We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!


Today, API security provider Traceable AI announced that it has raised $60 million as part of a series B funding round. The new funding values the company at more than $450 million and will be used to invest in product development and research while also expanding its sales and marketing teams to increase its growth. 

Traceable AI’s solution collects data from user-driven transactions as they flow through APIs and stores it within the platform. The solution then uses machine learning (ML) to convert the application’s business logic into a logistic model. 

This logistics model is processed with ML, which learns to detect changes from normal application behavior over time. 

For enterprises, the platform offers a tool to detect API-level attacks that often slip under the radar of understaffed or under-resourced security teams in environments with lots of cloud-native applications.  

Protecting APIs in the cloud era 

Today, many organizations are in a position where their API attack surface is expanding, but don’t have access to the expertise or tools needed to mitigate these risks. For instance, research shows that misconfigured APIs make up to two-thirds of cloud breaches.

At the same time, attackers know that enterprises are unprepared to protect APIs, with API attacks increasing by 681% in the past 12 months, and 94% of companies reporting that they had an API-related security incident in the past year. 

The reason for the uptick in security incidents is that the increase in the number of cloud apps has opened up a mountain of security vulnerabilities that legacy security tools are ill-equipped to confront.  

“Organizations simply do not have the proper security tools to protect their expanding API attack surface. Existing application security tools that rely on signatures built on regular expressions to catch exploits generate a high number of false positives. The widespread use of APIs that power today’s business success is getting blocked by traditional security solutions while allowing malicious cyberattacks to pass through to exploit API applications and exfiltrate sensitive data,” said CEO and cofounder of Traceable AI, Jyoti Bansal. 

“Modern API-driven applications move too fast, releasing new features while inadvertently releasing API vulnerabilities and business logic flaws. Existing security tools such as WAFs, RASP and API gateways simply do not move fast enough to adapt to the speed of API application development and their security needs,” Bansal said. 

Traceable API aims to enable security teams to keep up with API-level threats by offering user attribution for every recorded transaction and distributed tracing to provide a view of a threat actor’s entire user activity storyline, across systems and over time.

This provides a holistic view of the threat actor’s activities and the level of threat they pose to the enterprise, which makes it easier for human analysts to understand what the most significant threats are and how to block them. 

The API management market 

Traceable API is part of the fast-growing global API management market, which researchers estimate will increase from $4.1 billion in 2021 to $8.41 billion in 2027 as organizations invest more in solutions to prevent API and application-layer attacks. 

The provider is competing against a number of other established API security vendors, including No Name Security, which recently raised $135 million as part of a series C funding round and achieved a $1 billion valuation

No Name Security offers an API security posture management solution that can inventory APIs and identify misconfigurations and security vulnerabilities through the use of AI and ML models. 

Another competitor is Salt Security, which earlier this year raised $140 million as part of a series D funding round that brought its total funding to $271 million. Salt Security provides users with an API Context Engine that can continuously discover APIs, identify vulnerable APIs, test Apis in pre-production and block API attacks. 

Although these solutions are well established, Bansal argues that Traceable AI’s emphasis is on highlighting the attacker’s journey to the analyst, so they can understand “the unique business logic, user attribution and context of each API — from development through production.”

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Author
Topics