Akamai API Security Enhancements
The recent Akamai API Security updates 3.45 and 3.46 introduce support for GenAI and LLM API discovery, automatic testing for discovered APIs, a compliance dashboard, new quick filtering capabilities, and more.
Quick Filters
Akamai API Security now includes Quick Filters — a faster, more intuitive way to find what matters most across your API inventory, findings, and incidents pages. While our advanced filters give users detailed control, Quick Filters simplify day-to-day workflows by surfacing the five most relevant filters by default, based on the page you’re on.
Located right at the top of key pages, Quick Filters allow you to instantly narrow down results using easy drop-down menus. You can customize filters as needed or add new ones to focus your analysis. This streamlined experience helps reduce noise, accelerate investigations, and enable faster, more informed decisions — all with just a few clicks (Figure 1).
Fig. 1: Quick Filters user interface
To learn more about API Security filtering capabilities, please see the documentation.
GenAI and LLM API tagging
As organizations increasingly adopt GenAI and LLM services, securing these AI-powered APIs has become essential.
Akamai API Security now automatically discovers and tags GenAI and LLM API endpoints, creating a comprehensive, continuously updated inventory (Figure 2). This helps eliminate visibility gaps and ensure that all AI-related APIs are properly monitored, reducing the risk of shadow AI, data leaks, and unauthorized use.
Fig. 2: New GenAI and LLM tags
This feature also helps organizations meet compliance requirements by providing visibility into AI data flows and enabling enforcement of policies aligned with privacy regulations like the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA). By continuously identifying and classifying GenAI and LLM APIs, Akamai empowers security teams to stay ahead of emerging risks in AI-driven environments.
To learn more about GenAI and LLM API tagging, please see the documentation.
Compliance Dashboard
Our new Compliance Dashboard offers a centralized view that helps you assess how your APIs align with critical security and privacy frameworks, including the Payment Card Industry Data Security Standard (PCI DSS) v4.0, the GDPR, and ISO-27001. It also incorporates the MITRE ATT&CK vulnerability framework, providing deeper insights into potential risks and vulnerabilities associated with your APIs.
This consolidated view means you can quickly pinpoint which APIs meet compliance requirements and which need attention, significantly simplifying audit preparation and ongoing risk assessments (Figure 3).
Fig. 3: The new Compliance Dashboard user interface
To give you even clearer visibility, we've added intuitive widgets such as "Compliant APIs vs. Non-Compliant APIs," "Open Findings vs. Closed Findings," and a comprehensive "Framework Issues Summary" table. Additional widgets like "Detected Findings vs. Closed Findings" and "Datatype Tags" help you swiftly categorize and prioritize compliance tasks.
With these capabilities, you'll be better equipped to close compliance gaps proactively, clearly demonstrate progress toward regulatory alignment, and confidently navigate audits.
To learn more about the Compliance Dashboard, please visit the documentation.
Automatic testing for APIs
Akamai API Security now includes automatic testing for discovered GET APIs, helping security teams catch authentication issues earlier and with less manual effort. This feature uses our Active Testing engine to run nonintrusive, unauthenticated tests for two common vulnerabilities: Missing Authentication and Malformed Authentication.
These tests are conducted automatically and require no additional setup — improving your security posture with continuous, real-world validation of API behavior (Figure 4).
Fig. 4: New testing for APIs in your library
By combining traffic-based insights with active testing, this feature uncovers vulnerabilities that passive observation alone might miss. It integrates seamlessly into existing workflows, helping teams streamline remediation without adding complexity.
To learn more about API testing, please see the documentation.
Programmatic management of API Groups
You can now create, modify, retrieve, and delete API Groups via our Management API. API Groups are logical collections of APIs organized around business domains, applications, or specific services.
With this capability, organizations gain more flexibility and precision in managing and displaying APIs, ensuring that each team has access to exactly the APIs they need. By using API Groups, you can streamline visibility and enforce role-based access control, efficiently assigning the right APIs to the appropriate development and operational teams.
To learn more about using our Management API, please see the documentation.
Discovery of OpenAPI specs in on-prem GitHub repositories
We've enhanced our existing API discovery capabilities — now you can automatically identify and import OpenAPI specifications directly from your on-premises GitHub deployments (Figure 5). This ensures your API inventory is always comprehensive — even capturing APIs not yet observed through live traffic.
Fig. 5: Automatically identify and import OpenAPI specifications directly from your on-premises GitHub
Additionally, by comparing developer-defined specifications against automatically generated specs derived from actual API traffic, you can quickly identify deviations and potential risks. You can also apply automated style guideline checks to these specifications, helping enforce consistency, detect programming errors early, and maintain high-quality, reliable API definitions across your entire codebase.
To learn more about integrating Akamai API Security with GitHub, please see the documentation.
Store and manage Azure Connector secrets with Azure Key Vault
Akamai API Security now supports secure storage of Azure Connector secrets using Azure Key Vault, enhancing the protection of sensitive credentials used to monitor your Azure APIs. The connector, deployed in your Azure environment, handles traffic inspection for your APIs. With this update, all connector secrets, including the source key and application secret, are now stored securely in Azure Key Vault during deployment (Figure 6).
Fig. 6: Azure Connector deployment user interface
For added flexibility, you can also use your own existing Azure Key Vault, giving you greater control over secret management. To apply this update, simply download and reinstall the Azure Connector.
Learn more
Please review the release notes for additional information about Akamai API Security 3.45.