API security leader Salt Security has announced a groundbreaking solution aimed at securing AI agent real-time API actions at CrowdStrike Fal.Con 2025.

The rapid deployment of agentic AI in enterprises has exposed the API calls made by autonomous agents via protocols such as MCP and A2A, increasing the risk level. It is essential to have API security in place to detect, manage, and implement security measures in real time to foil any AI-malicious activities.

According to Salt Security’s latest research titled “Securing the Future of Agentic AI: Building Consumer Trust Through Robust API Security,” businesses are rapidly integrating agentic AI across a broad spectrum of operations. These operations include:

  • content generation
  • data analytics
  • customer engagement
  • fraud detection
  • supply chain management
  • internal process automation

As adoption accelerates, agentic AI is becoming a central part of core business functions for boosting efficiency and unlocking new avenues for innovation.

Why AI Agent API Security Matters

The timing of Salt Security’s inventive solution to the problem of AI agent security could not be better, given a report that highlights the increased attack surface for APIs. The “Securing the Future of Agentic AI” report states:

  • AI chatbots remain at the center of the conversation, as 64% of users experience them more frequently than a year ago, yet only 22% trust sharing their personal data with them.
  • Almost half (48%) of organizations that use agentic AI deploy between 6 and 20 agents, which leads to a substantial increase in API exposure.
  • “The most significant AI security gap for most organizations is not going to be model jailbreaks but the invisible API connections that power the agents,” mentioned Michael Nicosia, Salt Security Co-Founder & COO.
  • “Salt Security closes that gap by persistently finding every API, applying policy governance, and securing it in real time.”

More than three-quarters of organizations now say they use AI in at least one business function, as per McKinsey

Inside Salt’s New API Guardrails for Agentic AI

Salt Security’s platform has built-in controls over API calls, which are used by the AI agent; thus, the user is required to do only a minimal setup:

MCP Protect: Automatically identifies and tracks all interactions with MCP servers, locates sensitive data in motion, and reveals hidden endpoints.

Agentic AI Governance: Pre-installed security measures not only ensure that the agents behave safely but also allow for the early warning of exposure to high risk and security interventions in MCP and A2A environments.

The security features automatically provide security teams with an immediate view, govern that on autopilot, and give them real-time protection from the very first day of the arrival of agentic AI traffic.

Industry Context and Explosive Growth Forecast

Gartner foresees that by 2028, the number of organizations deploying AI agents for API tasks will be at least four times greater than the number of speech developers.

From a business perspective, agentic AI is no longer a niche experiment—it’s becoming a core operational force.

Securing the Future of Agentic AI: Building Consumer Trust Through Robust API Security
Source: Securing the Future of Agentic AI: Building Consumer Trust Through Robust API Security, by Salt Security

Nearly half of organizations (48%) leverage between 6 and 20 different AI agents, while 19% are managing 21 to 50. In total, 37% of companies report 1–100 active AI agents powering their systems, and almost one-fifth (18%) operate between 501 and 1,000. This scale of deployment underscores how deeply AI agents are being embedded into business processes, driving efficiency, innovation, and competitive advantage.

Nick Rago, VP Product Strategy at Salt Security, said, “From a security standpoint, it’s not just about what AI agents say, it’s what they actually do. AI agents act through APIs, MCP, and A2A, but most organizations don’t have visibility into those actions. Salt gives you that visibility from day one, puts the right guardrails in place, and protects against abuse and AI logic attacks in real time so your teams can move fast with confidence.”

Gartner prediction: 40% of API calls will be agentic AI-driven by 2027. 

