Cequence Security, Inc - Experts & Thought Leaders
Latest Cequence Security, Inc news & announcements
Cequence Security, a pioneer in API security and bot management, announces significant enhancements to its Unified API Protection (UAP) platform to deliver the industry’s first comprehensive security solution for agentic AI development, usage, and connectivity. This enhancement empowers organisations to secure every AI agent interaction, regardless of the development framework. By implementing robust guardrails, the solution protects both enterprise-hosted AI applications and external AI APIs, preventing sensitive data exfiltration through business logic abuse and ensuring regulatory compliance. Ensuring regulatory compliance There is no AI without APIs, and the rapid growth of agentic AI applications has amplified concerns about securing sensitive data during their interactions. These AI-driven exchanges can inadvertently expose internal systems, create significant vulnerabilities, and jeopardise valuable data assets. This new layer of security enables customers to detect and prevent AI bots such as ChatGPT Recognising this critical challenge, Cequence has expanded its UAP platform, introducing an enhanced security layer to govern interactions between AI agents and backend services specifically. This new layer of security enables customers to detect and prevent AI bots, such as ChatGPT from OpenAI and Perplexity from harvesting organisational data. Unidentified user agents Internal telemetry across Global 2000 deployments shows that the overwhelming majority of AI-related bot traffic, nearly 88%, originates from large language model infrastructure, with most requests obfuscated behind generic or unidentified user agents. Less than 4% of this traffic is transparently attributed to bots like GPTBot or Gemini. Cequence’s ability to detect and govern this traffic in real time, despite the lack of clear identifiers, reinforces the platform’s unmatched readiness for securing agentic AI in the wild. External AI harvesting attempts Key enhancements to Cequence’s UAP platform include: Block unauthorised AI data harvesting: Understanding that external AI often seeks to learn by broadly collecting data without obtaining permission, Cequence provides organisations with the critical capability to manage which AI, if any, can interact with their proprietary information. Detect and prevent sensitive data exposure: Empowers organisations to effectively detect and prevent sensitive data exposure across all forms of agentic AI. This includes safeguarding against external AI harvesting attempts and securing data within internal AI applications. The platform's intelligent analysis automatically differentiates between legitimate data access during normal application usage and anomalous activities signalling sensitive data exfiltration, ensuring comprehensive protection against AI-related data loss. Discover and manage shadow AI: Automatically discovers and classifies APIs from agentic AI tools like Microsoft Copilot and Salesforce Agentforce, presenting a unified view alongside customers’ internal and third-party APIs. This comprehensive visibility empowers organisations to easily manage these interactions and effectively detect and block sensitive data leaks, whether from external AI harvesting or internal AI usage. Seamless integration: Integrates easily into DevOps frameworks for discovering internal AI applications and generates OpenAPI specifications that detail API schemas and security mechanisms, including strong authentication and security policies. Cequence delivers powerful protection without relying on third-party tools, while seamlessly integrating with the customer’s existing cybersecurity ecosystem. This simplifies management and security enforcement. Enterprise software applications "Gartner® predicts that by 2028, 33% of enterprise software applications will include agentic AI, up from less than 1% in 2024, enabling 15% of day-to-day work decisions to be made autonomously. We’ve taken immediate action to extend our market-renowned API security and bot management capabilities," said Ameya Talwalkar, CEO of Cequence. Ameya Talwalkar adds, "Agentic AI introduces a new layer of complexity, where every agent behaves like a bidirectional API. That’s our wheelhouse. Our platform helps organisations embrace innovation at scale without sacrificing governance, compliance, or control." These extended capabilities will be generally available in June.
Cequence Security, a pioneer in API security and bot management, announced that it has achieved Amazon Web Services (AWS) Security Competency status in the Cyber Security category. This designation highlights Cequence's proven ability to meet AWS’s rigorous standards for delivering cutting-edge cybersecurity solutions to AWS customers. The AWS Security Competency directly aligns common customer use cases to AWS Partner capabilities, accelerating positive security outcomes. Cequence AWS Security achievement Cequence AWS Security Competency attainment highlights the firm's validated expertise across seven types This Cequence AWS Security Competency achievement highlights the company’s validated expertise across seven foundational categories of cybersecurity use cases: Perimeter Protection, Identity and Access Management, Threat Detection and Response, Infrastructure Protection, Data Protection, Compliance and Privacy, and Application Security. Partners that excel across all seven foundational security categories unlock the exclusive opportunity to qualify for the prestigious 8th designation: Core Security Partner. Each foundational category contains multiple cybersecurity capabilities, each with technical and operational requirements. Cybersecurity solutions from AWS Partners In 2022, AWS revamped the AWS Security Competency program to streamline access for customers, ensuring they can confidently adopt cybersecurity solutions from AWS Partners that have been rigorously validated by AWS. AWS security experts annually validate the tools used and operational processes of each AWS Security Competency partner to address specific cloud security challenges aligned to the categories and use cases that they have applied for. Cequence's advanced expertise commitment AWS Security Competency provides a faster and easier experience for customers to select the right AWS Partner The AWS Security Competency provides a faster and easier experience for customers to select the right AWS Partner to help them achieve their goals for business risk and cloud strategy confidence. Cequence proudly earns the distinguished AWS Security Competency, underscoring its leadership in API security and bot management making it a premier AWS Partner. This achievement highlights Cequence's advanced expertise and unwavering commitment to delivering cutting-edge cybersecurity solutions that meet AWS's rigorous standards for protecting cloud environments. Agility and innovation of AWS “Cequence is excited to achieve AWS Security Competency status,” said Ameya Talwalkar, CEO at Cequence Security. “This milestone reflects our dedication to empowering organisations to secure their API ecosystems." "By harnessing the agility and innovation of AWS, we equip businesses to defend against sophisticated bot attacks and API abuse, allowing them to focus on growth and innovation with confidence. Together with AWS, we provide the expertise needed to navigate the complexities of API security, ensuring that organisations can operate resiliently and securely.” Advanced cybersecurity solutions AWS empowers organisations, from startups to global enterprises, with scalable, flexible, and cost-effective solutions. To ensure seamless integration and deployment of these solutions, AWS established the AWS Competency Program, designed to help customers identify trusted AWS Partners with deep industry expertise. As an AWS Security Competency Partner, Cequence stands at the forefront, delivering advanced cybersecurity solutions tailored to safeguard cloud environments while leveraging the full power of AWS.
