%term

MCP vs. Traditional API Security: Why Your Existing Controls Don't Protect MCP-Powered AI Agents

Jun 1, 2026 By AppSentinels In AppSentinels

Traditional API security protects deterministic systems with known endpoints and explicit actions, while MCP-powered AI agents operate through inferred intent, dynamic tool chaining, and natural language interactions. This requires MCP-specific security controls such as tool governance, behavioral monitoring, and semantic anomaly detection.

Read Post

AppSentinels

Read more about MCP vs. Traditional API Security: Why Your Existing Controls Don't Protect MCP-Powered AI Agents

Salt Cloud Connect for Databricks

May 29, 2026 By Salt Security In Salt Security

Secure your Agentic Action Layer and see where your Databricks MCP servers are communicating with detailed descriptions of what they do.

View Video

Salt Security

API
Security

Read more about Salt Cloud Connect for Databricks

Even Google says you cannot do AI security on one platform

May 28, 2026 By Michael Callahan In Salt Security

This week, Connie Loizos, editor in chief of TechCrunch, sat down backstage with Francis de Souza, COO of Google Cloud, for a piece on the state of enterprise AI security. The interview is worth reading in full. Three points in it should reshape how every CISO is thinking about the next twelve months.

Read Post

Salt Security

Read more about Even Google says you cannot do AI security on one platform

The Security Illusion: Why Your AI Security Tool Won't Save You (And Neither Will Your Traditional API Security)

May 27, 2026 By AppSentinels In AppSentinels

The enterprise security world is having two separate conversations that desperately need to collide. On one side, application security (AppSec) teams are scrambling to secure APIs – the connective tissue of every modern application. On the other, a new wave of “AI security” vendors promise to protect your LLMs from prompt injection, data leakage, and hallucinations. Both groups are solving real problems. Both are missing half the picture.

Read Post

AppSentinels

Read more about The Security Illusion: Why Your AI Security Tool Won't Save You (And Neither Will Your Traditional API Security)

Agentic Identity Is Not NHI With a Brain

May 27, 2026 By AppSentinels In AppSentinels

The non-human identity (NHI) problem was always the same problem: too many service accounts, too few owners, too many secrets in too many places. They sat where we left them, quietly piling up privilege, outliving the engineer who created them. Eventually someone, an auditor, sometimes an attacker, went looking and found them. Agents are a different problem.

Read Post

AppSentinels

Read more about Agentic Identity Is Not NHI With a Brain

Postman Workspace Exposure: When Your API Test Suite Becomes a Security Risk

May 22, 2026 By AppSentinels In AppSentinels

Let’s start with a scenario. This is illustrative, not a single reported incident. A developer shares a Postman collection in Slack to move faster. “Here’s the Postman collection for the payment API. It has live auth headers so you can test prod endpoints.” The team uses it, work gets done, and the link stays. What no one realizes is that the collection lives inside a public Postman workspace. Weeks later, it is indexed by search engines. The URL requires no login.

Read Post

AppSentinels

Read more about Postman Workspace Exposure: When Your API Test Suite Becomes a Security Risk

Improve API authentication detection with Datadog

May 22, 2026 By Matthieu Roux In Datadog

Many organizations have hundreds or thousands of API endpoints across their services, each of which handles authentication differently. For example, one service might rely on standard headers like Authorization: Bearer, while another uses an API key, and a third uses a custom JSON Web Token header with mechanisms or naming conventions specific to the team that built it.

Read Post

Datadog

Read more about Improve API authentication detection with Datadog

Salt Cloud Connect for Github

May 22, 2026 By Salt Security In Salt Security

Your developers are shipping agents, MCP servers, and APIs faster than security can see them. GitHub Connect changes that. Salt scans your repositories and surfaces every agent, MCP server, and API hiding in your codebase, then maps them into the Agentic Security Graph. You see the agentic infrastructure forming in code, before it ever reaches production. No more waiting for runtime to find out what shipped. No more blind spots between dev and prod. Govern what's being built from day one.

View Video

Salt Security

Read more about Salt Cloud Connect for Github

New Security Gap: Your WAF Has No Idea What Your AI Is Doing

May 21, 2026 By Wallarm In Wallarm

In this webcast, we get into why signature-based protection breaks down in AI-first environments, what behavioral detection and positive security models actually look like in production, and what it takes to evaluate whether your runtime tools are genuinely adapting to your environment or just adding noise to your stack.

View Video

Wallarm

Read more about New Security Gap: Your WAF Has No Idea What Your AI Is Doing

Next.js Vulnerability Exposes Credentials and Protected Data - Why Runtime API Security Matters

May 20, 2026 By AppSentinels In AppSentinels

A newly disclosed security issue, tracked as CVE-2026-44578, affecting Next.js applications is raising concerns across the developer and security communities after researchers identified multiple authorization bypass and middleware evasion paths that could expose protected application data and credentials. The vulnerabilities impact several versions of Next.js and allow attackers to bypass middleware-based authorization controls using crafted requests and route manipulation techniques.

Read Post