An explosion of application program interfaces (APIs) and growing use of AI is set to create significant headaches for enterprises in future unless they move to better secure the API layer and streamline API management.
This is according to Michael Brink, CTO, CASA Software, who says that as organisations become increasingly dependent on a proliferation of APIs and AI adoption soars, managing the associated costs, security and governance risks is proving challenging.
Brink cites a 2025 API Security and Management report by Kuppinger Cole(1) analysts, which finds that APIs are essential for intelligent digital enterprises, and the emergence of AI-native applications has accelerated adoption. The report notes that every LLM integration, agentic AI workflow or autonomous decision system depends on API calls, and that most AI-related vulnerabilities, including prompt injection, data exfiltration or model abuse, are exposed through insecure APIs.
“APIs essentially provide a window to your castle, so poorly secured APIs will allow threat actors easy access,” he says. “There have been a number of hacking events purely via APIs – both globally and in South Africa.
“Managing APIs is traditionally very technical, so you usually require quite a high level of technical ability and skill to use, consume and work with APIs, and to secure the APIs to prevent data leakage and threat actors from using them to access the organisation,” he says.
Brink notes that in many organisations, developers manage APIs, but their primary focus is not on security but getting products to market. “As regulatory bodies turn their attention to API security, we will see more risk and security teams needing to take on this task.”
Broadcom Layer7 API management platform offers an advanced, low-code solution to these challenges. Broadcom Layer7 has long been a market leader in API security, governance and control, with leading local financial services, retail and public sector organisations trusting it for over 15 years, Brink says.
Serving as a single security platform for all web services, APIs and application traffic, Layer7 enhances API security, with operational monitoring and cost management capabilities to simplify API management.
“If you write programs and develop applications, you typically write a lot of security code into that app or the service, but every time you need to make a change or a vulnerability is discovered, you're going to need to update those security routines,” Brink says. “The Layer7 API management platform allows you to manage that in a very effective way by offering a central policy enforcement point. So, you can have ten thousand APIs or services published there and apply a specific policy to all of them at once.”
He confirms that with Layer7, the security operations practice can secure and monitor APIs too, enabling better security enforcement and compliance.
Brink highlights that CASA also integrates data loss prevention with Layer7 to reduce the risk of sensitive information being leaked via public generative AI. “Layer7 can help control and facilitate the interactions and secure the ChatGPT or the Microsoft Copilot API, while CASA has other data leakage capabilities which we integrate with Layer7 to help organisations effectively manage some of the risks,” he says.
He adds that another growing challenge associated with AI is cost: “There is a cost involved in getting the information for large language models. Typically, an enterprise would buy an AI model that's hosted by a provider. You have your content in there and to interact with the AI, you send the data via an API and it responds via that API,” he explains. “With CASA and Layer7, you can set up quotas and implement a chargeback model at the API layer, to control the costs of consuming AI services.”
Layer7 also offers capabilities such as analytics and API operations management, so organisations can monitor how APIs are performing. “Layer7 simplifies the management of every API from inception, right through its life cycle until it's retired,” Brink concludes.
(1) Reference: API Security and Management Alexei Balaganski July 23, 2025; https://www.kuppingercole.com/watch/api-security-new-imperative
Share
CASA Software
CASA Software is a digital transformation organisation comprised of a highly skilled team of technology professionals. The company has over three decades experience in the South African and sub-Saharan ICT industry.
We help customers to transform and optimise ICT operations from mobile to mainframe, including hybrid and multi-cloud, to accelerate innovation while maximising customer value.
We partner with software industry technology leaders to enable our customers to realise the value of AI-driven operations and streamlined automation. Our solutions are designed to assist customers to securely embrace the challenges of digital transformation and the next AI driven era of computing.
Our customers include leaders in finance, telecommunications, retail, and the public sector.
Visit us online here.