By IT Brew Staff
less than 3 min read
Definition:
Application programming interfaces, or APIs, are how computers and software connect and talk to one another. Incredibly important in today’s IT landscape—and the target of myriad attacks from threat actors—APIs are the connective tissue of the modern IT setup. They allow programmers and IT teams to work on software integration and processes behind the scenes to keep things moving smoothly.
Keep it secret, keep it safe
That utility means attackers are interested in finding ways in. Threat actors are increasingly targeting API repositories to access the central location, where the interfaces are often stored, so that they can gain more control over systems. It’s like using a backdoor. Hackers are also selling access to the repositories and APIs, highlighting their value.
And defenders are often caught flat-footed without a clear path forward to resolve the issue, Marco Palladino, CTO and co-founder of Kong, told IT Brew in January 2025.
“API security is a huge concern, but obviously there is no way to enforce API security if there is no platform or infrastructure that we can leverage to enforce the policies that we want to secure,” Palladino said.
Hacking the Gibson
But the threat isn’t just from hackers. DeepSeek, China’s answer to OpenAI, may have been created due to unsecured APIs that allowed for infiltration, Chuck Herrin, field CISO at application security provider F5, told IT Brew in February 2025. These APIs weren’t controlled at the time, he said—meaning that they were “exacerbating that attack surface even more with new types of attacks we need to worry about.”
“It’s very, very difficult to create any kind of a mode or intellectual property protection, which I think is one of the reasons why OpenAI is now considering going open source,” Herrin said. “You just can’t create modes if others can distill your models, and the way they do that is via the APIs.”