33% of enterprise software applications will include agentic AI by 2028 (up from <1% in 2024) 

Best Practices for Securing APIs Used by AI Agents

Salt Security solution’s debut comes as a perfect match for the most successful industry-standard API governance best practices:

  • Monitor API Traffic: Employ an AI-driven threat detection system to spotlight irregularities.
  • Enforce Least Privilege Access Technologies, such as OAuth 2.0 or MFA, can be put in place for AI agents to ensure secure access.
  • Validate Inputs: Stop attackers one step before they do their dirty job by blocking prompt injection and data poisoning.
  • Encrypt Sensitive Data: Make use of TLS/HTTPS for data in transit and encryption at rest.
  • Conduct Regular Pen Tests: Include a CI/CD pipeline-based automated security scanning tool for better security measures.

Building Trust Through Secure APIs

Users need to trust the system: 50% of users are reluctant to give their personal data to AI agents, and 44% say they feel forced to do so. Salt Security fills this trust gap by integrating strong API security into agentic AI, thus allowing organizations to safely unleash their innovative potential while still keeping the data confidential.

Where to See Salt’s Innovations

At CrowdStrike, Fal. Con 2025 (Booth 2018), Salt Security will unveil its AI agent API safety measures and hold the talk “When AI Agents Go Rogue: The Security Gaps You’re Missing” on Tuesday, September 16, 11:00-11:45 a.m. PDT. The audience will be able to see the AI agent API defense live and even try it out.

A McKinsey survey supports this, showing that 52% of consumers are hesitant to share personal information with AI-powered services without strong security measures.

Key Insights: What Salt Security’s AI Agent API Protection Means

The Real Risk API, Not Just the AI Model: One of the most common mistakes that enterprises make is emphasizing the security of AI models, which is concerned with prompt injection or jailbreak prevention, without giving due consideration to the APIs AI agents call on their own. With Salt Security, the focus is shifted to the actual point of entry that the intruders take advantage of, thus offering enterprises a defending layer that is a step ahead of the attackers.

Immediate Visibility Drives Innovation Further: Organizations with automated discovery of hidden APIs and real-time monitoring can deploy multiple agentic AI solutions without any safety concerns. Also, the risk is reduced with the AI adoption being sped up.

Wisdom Without Trouble: The security measures for AI agents that come with the standard configuration go a long way in alleviating the burden for the security teams. As a result, the adoption of enterprises, especially those without dedicated AI cybersecurity staff, is considerably easier.

Consumer Confidence as a Differentiating Factor: The customer’s trust in AI-driven APIs that are secured is one of the main differentiating factors. Organizations that adopt these safeguards can be seen as responsible AI innovators and are better able to bridge the trust gap caused by AI data collection.

Countering the Rapid Increase of AI Agents: Eight out of ten API calls will be agentic AI-driven by 2028, according to Gartner. Those enterprises that do not have API security in place will face very serious exposure in the future. With the help of Salt Security’s platform, organizations have safe management of growth.

FAQs

Q1: What is AI agent API security?

A: AI agent API security is the protection of the APIs that autonomous AI agents interact with, ensuring secure data exchange, preventing unauthorized actions, and safeguarding against AI-driven exploits.

Q2: Why are AI agents creating new API security risks?

A: AI agents execute tasks and get data on their own. They call APIs to do that. The endpoints that they use are the length of the attack surface that they extend. Security approaches that just focus on endpoints are not enough to keep pace with AI agents.

Q3: How does Salt Security protect AI agent APIs in real time?

A: Salt Security is always on the lookout for new APIs; it keeps track of the ways agents interact, it goes through the predetermined research in terms of governance, and it stops suspicious behaviors right away; thus, it closes the access points to cases of data leaks and misuse.

Q4: Can securing AI agent APIs improve consumer trust?

A: Yes. Enterprises can become the bearers of AI features only after they have taken the necessary steps to protect data and effectively apply governance policies for AI agents. Consequently, customer trust and the state of compliance will be enhanced.

For deeper insights on agentic AI governance, identity controls, and real‑world breach data, visit Cyber Tech Insights.

To participate in upcoming interviews, please reach out to our CyberTech Media Room at sudipto@intentamplify.com.