The Role of Artificial Intelligence in API SecurityConsumer Services Research || || Baljeet Malhotra || June 27, 2019
Security and reliability of software systems and web-driven software services such as Application Programming Interface or simply API are enormously important to our modern economy. APIs in particular are playing an important role in connecting our digital worlds at a massive scale. On the other hand, Artificial Intelligence (AI) is revolutionizing the way we live, work and think. In recent times, computing machines have become intelligent enough to recognize real world objects, recognize speech, learn programs, paint like an artist, or even dream like humans. Software and API solutions are also benefiting from the advances in AI.
An important part of AI driven security solutions is training computing machines with real world datasets. Our platform has a large database of APIs supplemented by other important pieces of meta data such as publicly known vulnerabilities, licenses, vendor information, etc. to assess the security posture of publicly available Web APIs. Our data scientists and security experts are effectively utilizing these data to build next generation of cyber security solutions. In this context, training a computing machine is very important, which essentially means providing relevant data to algorithms that can continue to learn from the evolving data as new Open Source solutions become available and new API deficiencies and software vulnerabilities are discovered.
These constantly evolving data pose several challenges that need to be overcome before AI driven security solutions can be realized. Many of these challenges are primarily due to the fact that API driven solutions entail large volumes of structured and unstructured data that are difficult to find, manage and analyze. We are applying various Data Mining, Machine Learning and Natural Language Processing solutions to solve some of the most challenging problems related to API management. Following are some examples of our AI driven solutions.
- Automatically discover web APIs that could pose security risks even before they are consumed in various software products and services.
- Automatically map publicly known vulnerabilities to Open Source projects (which could be known differently within various open source and security communities).
- Automatically conduct a preliminary analysis of vulnerabilities to determine their severity and importance so that vulnerability analysis can be prioritized. Our AI driven solution evaluates these risks in the context of applications and their business impact.
- Automatically find relationships between various Open Source projects that are detected within your code. Our AI driven solution helps in a better understanding of your code dependencies to mitigate security and compliance risks at file and directory level.
- Automatically analyze hundreds of legal documents (licenses, terms of services, privacy statements, privacy laws such as HIPPA, DMCA, etc.) to determine the compliance risks.
To sum this up in a quite admittedly way, AI cannot fully automate the process of managing cyber security risks originating from APIs. Nonetheless, tech-community is making good progress in leveraging upon advanced AI technologies for cyber security. As a responsible member of the society, TeejLab research team is playing an important role in combining academic and industry research to build cutting edge solutions for managing risks from Web APIs that are vital to connecting our digital worlds and economies. Contact us for more details about our research.