Semgrep eventsJoin us for April's DevSecOps London Gathering in Shoreditch, where this month's theme is API security in the AI era.
Our Security Advocate, Dr Katie Paxton-Fear, will be giving a talk on why API security matters even more now – with APIs becoming one of the most important and overlooked attack surfaces – and what security teams need to understand about the real vulnerabilities, abuse paths, and testing approaches that matter most.
There will also be free time to connect with fellow software and security pros from across the industry, and catch up on the most important and exciting developments in the space at the moment.
Register to attend here. Hope to see you there!
Talk abstract:
APIs are the hidden infrastructure that connects everything, like the plumbing of the modern age – though much like plumbing, you don't realise you've got a problem until it’s too late…
This is doubly true for the AI era. It doesn't matter if you're orchestrating agents through OpenClaw, Warcraft 3 or MCP – APIs remain the way AI escapes the bounds of the chat box into the real world.
But this new modality of APIs unfortunately didn't ship with more security. We’ve spent years lumping APIs into “web security” and calling it a day. As AI adoption accelerates, API abuse is becoming the easiest way to escalate impact: broken object-level auth, excessive data exposure, workflow manipulation, and agent overreach. So what actually matters and how are attackers exploiting it?
Join Dr Katie Paxton-Fear as we explore API hacking as its own discipline, in the AI era. No generic web security theory. Instead, you’ll walk away understanding:
What makes APIs uniquely vulnerable
The bugs attackers actually look for
How AI-driven workflows expand impact
How to test your own APIs effectively
