%term

Postman Workspace Exposure: When Your API Test Suite Becomes a Security Risk

May 22, 2026 By AppSentinels In AppSentinels

Let’s start with a scenario. This is illustrative, not a single reported incident. A developer shares a Postman collection in Slack to move faster. “Here’s the Postman collection for the payment API. It has live auth headers so you can test prod endpoints.” The team uses it, work gets done, and the link stays. What no one realizes is that the collection lives inside a public Postman workspace. Weeks later, it is indexed by search engines. The URL requires no login.

Read Post

AppSentinels

Read more about Postman Workspace Exposure: When Your API Test Suite Becomes a Security Risk

Improve API authentication detection with Datadog

May 22, 2026 By Matthieu Roux In Datadog

Many organizations have hundreds or thousands of API endpoints across their services, each of which handles authentication differently. For example, one service might rely on standard headers like Authorization: Bearer, while another uses an API key, and a third uses a custom JSON Web Token header with mechanisms or naming conventions specific to the team that built it.

Read Post

Datadog

Read more about Improve API authentication detection with Datadog

New Security Gap: Your WAF Has No Idea What Your AI Is Doing

May 21, 2026 By Wallarm In Wallarm

In this webcast, we get into why signature-based protection breaks down in AI-first environments, what behavioral detection and positive security models actually look like in production, and what it takes to evaluate whether your runtime tools are genuinely adapting to your environment or just adding noise to your stack.

View Video

Wallarm

Read more about New Security Gap: Your WAF Has No Idea What Your AI Is Doing

Next.js Vulnerability Exposes Credentials and Protected Data - Why Runtime API Security Matters

May 20, 2026 By AppSentinels In AppSentinels

A newly disclosed security issue, tracked as CVE-2026-44578, affecting Next.js applications is raising concerns across the developer and security communities after researchers identified multiple authorization bypass and middleware evasion paths that could expose protected application data and credentials. The vulnerabilities impact several versions of Next.js and allow attackers to bypass middleware-based authorization controls using crafted requests and route manipulation techniques.

Read Post

AppSentinels

Read more about Next.js Vulnerability Exposes Credentials and Protected Data - Why Runtime API Security Matters

The Agentic Security Graph: Get Visibility into your AI Security Risks

May 19, 2026 By Salt Security In Salt Security

As enterprises shift from conversational to agentic AI, the real risk moves from model outputs to the action layer; the MCP servers and APIs through which agents execute real-world tasks. The Agentic Security Graph frames this risk across three interconnected layers (LLM, MCP servers, APIs), showing how compromises at any layer can propagate and why existing LLM-focused controls leave the most consequential surface unmonitored.

View Video

Salt Security

Read more about The Agentic Security Graph: Get Visibility into your AI Security Risks

What Your Board Gets Wrong About AI Security

May 17, 2026 By Wallarm In Wallarm

Editor's note: This article was originally published by Craig Riddell on LinkedIn. It has been republished here with the author's permission. Boards are giving AI security more airtime than ever. What they're not giving is the right framing. A year or two ago, AI was mostly a question of experimentation risk. Today, it's tied directly to revenue, customer experience, operational efficiency, and competitive advantage. The urgency is real, and it's translating into aggressive deployment timelines.

Read Post

Wallarm

Read more about What Your Board Gets Wrong About AI Security

Salt Agentic Security Platform

May 15, 2026 By Salt Security In Salt Security

Most enterprise AI security investment is focused on the model layer—guardrails, output filtering, LLM governance. That's necessary. It's not sufficient. AI agents take actions: they call APIs, invoke MCP servers, access databases, and trigger downstream workflows. The Salt Security Agentic Security Platform was built to secure that action layer (the infrastructure your agents actually operate across).

View Video

Salt Security

Read more about Salt Agentic Security Platform

Salt Cloud Connect for AWS

May 15, 2026 By Salt Security In Salt Security

Zero wait. Agentless. With Salt Cloud Connect for AWS, organizations can instantly discover APIs, MCP servers, and agentic activity across AWS environments (without deploying sensors or routing traffic). Because in the agentic era, you can’t secure what you can’t see.

View Video

Salt Security

Read more about Salt Cloud Connect for AWS

The AI Agent Governance Framework: Security, Trust, and Guardrails

May 15, 2026 By SecuritySenses In SecuritySenses

This comprehensive guide examines how the AI Agent Governance Framework: Security, Trust, and Guardrails enables organizations to manage autonomous systems safely with support from Semrush.

Read Post

SecuritySenses

Read more about The AI Agent Governance Framework: Security, Trust, and Guardrails

Your AI Agents Are Already Acting. The Question Is Whether You Can See What They're Doing.

May 13, 2026 By Michael Callahan In Salt Security

In conversations with CISOs about their agentic environments, the question I ask first is not whether they have agents deployed. Most do. It is not whether those agents are creating value. Most are. The question I ask is whether they have mapped their Agentic Security Graph. Almost none of them have. And that gap, between the agentic infrastructure that exists inside their organizations and the visibility they have into it, is where the most serious AI security risk in the enterprise lives right now.

Read Post