Akamai announced new capabilities to help enterprises manage their APIs’ security at scale, an increasingly complex challenge due to the growth of digital services, distributed architectures, and AI-driven applications. The company introduced Security Posture Center and expanded API-from-code features, aiming to turn scattered findings into measurable controls and connect actual API activity with the responsible teams and repositories.
This offering comes at a time when many organizations have dozens, hundreds, or even thousands of APIs exposed across internal applications, cloud services, third-party integrations, and digital products. The problem is not only detecting vulnerabilities but also understanding who should fix them, what impact they have on the business, and whether the company is progressing toward a more robust security level or simply accumulating alerts.
From isolated alerts to a more organized risk overview
Security Posture Center aims to change how security teams work with APIs. Instead of chasing individual incidents, Akamai proposes a model based on security controls aligned with best practices in areas like authentication, data protection, and API hygiene.
This approach enables measuring the overall security status of APIs and tracking progress over time. For security managers, this can be useful because it transforms a list of technical issues into a clearer view for prioritization, decision justification, and demonstrating progress during audits or internal committees.
API security often suffers from issues such as insufficient authorization controls, weak authentication, overexposure of data, or lack of a real inventory. OWASP has maintained a specific list of API risks for years, highlighting object-level authorization as one of the most relevant threats—especially when attackers manipulate identifiers to access unauthorized data.
Akamai seeks to address this context with a unified API risk logging system throughout the development lifecycle. This includes detection, posture management, runtime protection, and fixing vulnerabilities.
From real traffic to the responsible repository
The other significant innovation is code-to-runtime mapping. This feature allows linking APIs observed in real traffic to concrete repositories, code files, and recent authors of changes. Practically, this helps answer a question many companies find time-consuming: who is the actual owner of a vulnerable or misconfigured API?
This traceability can reduce average resolution time, according to Akamai, because it prevents manual searches across teams, incomplete documentation, or legacy services with unclear owners. Developers gain more context to reproduce and fix issues, while security teams can monitor remediation progress more accurately.
Oz Golan, VP of API Security at Akamai, explained that historically, API security has been marked by fragmented findings, making it difficult to understand an organization’s true security posture. With Security Posture Center, the company aims to define what being protected means through policy-based controls and close the gap between traffic, configuration, and code.
APIs, AI agents, and expanded attack surfaces
The rise of AI agents adds pressure to this landscape. Many modern applications rely on APIs to query data, perform actions, coordinate services, or connect enterprise tools. Without proper inventory and governance, these APIs can inadvertently expand existing risks, especially as AI systems become more prevalent.
Therefore, end-to-end visibility becomes more than an optional enhancement; it becomes a necessity. Companies need to know which APIs are active, what data they handle, what controls are applied, who maintains them, and how they behave in production. Automation can accelerate processes but also emphasizes the need for clear boundaries and well-defined responsibilities.
Akamai places these new features within its API Security offering, focused on discovery, posture management, runtime protection, and remediation. This approach aligns with a broader market trend: bringing security closer to development without losing visibility into production activities.
The real challenge will be how these capabilities integrate into actual workflows. Security tools are valuable only if they help prioritize effectively, reduce noise, and shorten the time between detection and fix. In APIs, where changes can be rapid and ownership unclear, linking findings to the specific code and responsible party can make a critical difference for security and development teams.
Frequently Asked Questions
What has Akamai introduced for API security?
Akamai has launched Security Posture Center and new code-to-runtime mapping features to assess API security posture and accelerate risk remediation.
What does code-to-runtime mapping mean?
It involves linking APIs observed in live traffic to their repositories, code files, and responsible developers, so teams know who should review and fix each issue.
Why is API security important when deploying AI?
Because many applications and AI agents depend on APIs to access data and perform actions. If these APIs are not well protected and governed, they can expand the company’s attack surface.
via: akamai