{"id":19097,"date":"2024-10-02T16:10:05","date_gmt":"2024-10-02T15:10:05","guid":{"rendered":"https:\/\/staging2022.42crunch.com\/?p=19097"},"modified":"2024-10-03T10:59:17","modified_gmt":"2024-10-03T09:59:17","slug":"secure-your-apis-from-genai-and-llm-attacks","status":"publish","type":"post","link":"https:\/\/staging2022.42crunch.com\/secure-your-apis-from-genai-and-llm-attacks\/","title":{"rendered":"Securing APIs in the Age of GenAI: Test Before You Connect"},"content":{"rendered":"

How to secure your APIs from GenAI and LLM based attacks<\/span><\/h3>\n

Generative AI (GenAI) and Large Language Models (LLMs) are transforming the enterprise landscape, enhancing customer and employee experiences with unprecedented efficiency and insight. The recent McKinsey Global survey on AI reports that 65 percent of respondents say that their organizations are regularly using GenAI, nearly double the percentage from their previous survey just ten months ago1<\/sup>. \u00a0However, while businesses rush to integrate these technologies, they often overlook a critical vulnerability: the APIs that connect LLMs to enterprise data. These connections are powerful but fraught with risk, as unsecured APIs can expose sensitive data, create unauthorized access points, and amplify vulnerabilities.<\/p>\n

Focus on Fundamentals: Securing APIs Overlooked Amid AI Risks<\/strong><\/p>\n

Much of today\u2019s security research is focused on sophisticated AI security topics like preventing model poisoning, bias, and hallucinations. While these concerns are important, they can overshadow a more fundamental issue: securing the APIs that LLMs rely on. APIs are a key component of LLM models as they\u2019re the means by which an LLM model communicates with other systems and applications. If these underlying APIs are vulnerable, the risk of a breach increases dramatically. It\u2019s critical to address API security to ensure a strong foundation; otherwise, even the most secure AI models can be compromised through overlooked, insecure API connections. API security isn\u2019t just about protecting APIs; it\u2019s also about ensuring they\u2019re functioning correctly and efficiently. Embedding testing and monitoring as part of the API lifecycle can help identify any potential issues or inefficiencies, ensuring that the APIs used by the LLM systems are reliable and secure.<\/p>\n

Why Traditional Testing Falls Short<\/strong><\/p>\n

Many organizations still depend on generic dynamic application security testing (DAST) tools to protect their APIs, but they lack the sophistication to address API-specific vulnerabilities, particularly those exposed through LLM interactions. These legacy tools often fail to detect complex API attacks, resulting in high false positives and missing critical security gaps.<\/p>\n

Leveraging OpenAPI for Effective Security<\/strong><\/p>\n

With APIs being structured and documented through standards like OpenAPI Specification (OAS), there\u2019s an opportunity to elevate security practices. The OAS is not just critical for security testers; it is also the authoritative source that LLMs use to understand how the API functions. This makes it imperative that the OAS itself is verified to be secure, accurate, and complete. By ensuring that the OAS accurately reflects the API\u2019s functionality without exposing unnecessary details, security teams can craft precise, automated tests that protect against vulnerabilities unique to APIs connected with LLMs.<\/p>\n

A Call to Action<\/strong><\/p>\n

As enterprises increasingly integrate LLMs, securing the APIs that connect them to critical data sources is non-negotiable. A robust approach to API security that includes continuous testing and hardening, guided by standards like OAS, is essential. At 42Crunch, we are committed to helping organizations secure their APIs, ensuring that they are prepared to meet the demands of today\u2019s AI-driven world without compromising security.<\/p>\n

 <\/p>\n

1<\/sup>https:\/\/www.mckinsey.com\/capabilities\/quantumblack\/our-insights\/the-state-of-ai<\/p>\n

Webinar Recording: When GenAI Meets Risky APIs<\/a><\/p>\n

Webinar Recording: OWASP API Top 10 2023<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

How to secure your APIs from GenAI and LLM based attacks Generative AI (GenAI) and Large Language Models (LLMs) are transforming the enterprise landscape, enhancing customer and employee experiences with unprecedented efficiency and insight. The recent McKinsey Global survey on AI reports that 65 percent of respondents say that their organizations are regularly using GenAI, […]<\/p>\n","protected":false},"author":14,"featured_media":19206,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"Connecting GenAI or LLMs to APIs - RIsks and Security Solutions","_seopress_titles_desc":"Learn how connecting GenAI to APIs dramatically increases the attack surface and reduces the expertise needed to attack that API. Also learn how to protect against that.","_seopress_robots_index":"","site-sidebar-layout":"default","site-content-layout":"disabled","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"disabled","ast-hfb-above-header-display":"disabled","ast-hfb-below-header-display":"disabled","ast-hfb-mobile-header-display":"disabled","site-post-title":"disabled","ast-breadcrumbs-content":"disabled","ast-featured-img":"disabled","footer-sml-layout":"disabled","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[6],"tags":[],"class_list":["post-19097","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"_links":{"self":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/19097"}],"collection":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/comments?post=19097"}],"version-history":[{"count":2,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/19097\/revisions"}],"predecessor-version":[{"id":19106,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/19097\/revisions\/19106"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media\/19206"}],"wp:attachment":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media?parent=19097"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/categories?post=19097"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/tags?post=19097"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}