Richard Bird

So you see a lot of tension in those organizations around mitigating or remediating the risk or the vulnerability that is associated. And so we really are living in a world where almost all of the traffic, like 75, 80 percent of the daily Internet traffic in the world is APIs. And we have security organizations that have been kept out of the equation for years and years.

So you see a lot of tension in those organizations around mitigating or remediating the risk or the vulnerability that is associated. And so we really are living in a world where almost all of the traffic, like 75, 80 percent of the daily Internet traffic in the world is APIs. And we have security organizations that have been kept out of the equation for years and years.

And then we have an accelerating growth curve of APIs being developed. And we have a much slower curve of security organizations catching up. And it's always I always like to call that the time machine. When one curve is growing exponentially faster, API creation, then another curve, API security is growing. You literally would be better off not doing anything because you're so far behind.

And then we have an accelerating growth curve of APIs being developed. And we have a much slower curve of security organizations catching up. And it's always I always like to call that the time machine. When one curve is growing exponentially faster, API creation, then another curve, API security is growing. You literally would be better off not doing anything because you're so far behind.

And then we have an accelerating growth curve of APIs being developed. And we have a much slower curve of security organizations catching up. And it's always I always like to call that the time machine. When one curve is growing exponentially faster, API creation, then another curve, API security is growing. You literally would be better off not doing anything because you're so far behind.

Now, obviously, that's not the right security answer. But it's the mathematical part of this problem.

Now, obviously, that's not the right security answer. But it's the mathematical part of this problem.

Now, obviously, that's not the right security answer. But it's the mathematical part of this problem.

If API use and API componentry continues to grow at an exponential rate, and any study that you see will suggest API usage is growing anywhere from 3x to 7x a year, but API security is still a cognitive dissonance gap within an organization where people are arguing about whether I need API security because I have a web application firewall in

If API use and API componentry continues to grow at an exponential rate, and any study that you see will suggest API usage is growing anywhere from 3x to 7x a year, but API security is still a cognitive dissonance gap within an organization where people are arguing about whether I need API security because I have a web application firewall in

If API use and API componentry continues to grow at an exponential rate, and any study that you see will suggest API usage is growing anywhere from 3x to 7x a year, but API security is still a cognitive dissonance gap within an organization where people are arguing about whether I need API security because I have a web application firewall in

then you can see where the trend is going, which is even more sprawl, even less security and guideline guardrail control. And then probably more importantly, within the DevOps side of the equation, nobody's in charge of APIs, right? On the operational side, API ownership is fractioned across all the organizations that are developing it. So there's no head of API governance.

then you can see where the trend is going, which is even more sprawl, even less security and guideline guardrail control. And then probably more importantly, within the DevOps side of the equation, nobody's in charge of APIs, right? On the operational side, API ownership is fractioned across all the organizations that are developing it. So there's no head of API governance.

then you can see where the trend is going, which is even more sprawl, even less security and guideline guardrail control. And then probably more importantly, within the DevOps side of the equation, nobody's in charge of APIs, right? On the operational side, API ownership is fractioned across all the organizations that are developing it. So there's no head of API governance.

There's no head of API compliance and control. APIs haven't been looked at that way historically. And that will change. Inevitably, catastrophic consequences will change behaviors in that space. But it is the biggest gap I have ever seen. And I've said this now for more than two years. It is the biggest gap I've ever seen in a situation where people go, yes, I know I have an API security problem.

There's no head of API compliance and control. APIs haven't been looked at that way historically. And that will change. Inevitably, catastrophic consequences will change behaviors in that space. But it is the biggest gap I have ever seen. And I've said this now for more than two years. It is the biggest gap I've ever seen in a situation where people go, yes, I know I have an API security problem.

There's no head of API compliance and control. APIs haven't been looked at that way historically. And that will change. Inevitably, catastrophic consequences will change behaviors in that space. But it is the biggest gap I have ever seen. And I've said this now for more than two years. It is the biggest gap I've ever seen in a situation where people go, yes, I know I have an API security problem.

But no, I'm doing absolutely nothing about it. And that really is where the market is currently sitting for the most part. There are a lot of very mature and evolved API users in the corporate world that recognize the scale and size of this threat. They are definitely moving down the path, but that is a very small percentage of the overall Fortune 2000, Fortune 3000 landscape.

But no, I'm doing absolutely nothing about it. And that really is where the market is currently sitting for the most part. There are a lot of very mature and evolved API users in the corporate world that recognize the scale and size of this threat. They are definitely moving down the path, but that is a very small percentage of the overall Fortune 2000, Fortune 3000 landscape.

But no, I'm doing absolutely nothing about it. And that really is where the market is currently sitting for the most part. There are a lot of very mature and evolved API users in the corporate world that recognize the scale and size of this threat. They are definitely moving down the path, but that is a very small percentage of the overall Fortune 2000, Fortune 3000 landscape.