Bytes Blog: Manage and Secure the Spread of AI-Related APIs
Tuesday 11th March 2025
APIs are the quiet workhorse of the application world. They allow apps, services, and systems to send requests and data directly to each other to get things done. F5 reported that 41% of organisations are managing at least as many APIs as apps.1 But because APIs operate in the background, they often go unnoticed, unmanaged, and unsecured. The situation is likely to worsen with the explosive growth of AI—Gartner predicted a more than 30% increase in demand for APIs coming from AI and tools using large language models (LLMs).2
The reason for this growth is the expanded, high volume data exchange needed for generative AI (GenAI). While GenAI appears as a straightforward prompt-response on the surface, the backend services that make that response possible are complex. Meanwhile we are seeing the next evolution of generative AI: agentic AI. AI solutions are now being designed with agency, to not only enable natural language prompts and other GenAI engagement capabilities, but to then automate a sequence of actions based on the outcome without much, if any, human interaction. These automated actions can often mean plugging into workflows and other systems via APIs.
While agentic AI may feel like another hot technology disruption that’s on the far-off horizon, GenAI has paved an accelerated path for agents to become a reality. By 2028, it’s expected that a third of software applications will include agentic AI.3
Understand the API risk
The majority view in the industry is that successful API-related compromises will grow through 2025,4 primarily from the intersection of API growth, expanding ecosystem complexity, greater access to more data, and improved attacker capabilities. APIs create a doorway for attackers to exploit their programmatic nature and induce damage at great speed and scale. Organisations are at risk from not understanding what APIs they have deployed, and a lack of security controls designed for their specific vulnerabilities.
But getting a handle on your API risk doesn’t have to be difficult. Here are some steps to consider in your AI journey.
Security best practices are your foundation
While both AI and APIs have unique characteristics, starting from a solid cybersecurity foundation goes a long way to protecting the overall organisation. This includes well-crafted data practices and data governance, AI policies that address compliance, data privacy, legal and ethics, as well as protect your intellectual property. Lastly, you should architect your infrastructure and applications for zero trust, meaning you assume a user, system, or application doesn’t have permissions unless proven otherwise, no matter where they are on the network.
Discover APIs running in your environment
The next step is to go from unmanaged to managed by determining what’s running in your environment. Shadow APIs, whether from rogue applications deployed outside IT’s purview, or APIs that are simply undocumented, unused, or outdated, all need to be discovered and catalogued, then either decommissioned or brought under management. F5 Distributed Cloud API Security automatically discovers and maps all APIs from anywhere in the API lifecycle, from early in development, into production through traffic analysis and external domain crawling. Multiple teams, including DevOps, application owners, and SecOps, can benefit from this complete view into an apps ecosystem.
Secure your end-to-end API landscape
Once you have APIs discovered and brought under management, you can ensure their protection. This means addressing threats, including those identified in the OWASP Top 10 for APIs. Distributed Cloud API Security offers a cloud-based solution that works consistently across on-premises, data centre, and cloud environments. Bytes UK can help you define, deploy, and manage security policies and configure Distributed Cloud API Security to allow or deny unwanted traffic and connections, monitor for anomalous behavior, and prevent data leakage. Continue to identify shadow APIs while you block API attacks in real time and eliminate vulnerabilities at their source.
Getting started with F5 Distributed Cloud
Bytes UK offers a range of consulting services, from on-demand experts by the hour, to robust engagements to address overall security posture. Bytes UK understands the AI space and how that’s potentially creating more risk for the organisation. Whether you’re experimenting with Microsoft Copilot or have more elaborate AI investment plans, we begin your security assessment by understanding your AI ambitions, now and in the future, and what solutions are the best fit to proactively address your changing infrastructure and applications.
As an F5 UNITY+ partner, Bytes UK has the in-house expertise to help you choose, design, deploy, and fully manage your F5 solutions, including Distributed Cloud. We’re here to help you strengthen your security posture in response to AI adoption and maximise the value of the F5 Distributed Cloud Platform—so you can keep your teams focused on business growth and serving your customers.
To learn more about F5 Distributed Cloud, please reach out to your dedicated Bytes Account Manager, or [email protected].
_____________________________
Sources:
1. F5, 2024 State of Application Strategy Report, 2024
2. Gartner, Gartner Predicts More Than 30% of the Increase in Demand for APIs will Come From AI and Tools Using Large Language Models by 2026, Mar 2024
3. Gartner, Top Strategic Technology Trends for 2025: Agentic AI, Oct 2024
4. Security Week, Cyber Insights 2025: APIs – The Threat Continues, Jan 2025
Want to keep informed? Sign up to our Newsletter