Afcacia

After identifying more than 100 data leaks with credit card information and finding over 1,000 broken verificati0n issues through its rugged testing module, Akto is building a plug-and-play application programming interface (API) security platform to prevent further leakage.

The data security start-up also announced a $4.5 million seed funding round led by Accel India with participation from angel investors Akshay Kothari (co-founder and COO of Notion), Renaud Deraison ( co-founder Tenable) and Milin Desai (CEO of Sentry) among others.

Being the first plug-n-play API security platform, Akto noted that last year, API traffic grew by 700%.

The firm stated that thousands of APIs are used every day by over 30 million app developers, globally.

Co-founder at Akto, Ankita Gupta said, ” We learned that the biggest challenge facing teams seeking API security solutions is that it takes months to try them. We have set out to create a solution that is not only fast to act but super easy to deploy. The plug-and-play element means that our customers can get an instant inventory of APIs within 2 minutes.”

According to Gartner, a technological research and consulting firm based in Stamford, by 2022 API waves of abuse will be the most frequent attack vector resulting in data breaches.

APIs are said to carry very delicate data that once leaked can expose companies’ privacy, hence causing harm beyond repair.

“These APIs carry sensitive data of users which if leaked can cause irreparable damage to companies. Securing these APIs during the development cycle becomes paramount, especially with the movement towards a more agile and continuous release cycle.”

Co-founder of Akto, Ankush Jain who has been handling data for over 10 years said, “Current solutions give high false positives and to solve this problem I strongly believe that API security testing must be context-aware and should discover deep business logic vulnerabilities. To derive context, we apply AI/ML to analyze all of the application traffic. We have built an engine that can process Google-scale traffic (10B requests/day) with 0 performance impact in real-time.”

The start-up deploys in less than a minute to create an inventory of APIs, detects PII data leaks, and misconfigurations and continuously tests these APIs for business logic flaws like broken authentication and authorization in CI/CD pipeline.

“Akto is the most lightweight API security platform, requiring zero manual configuration to get started within a minute. It mirrors traffic from the customer’s cloud – AWS and GCP and provides instant visibility to security teams which otherwise would have taken months of back and forth with developers. Akto currently discovers more than 100,000 APIs for its customers around the world.”

A free chrome extension called AKTO MINI used to generate a quick inventory of APIs and detect PII data leaks without having to deploy anything, is another development by Akto.

“AKTO MINI has already generated interest from security engineers and developers who have generated their API inventory instantly for free. We have just launched the chrome extension – AKTO MINI and are extending it as a full-fledged open source project.”

 

The new investment enables the firm to integrate with all CI/CD tools enabling developers to run checks before deploying APIs.

“This provides comprehensive coverage of business logic tests and improves the platform by building stronger AI/ML capabilities. Our vision is to enable the 30 million developers and security engineers to secure their APIs in less than 60 seconds,” added Mr Jain.

Partner at Accel India, Prayank Swaroop, Partner,  referred APIs as the glue that enables any software to provide rich functionality, hence should be protected.

“Securing APIs requires identifying complex patterns of API misuse – moreover this has to be done in the DevSecOps pipeline following a Shift-Left approach, without taking a lot of time from engineering teams. In the current market, all the solutions overwhelm security teams by throwing a lot of false positives. Akto’s approach and tech address all of these problems and provide a reliable, scalable, easy-to-install and accurate API security solution. We are very excited to be a part of their journey,” said Mr Swaroop.

Akto is currently securing thousands of APIs of some of the largest fintech and SaaS companies across the globe.