API security leader Salt Security announced a groundbreaking solution aimed at securing AI Agent real-time API actions. LAS VEGAS, Nev., September 15, 2025 – The rapid deployment of agentic AI in enterprises has exposed the API calls made by autonomous agents via protocols such as MCP and A2A, increasing the risk level. It is essential to have API security in place to detect, manage, and implement security measures in real time to foil any AI-malicious activities.
Why AI Agent API Security Matters
The timing of Salt Security’s inventive solution to the problem of AI agent security could not be better, given a report that highlights the increased attack surface for APIs. The “Securing the Future of Agentic AI” report states:
- AI chatbots remain at the center of the conversation as 64% of users experience them more frequently than a year ago, yet only 22% trust sharing their personal data with them.
- Almost half (48%) of organizations that use agentic AI deploy the number of agents between 6 and 20 agents, which leads to a substantial increase in API exposure.
- “The most significant AI security gap for most organizations is not going to be model jailbreaks but the invisible API connections that power the agents,” mentioned Michael Nicosia, Salt Security Co-Founder & COO.
- “Salt closes that gap by persistently finding every API, applying policy governance, and securing it in real time.”
More than three-quarters of organizations now say they use AI in at least one business function, as per McKinsey.
Inside Salt’s New API Guardrails for Agentic AI
Salt Security’s platform has built-in controls over API calls, which are used by the AI agent; thus, the user is required to do only a minimal setup:
MCP Protect: Identifies automatically as well as tracks all interactions with MCP servers, locates sensitive data in motion, and reveals hidden endpoints.
Agentic AI Governance; Pre-installed security measures not only ensure that the agents behave safely but also allow for the early warning of exposure to high risk and security interventions in MCP and A2A environments.
The security features automatically provide security teams with an immediate view, govern that on autopilot, and give them real-time protection from the very first day of the arrival of agentic AI traffic.
Industry Context and Explosive Growth Forecast
Gartner foresees that by 2028, the number of organizations staging AI agents to carry out most of their APIs will be at least four times greater than speech developers. Nonetheless, Salt Securit research reveals that the number of companies that have a dedicated API security solution and are using agentic AI is only 37%.
Nick Rago, VP Product Strategy at Salt Security, stated, “ It is not only what AI voices say, security-wise, but it is also what they do.
Speaking through APIs is the method that AI agents do their tasks; most organizations are not privy to the route. From day one, Salt gives that visibility; thus, in real-time, it can prevent abuse and let the teams innovate with safety. Gartner prediction: 40% of API calls will be agentic AI-driven by 2027.
33% of enterprise software applications will include agentic AI by 2028 (up from <1% in 2024)
Best Practices for Securing APIs Used by AI Agents
Salt Security; debut comes as a perfect match for the most successful industry-standard API governance best practices:
Monitor API Traffic: Employ an AI-driven threat detection system to spotlight irregularities.
Enforce Least Privilege Access Technologies, such as OAuth 2.0 or MFA, can be put in place for AI agents to ensure secure access.
Validate Inputs: Stop attackers one step before they do their dirty job by blocking prompt injection and data poisoning.
Encrypt Sensitive Data: Make use of TLS/HTTPS for data in transit and encryption at rest.
Conduct Regular Pen Tests: Include a CII/CD pipeline-based automated security scanning tool for better security measures.
Building Trust Through Secure APIs
Users need to trust the system: 50% of users are reluctant to give their personal data to AI agents, and 44% say they feel forced to do so. Salt Security fills this trust gap by integrating strong API security into agentic AI, thus allowing organizations to safely unleash their innovative potential while still keeping the data confidential.
Where to See Salt’s Innovations
At CrowdStrike, Fal. Con 2025 (Booth 2018), Salt Security will unveil its AI agent API safety measures and hold the talk “When AI Agents Go Rogue: The Security Gaps You’re Missing” on Tuesday, September 16, 11:00 -11:45 a.m. PDT. The audience will be able to see the AI agent API defense live and even try it out.
A McKinsey survey supports this, showing that 52% of consumers are hesitant to share personal information with AI-powered services without strong security measures.
Key Insights: What Salt Security’s AI Agent API Protection Means
The Real Risk API, Not Just the AI Model: One of the most common mistakes that enterprises make is emphasizing the security of AI models, which is concerned with prompt injection or jailbreak prevention, without giving due consideration to the APIs AI agents call on their own. With Salt Security, the focus is shifted to the actual point of entry that the intruders take advantage of, thus offering enterprises a defending layer that is a step ahead of the attackers.
Immediate Visibility Drives Innovation Further: Organizations with automated discovery of hidden APIs and real-time monitoring can deploy multiple agentic AI solutions without any safety concerns. Also, the risk is reduced with the AI adoption being sped up.
Wisdom Without Trouble: The security measures for AI agents that come with the standard configuration go a long way in alleviating the burden for the security teams. As a result, the adoption of enterprises, especially those without dedicated AI cybersecurity staff, is considerably easier.
Consumer Confidence as a Differentiating Factor: The customer’s trust in AI-driven APIs that are secured is one of the main differentiating factors. Organizations that implement these safeguards can not only position themselves as responsible AI innovators but also as the ones who are less affected by the trust gap occurring from AI data collection.
Countering the Rapid Increase of AI Agents: Eight out of ten API calls will be agentic AI-driven by 2028, according to Gartner. Those enterprises that do not have API security in place will face very serious exposure in the future. With the help of Salt Security’s platform, organizations have the first-day safe management of growth.
FAQs
Q1: What is AI agent API security?
A: AI agent API security is the protection of the APIs that autonomous AI agents interact with, ensuring secure data exchange, preventing unauthorized actions, and safeguarding against AI-driven exploits.
Q2: Why are AI agents creating new API security risks?
A: AI agents execute tasks and get data on their own. They call APIs to do that. The endpoints that they use are the length of the attack surface that they extend. Security approaches that just focus on endpoints are not enough to keep pace with AI agents.
Q3: How does Salt Security protect AI agent APIs in real time?
A: Salt Security is always on the lookout for new APIs; it keeps track of the ways agents interact, it goes through the predetermined research in terms of governance, and it stops suspicious behaviors right away; thus, it closes the access points to cases of data leaks and misuse.
Q4: Can securing AI agent APIs improve consumer trust?
A: Yes. Enterprises can become the bearers of AI features only after they have taken the necessary steps to protect data and effectively apply governance policies for AI agents. Consequently, customer trust and the state of compliance will be enhanced.
For deeper insights on agentic AI governance, identity controls, and real‑world breach data, visit Cyber Tech Insights.
To participate in upcoming interviews, please reach out to our CyberTech Media Room at sudipto@intentamplify.com.
