Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Composing song lyrics, writing code, securing networks — sometimes it seems like AI can do it all. And with the rise of LLM-based engines like ChatGPT and Google Bard, what once seemed like science fiction is now accessible to anyone with an internet connection. These AI advancements are top-of-mind for most businesses and bring up a lot of questions.

Welcome to the 12th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it. To see previous posts you might have missed, click here. This post will put a spotlight on Injection, which used to be its own category (OWASP API8:2019) but has now been subsumed into OWASP API10:2023 (Unsafe Consumption of APIs).

When ChatGPT, a generative AI chatbot developed by OpenAI, was introduced in November 2022, the digital world changed forever. Endless questions and even more speculation surrounded the release, and most industries, including cybersecurity, were divided on the tool’s value. The advocates quickly prophesized how artificial intelligence would improve their daily decision-making and elevate their understanding of complex concepts.

One of the major concerns of multi-cloud companies is security. 69% of organizations admitted to experiencing data breaches or exposures due to multi-cloud security configurations.

Over the last few years, APIs have rapidly become a core strategic element for businesses that want to scale and succeed within their industries. In fact, according to recent research, 97% of enterprise leaders believe that successfully executing an API strategy is essential to ensuring their organization’s growth and revenue.

At Cloudflare, we're constantly vigilant when it comes to identifying vulnerabilities that could potentially affect the Internet ecosystem. Recently, on September 12, 2023, Google announced a security issue in Google Chrome, titled "Heap buffer overflow in WebP in Google Chrome," which caught our attention. Initially, it seemed like just another bug in the popular web browser. However, what we discovered was far more significant and had implications that extended well beyond Chrome.

Between the time it takes to stand up a new security tool in an IT environment, the resources needed to continually train personnel to effectively use each tool, and the raw cost of the solution itself, enterprise security teams invest quite a lot when introducing new security controls. Solutions that have been in place for a long time have likely grown with the team’s needs, and are well trusted within the organization.

Artificial Intelligence, often abbreviated to AI, refers to the development of computer systems capable of carrying out tasks and rendering decisions that traditionally demand human intelligence. This entails the creation of algorithms and models that empower machines to acquire knowledge from data, discern patterns, and adjust to unique information or scenarios.