Salt Security has announced its artificial intelligence (AI)-powered knowledge-base (KB) assistant, Pepper, which aims to streamline security efforts. In this episode, Eric Schwake, Director of Cybersecurity Strategy at Salt Security, discusses the heightened concerns of AI and API security, how Salt Security is harnessing AI, and the company’s focus on tackling API security challenges. He says, “We now are going to have a way in the platform itself, using human language, to show a security operator exactly what this threat was trying to do.”

Key themes at RSA Conference, highlighting AI and API Security

• Schwake discusses RSA Conference, noting heightened concerns about AI threats and the dual perspective of AI as both a potential problem and a solution. He highlights increasing attention towards API security.
• Schwake discusses the increasing attention towards API security among customers, recognizing APIs as crucial to application development and underscoring the need for enhanced security measures in that domain.
• At RSA Conference, Salt Security announced its integration of AI throughout their platform. Schwake explains how this enhancement aims to address current ecosystem challenges effectively.
• Schwake highlights GenAI‘s widespread adoption for rapid code development, like creating APIs swiftly. This speeds up organizational cycles but brings challenges in ensuring code security, policy alignment, and risk management.

How Salt Security is utilizing AI to enhance their platform

• Three main applications of their AI technology are: for enhanced API discovery, integration into posture governance, and in behavioral threat detection.
• Schwake discusses how their platform’s capability articulates threats in natural language for security operators, simplifying mitigation efforts amidst growing API-related risks.
• Schwake talks about how they have made improvements in user interaction with the platform through Pepper.

How Salt Security is addressing API security threats and their upcoming developments

• Having a strong security posture throughout the API development lifecycle is crucial. Posture governance can streamline development by ensuring security standards are integrated early in the design phase.
• Schwake highlights Salt Security’s focus on ecosystem enrichment, enhancing existing tools with posture governance capabilities to bolster overall effectiveness in API development.
• Schwake talks about emerging threats in API security, acknowledging the perennial challenge of geopolitical conflicts influencing cybersecurity threats. He notes the persistent sophistication and resource backing behind such threats.
• Salt Security’s threat labs team identifies and analyzes critical security vulnerabilities. Schwake underscores the importance of human-led security research alongside AI advancements
• Schwake previews Salt Security’s upcoming developments, focusing on expanding AI integration to simplify tasks for security analysts and DevOps teams in response to the evolving API landscape.
• Schwake outlines Salt Security’s plans to improve understanding of external and internal API ecosystems using reconnaissance tools, hinting at upcoming enhancements in this area.

Guest: Eric Schwake (LinkedIn)
Company: Salt Security (Twitter)
Show: Let’s Talk

This summary was written by Emily Nicholls.