The shadow technology problem is getting worse.  Over the past few years, organizations have scaled microservices, cloud-native apps, and partner integrations faster than corporate governance models could keep up, resulting in undocumented or shadow APIs.  We’re now seeing this pattern all over again with AI systems. And, even worse, AI ... Read More

API security has been a growing concern for years. However, while it was always seen as important, it often came second to application security or hardening infrastructure.  In 2025, the picture changed. Wallarm’s 2026 API ThreatStats Report revealed that APIs are now the primary attack surface for digital business, and ... Read More

It’s an unusually cold winter morning in Houston, and Craig Riddell is settling into his new role as Wallarm’s Global Field CISO. It’s a position that suits him down to the ground, blending technical depth, empathy, business acumen, and, what Craig believes, the most underrated skill in cybersecurity: curiosity.  Like ... Read More

You probably think the security mantra “you can’t protect what you don’t know about” is an inarguable truth. But you would be wrong. It doesn’t hold water in today’s threat landscape. Of course, it sounds reasonable. Before you secure APIs, you must first discover, inventory, and document them exhaustively. The ... Read More

API security is becoming more important by the day and skilled practitioners are in high demand. Now’s the time to level up your API security skillset.  Wallarm University, our free training course, provides security analysts, engineers, and practitioners with hands-on skills you can’t get from documentation, videos, or traditional courses ... Read More

Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator series of movies? Well, maybe not! Researchers recently discovered that one AI agent can “inject malicious instructions into a conversation, hiding them among otherwise benign client requests and server responses.” While known AI threats involve ... Read More

Lefteris Tzelepis, CISO at Steelmet /Viohalco Companies, was shaped by cybersecurity. From his early exposure to real-world attacks at the Greek Ministry of Defense to building and leading security programs inside complex enterprises, his career mirrors the evolution of the CISO role itself. Now a group CISO overseeing security across ... Read More

As the year draws to a close, it’s worth pausing to look back on what has been an extraordinary year for Wallarm and, more importantly, for the businesses we protect.  If 2024 was about laying the groundwork (tracking API sessions to understand behavioral attacks), then 2025 was the year we ... Read More

The API supply chain is the new security blind spot. Attackers no longer need to breach your APIs directly; they can target the third-party services that connect to them. These unmanaged dependencies are now the shortest path to your sensitive data. The recent Mixpanel incident is a stark reminder of ... Read More

Earlier this month, Microsoft uncovered SesameOp, a new backdoor malware that abuses the OpenAI Assistants API as a covert command-and-control (C2) channel. The discovery has drawn significant attention within the cybersecurity community. Security teams can no longer focus solely on endpoint malware. Attackers are weaponizing public and legitimate AI assistant ... Read More