Richard Bird

And they didn't have any security tools. They didn't have any guidance. An example of this is you can walk into any large company today and there'll be 30 organizations within that company that are developing APIs. And they're not using any standard protocols. They're using GraphQL. They're using SOAP. They're using REST. They're using all of these different language types.

And so now you think about, okay, what can that kind of sprawl create in terms of problems? Go back to the last of us, right? I don't know. What kind of problems can self-propagating technologies create once they're out in the wild besides making more of themselves? There are more and more APIs that are being built without these oversight components in place.

And so now you think about, okay, what can that kind of sprawl create in terms of problems? Go back to the last of us, right? I don't know. What kind of problems can self-propagating technologies create once they're out in the wild besides making more of themselves? There are more and more APIs that are being built without these oversight components in place.

And so now you think about, okay, what can that kind of sprawl create in terms of problems? Go back to the last of us, right? I don't know. What kind of problems can self-propagating technologies create once they're out in the wild besides making more of themselves? There are more and more APIs that are being built without these oversight components in place.

And I think it's always really important to point out, API sprawl is not a security problem. API sprawl is an operational problem. It only becomes a security problem when it is a security problem. And when somebody finds an exploitable API that's in this massive mess of APIs that have been created, now the bad guy can just simply take a pathway using that one exposed API.

And I think it's always really important to point out, API sprawl is not a security problem. API sprawl is an operational problem. It only becomes a security problem when it is a security problem. And when somebody finds an exploitable API that's in this massive mess of APIs that have been created, now the bad guy can just simply take a pathway using that one exposed API.

And I think it's always really important to point out, API sprawl is not a security problem. API sprawl is an operational problem. It only becomes a security problem when it is a security problem. And when somebody finds an exploitable API that's in this massive mess of APIs that have been created, now the bad guy can just simply take a pathway using that one exposed API.

And it wasn't sprawl necessarily that caused it. It was all of the lack of discipline and control that happens when you have a sprawl. I build it without authentication. I build it without the necessary safeguards. I build it and I put private information in it when I'm not supposed to.

And it wasn't sprawl necessarily that caused it. It was all of the lack of discipline and control that happens when you have a sprawl. I build it without authentication. I build it without the necessary safeguards. I build it and I put private information in it when I'm not supposed to.

And it wasn't sprawl necessarily that caused it. It was all of the lack of discipline and control that happens when you have a sprawl. I build it without authentication. I build it without the necessary safeguards. I build it and I put private information in it when I'm not supposed to.

These are all characteristics of behaviors that we see in the market today, and the scale of it is just staggering. We have a new API security report that's coming out. And 57% of the organizations that we've talked to have suffered an API breach in the last two years. And of those, 73% have had at least three. And 41% of them faced five or more API breaches just in the last two years.

These are all characteristics of behaviors that we see in the market today, and the scale of it is just staggering. We have a new API security report that's coming out. And 57% of the organizations that we've talked to have suffered an API breach in the last two years. And of those, 73% have had at least three. And 41% of them faced five or more API breaches just in the last two years.

These are all characteristics of behaviors that we see in the market today, and the scale of it is just staggering. We have a new API security report that's coming out. And 57% of the organizations that we've talked to have suffered an API breach in the last two years. And of those, 73% have had at least three. And 41% of them faced five or more API breaches just in the last two years.

And that is the consequence of what happens when API sprawl is allowed to continue uncontrolled and unchecked.

And that is the consequence of what happens when API sprawl is allowed to continue uncontrolled and unchecked.

And that is the consequence of what happens when API sprawl is allowed to continue uncontrolled and unchecked.

It goes back to the beginnings, which is security teams had no responsibilities or obligations to observe, manage, or secure APIs to begin with. When you look at organizations today, API creation definitely doesn't belong to security. It belongs to DevOps. When you look at remediation, say a vulnerable API that was found in testing, security people aren't developers anymore.

It goes back to the beginnings, which is security teams had no responsibilities or obligations to observe, manage, or secure APIs to begin with. When you look at organizations today, API creation definitely doesn't belong to security. It belongs to DevOps. When you look at remediation, say a vulnerable API that was found in testing, security people aren't developers anymore.

It goes back to the beginnings, which is security teams had no responsibilities or obligations to observe, manage, or secure APIs to begin with. When you look at organizations today, API creation definitely doesn't belong to security. It belongs to DevOps. When you look at remediation, say a vulnerable API that was found in testing, security people aren't developers anymore.

So you see a lot of tension in those organizations around mitigating or remediating the risk or the vulnerability that is associated. And so we really are living in a world where almost all of the traffic, like 75, 80 percent of the daily Internet traffic in the world is APIs. And we have security organizations that have been kept out of the equation for years and years.