Cequence Security, a pioneer in API security and bot management, unveiled new insights from its CQ Prime threat research team that reveal a surge in cyber threats as businesses race to comply with the March 31 PCI DSS 4.0 deadline. The research underscores the escalating risks of API-driven fraud, credential stuffing, and payment system abuse, particularly in retail and financial services. Drawing on billions of real transactions and attack data from Cequence’s Unified API Protection (UAP) platform, the report highlights the growing attack surface cybercriminals exploit in payment infrastructure, loyalty programs, and product pricing systems. Key findings Scale of Credential Attacks: As the PCI DSS 4.0 deadline approaches, automated fraud is accelerating. More than 300 million account takeover (ATO) attempts were blocked in the past year, illustrating the growing scale of credential stuffing attacks. Retail’s High-Stakes Battleground: Retailers faced 66.5% of all malicious traffic, highlighting their vulnerability due to high transaction volumes and fragmented security postures. Product Search & Pricing Abuse: A staggering 822 million attempts were blocked as 89% of non-ATO bot-driven attacks focused on scraping product pricing. This enables competitive algorithm manipulation, scalping, and real-time price undercutting of legitimate retailers. Loyalty Rewards Abuse: Over 22 million fraudulent attempts were blocked as attackers exploited loyalty programs, treating reward points like cash. These accounts are frequently drained due to easier liquidation than stolen credit cards, often going undetected until significant losses occur. Shopping Cart & Inventory Abuse: Nearly 6 million attacks were prevented as fraudsters weaponised automation to hoard high-demand products. Credit Verification Fraud: Over 69 million attempts were blocked as cybercriminals mass-tested stolen credit card details through low-risk transactions before making larger fraudulent purchases, fuelling the circulation of compromised payment data. Traditional security defences for API PCI DSS 4.0 introduces critical security updates, many businesses still struggle with API protection “PCI DSS 4.0 is pushing businesses to modernise security, but many are still scrambling to catch up, giving attackers the perfect opportunity to strike,” said Randolph Barr, CISO at Cequence. “Account takeovers remain the biggest threat, but we’re also seeing a wave of new, highly sophisticated attacks exploiting every stage of the digital payment process. The common thread? APIs. Attackers are sidestepping traditional security defences and going straight for API endpoints that handle cardholder data - one of the most critical yet overlooked vulnerabilities. Businesses that focus only on compliance risk falling behind.” While PCI DSS 4.0 introduces critical security updates, many businesses still struggle with API protection, an area that attackers are actively exploiting. Key actions of Cequence To ensure compliance while defending against real-world threats, Cequence recommends these key actions: Ensure Secure Data Transmission: Encrypt all Primary Account Number (PAN) information when transmitted over open, public networks to prevent unauthorised access. Secure API Endpoints: Identify all API endpoints that transmit PAN and ensure they only transmit encrypted PAN, reducing the risk of data exposure. Proactively Identify Vulnerabilities: Inspect custom application code for security flaws before deployment using automated tools to identify risks in APIs, third-party integrations, and custom applications. Continuously Test and Monitor: Regularly test APIs and applications for misconfigurations or vulnerabilities before production and monitor them for anomalous or malicious behaviour in real time. Deploy Automated Preventative Controls: Use security solutions that prevent both conventional attacks and business logic abuse while ensuring sensitive data is not exposed to unauthorised entities. Implement Real-Time Threat Prevention: Identify and block malicious traffic before it reaches your applications using intelligent, automated security mechanisms.
The ultimate guide to mastering key control
DownloadUsing artificial intelligence (AI) to automate physical security systems
DownloadA modern guide to data loss prevention
Download7 proven solutions for law enforcement key control and asset management
DownloadThe truth behind 9 mobile access myths
Download