The first wave of AI security looked a lot like a WAF for LLMs: inspect the prompt, filter the output, block the obvious bad patterns.That was useful. It still is.But it was built for systems that mostly talked.Agents are different. They use tools, call APIs, access data, and change things.The ... Read More

Every company has a version of the same thing.Sometimes it’s a security wiki. Sometimes it’s a Confluence page. Sometimes it’s a PDF nobody wants to update. Sometimes it’s “ask Sarah from AppSec because she knows how we do this here.”What “it” does is explain how APIs should be authenticated, how ... Read More

Last week, researchers at OX Security published findings that should stop every security leader in their tracks. They discovered a critical vulnerability baked directly into Anthropic's Model Context Protocol SDK, affecting every supported language: Python, TypeScript, Java, and Rust. The result: remote code execution on any system running a vulnerable ... Read More

Anthropic just released Claude Mythos Preview. They did not make it publicly available. That decision alone should tell you everything you need to know about what this model can do.During internal testing, Mythos autonomously discovered and exploited zero-day vulnerabilities across every major operating system and web browser. It found a ... Read More

One constant I hear from CISOs I speak with is that AI agents are not coming. They are already inside organizations, reasoning through goals, selecting tools, and taking action through the same APIs that connect your most sensitive systems.And most security teams have no idea what those agents are doing.The ... Read More

This week’s McKinsey incident should be a wake-up call for every enterprise moving fast to deploy AI.Not because AI itself is inherently insecure.But because too many organizations are still thinking about AI security at the model layer, while the real enterprise risk sits in the action layer: the APIs, MCP ... Read More

I’ve spent my career building solutions to protect the API fabric that powers modern businesses. I founded Salt because I saw that traditional security tools such as WAFs, gateways, and CDNs weren’t designed to see or secure APIs. That gap led to breaches, blind spots, and billions in risk.Today, we’re ... Read More

We’re at a major inflection point in how software operates.  And I don’t say that lightly.For the past decade, we’ve seen a steady evolution toward microservices, APIs, and cloud-native architectures. But Agentic AI is something different. We’re no longer talking about static services. We’re now dealing with autonomous agents that ... Read More

I’ve seen this story before,  and I’m seeing it again.When we founded Salt Security in 2016, APIs already powered the digital economy, Kubernetes started to accelerate the growth of APIs, yet almost nobody was monitoring them. Visibility was near zero, context was missing, and protection was an afterthought. Fast-forward to ... Read More

Security AI usage has surged, and enterprises are reaping the benefits. In its 2022 Cost of a Data Breach Report, IBM found that organizations deploying security AI and automation incurred $3.05 million less on average in breach costs — the biggest cost saver found in the study. According to the ... Read More