{"id":229192,"date":"2026-03-30T06:06:00","date_gmt":"2026-03-30T10:06:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/30\/apis-are-the-new-perimeter-heres-how-cisos-are-securing-them\/"},"modified":"2026-03-30T10:15:19","modified_gmt":"2026-03-30T14:15:19","slug":"apis-are-the-new-perimeter-heres-how-cisos-are-securing-them","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/30\/apis-are-the-new-perimeter-heres-how-cisos-are-securing-them\/","title":{"rendered":"APIs are the new perimeter: Here\u2019s how CISOs are securing them"},"content":{"rendered":"<p><a href=\"https:\/\/www.csoonline.com\/article\/4148315\/apis-are-the-new-perimeter-heres-how-cisos-are-securing-them.html\">APIs are the new perimeter: Here\u2019s how CISOs are securing them<\/a><\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/4148315\/apis-are-the-new-perimeter-heres-how-cisos-are-securing-them.html\">https:\/\/www.csoonline.com\/article\/4148315\/apis-are-the-new-perimeter-heres-how-cisos-are-securing-them.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-30 06:06:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.csoonline.com\">www.csoonline.com<\/a><\/p>\n<p>As Subramaniam explains, \u201cAI agentic systems, which autonomously access APIs to perform tasks, complicate API security by expanding the attack surface, enabling dynamic and unpredictable interactions, and amplifying existing vulnerabilities through high-speed, automated actions.\u201d Preventing unauthorized access by agents will require more granular control and more time-bound role-based access control (RBAC).<\/p>\n<p>Other API risks stem from the broader software supply chain. In 2025, JPMorganChase CISO Patrick Opet published an open letter about diminishing standards for SaaS providers, writing that the SaaS delivery model is \u201cquietly enabling cyber attackers\u201d and creating a \u201csubstantial vulnerability that is weakening the global economic system.\u201d<\/p>\n<p>Third-party API consumption can open an organization to sensitive data exposure. According to Gartner, 71% of organizations use APIs provided by third parties such as SaaS vendors, making third-party APIs another major risk vector.<\/p>\n<p>\u201cFor third-party APIs, we already require vendor security reviews and contractual security assurances,\u201d says Fortitude Re\u2019s Franklin, noting that this is part of a broader SaaS security program that provides visibility into the SaaS systems employees use.<\/p>\n<p>The onus, however, is also on the consuming organization to implement better token-handling processes to secure API connections to SaaS platforms. This is especially important, as developers are often reckless with API keys and secrets. In 2024, Escape discovered 18,000 API secrets and tokens floating around on the open web.<\/p>\n<p>Some CISOs are actively addressing this. \u201cOur team centralizes and encrypts all third-party credentials \u2014 API keys, tokens \u2014 within the API management layer,\u201d says Subramaniam. \u201cWe never distribute raw credentials to our internal development teams.\u201d<\/p>\n<p>Maintaining safe integrations requires ongoing discipline, too. \u201cWe apply the same rigor to third-party APIs: Credentials&#8230;<\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/4148315\/apis-are-the-new-perimeter-heres-how-cisos-are-securing-them.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>APIs are the new perimeter: Here\u2019s how CISOs are securing them https:\/\/www.csoonline.com\/article\/4148315\/apis-are-the-new-perimeter-heres-how-cisos-are-securing-them.html Publish Date: 2026-03-30&#8230;<\/p>\n","protected":false},"author":1,"featured_media":229193,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.csoonline.com\/wp-content\/uploads\/2026\/03\/4148315-0-01777100-1774865153-shutterstock_2556469215.jpg?quality=50&strip=all&w=1024","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,27],"class_list":["post-229192","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229192"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=229192"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229192\/revisions"}],"predecessor-version":[{"id":229194,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229192\/revisions\/229194"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/229193"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=229192"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=229192"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=229192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}