Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We’ve all heard the myth: goldfish have a memory span of just a few seconds. While that’s debatable in marine biology circles, it’s useful as a metaphor in tech, especially when talking about memory, risk, and AI. The problem is, large language models (LLMs) are not goldfish. In fact, they have incredible memory. And increasingly, that memory isn’t just session-based. It’s persistent, long-term, and system-connected. That changes everything.

We’re at a major inflection point in how software operates. And I don’t say that lightly. For the past decade, we’ve seen a steady evolution toward microservices, APIs, and cloud-native architectures. But Agentic AI is something different. We’re no longer talking about static services. We’re now dealing with autonomous agents that reason, remember, and act in real-time across live environments.

In June 2025, a disturbing security failure surfaced involving McDonald’s AI-powered hiring assistant, Olivia, operated by Paradox.ai. The platform, designed to screen job applicants via chatbot, exposed the personal information of over 64 million people. That included names, contact info, shift preferences, and even chat transcripts. The root cause? A combination of missteps that highlight the growing risk of insecure APIs in modern, AI-driven systems.

I’ve seen this story before, and I’m seeing it again. When we founded Salt Security in 2016, APIs already powered the digital economy, Kubernetes started to accelerate the growth of APIs, yet almost nobody was monitoring them. Visibility was near zero, context was missing, and protection was an afterthought. Fast-forward to 2025, and the same blind spot is forming, only bigger. AI agents are no longer just generating content; they are also creating it.

In today’s digital-first world, APIs serve as the core infrastructure of modern business. They power mobile applications, facilitate critical cloud integrations, and support digital transformation initiatives. It's therefore understandable that 73% of CISOs consider API security a top or critical concern. However, a recent survey of 300 security leaders uncovers a troubling paradox: a large gap between awareness and action.

Traditionally, securing APIs in AWS has involved a frustrating trade-off. Obtaining a full view of your API Fabric requires weeks or months of deploying various agents, setting up traffic analysis, and enduring lengthy professional services engagements. The outcome? An unacceptably slow time-to-value that keeps you unaware of potential risks for too long. The main issue hasn't only been locating APIs, but also the extensive wait to identify them. But what if that trade-off is no longer necessary?

APIs are essential, but they also represent a growing and complex risk to your organization. Intricate application architectures and an ever-evolving threat landscape already make API security a constant challenge. The increasing reliance on APIs by new technologies, including AI, further amplifies this risk.

Your business depends on APIs, which are essential for contemporary digital experiences, encompassing everything from mobile applications and IoT devices to the rapidly evolving AI landscape. With more than 80% of internet traffic now routed through APIs—a number projected to rise significantly due to AI developments—their security is crucial. Unfortunately, this vital infrastructure faces growing attacks, with these threats being a real and current danger to many.

APIs are the backbone of modern business. They connect services, power user experiences, and enable innovation at breakneck speed. But they’ve also become one of the largest, most complex threat surfaces out there—and traditional security approaches just aren’t cutting it. At Salt Security, we’ve spent years pioneering API protection. And today, we’re thrilled to announce our biggest leap forward yet. Meet Salt Illuminate.