API security affected by AI, experts tell IT Brew

First, the good news: The AI revolution is still underway The bad news? Security might be falling by the wayside.

That’s one of the concerns around DeepSeek, the Chinese OpenAI alternative that exploded onto the global scene in January, erasing $1 trillion in technology stocks due to its cost-effectiveness compared to its competitors. It’s not all bad—the new large language model could provide a new way of deploying the technology due to its lower cost. Potential benefits aside, there are questions about how safe it is and how it might introduce vulnerabilities to the overall AI landscape.

Nerve center. For Chuck Herrin, field CISO at application security provider F5, those threats include dangers to application programming interface (API) frameworks across the industry. When the “hype cycle” of AI began in earnest, Herrin said, most APIs weren’t “under control”—meaning that once attackers were able to deploy powerful AI automation, defenders were already on the back foot.

“The rush to ‘AI all the things’ is just exacerbating that attack surface even more with new types of attacks we need to worry about,” Herrin said.

If it turns out DeepSeek was the result of stolen intellectual property, as has been alleged, then that likely happened due to unsecured APIs, Herrin said. These transfer attacks are capable of severe danger for models; attackers can duplicate the AI they infiltrate through the API and then use the clone to perfect their tactics. The answer to these threats, Herrin said, might be to go public.

“It’s very, very difficult to create any kind of a mode or intellectual property protection, which I think is one of the reasons why OpenAI is now considering going open source,” Herrin said. “You just can’t create modes if others can distill your models, and the way they do that is via the APIs.”

Overarching view. For Kate O’Neill, author of What Matters Next: A Leader’s Guide to Making Human-Friendly Tech Decisions in a World That’s Moving Too Fast, the question is how to handle the threat. In her opinion, there’s an important place for regulation in the “Wild West” of how tech is being managed now.

“It would really benefit leaders if there were a more centralized governmental approach to truly researching and understanding these issues and making appropriate regulations appropriate restrictions,” O’Neill said. “Because that would free leaders of a certain level of responsibility.”