Black Hat Fireside Chat: How to achieve API security — as AI-boosted attacks intensify

By Byron V. Acohido

API security has arisen as a cornerstone of securing massively interconnected cloud applications.

At Black Hat USA 2023, I had a great discussion about API security with Data Theorem COO Doug Dooley and Applovin CISO Jeremiah Kung. For a full drill down, please give the accompanying podcast a listen.

As a fast-rising mobile ad network going toe-to-toe with Google and Facebook, Applovin has been acquiring advanced security tools and shaping new practices to manage its API exposures. Kung described for me how Data Theorem’s API Secure is proving to be a vital weapon in Applovin’s security arsenal.

APIs have become the “lifeblood” of apps and thus a prime target for cyber criminals, Kung says. AppLovin has learned that it must mitigate API exposures from multiple angles, he told me.

Robust API security has become table stakes – for cloud-native companies like AppLovin as well as for legacy enterprises stepping up their cloud plays, Dooley argues.

Guest experts: Doug Dooley, COO, Data Theorem; Jeremiah Kung, CISO, Applovin

“The moment you go cloud, the number of attack surfaces explodes and there’s really no way to stop it, because it’s like trying to stop innovation,” Dooley says. “As long as you let feature development happen with modern techniques of cloud services and third-party software suppliers, you’re going to have more APIs than you even realize you have embedded and exposed throughout your application stacks.”

Securing APIs is even more vital as generative AI takes center stage, giving attackers one more powerful tool to scale up their campaigns. Yes,  AI is bolstering hacking techniques; but it can also strengthen defensive capabilities by security teams, programs, and products Dooley observes.

The arms race is just warming up, folks. I’ll keep watch and keep reporting.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)


Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone