Risk Until They’re Managed: Michael Schmid, amazee.ai | TFiR

Why Enterprise Automation Keeps Failing — And How Kognitos Is Fixing It With Neurosymbolic AI | TFiR