Podcast series: The Security Strategist Guest: Chip Witt, Principal Security Analyst at Radware Host: Richard Stiennon, Chief Analyst Researcher at IT-Harvest When attackers target modern enterprises, they don’t break in; they log in. This insight came from the recent episode of The Security Strategist Podcast, where host Richard Stiennon, a cybersecurity analyst and Chief Analyst Researcher at IT-Harvest, speaks to Chip Witt, Principal Security Analyst at Radware. The conversation spotlights a critical issue faced by most enterprises – defending APIs as if they are just infrastructure while attackers exploit them as part of the business logic. That gap represents the real risk. How are Enterprises Shifting Towards Intent-Aware Protection? As enterprises speed up their use of serverless architectures, microservices, and AI-driven applications, API sprawl intensifies. With sprawl, the security model cannot remain unchanged while the application structure evolves. According to Witt, the future of API security must be intent-aware. Protection should assess whether a sequence of calls makes sense within its context for the user, system, or resource initiating them. Simply confirming identity is not enough; security also needs to validate behaviour. Zero trust principles have reshaped strategies for networks and identities. APIs now require similar scrutiny—not just at the perimeter, but within the workflow itself. APIs are no longer just back-end connectors; instead, they are now the visible surface of the enterprise. The most concerning attacks are not brute-force attempts. Most distressing attacks, in fact, are authenticated actions carried out with malicious intent. Organisations that continuously track their APIs, enforce strict authorisation, and identify workflow misuse in real time can significantly reduce their risk of breaches. More importantly, they can align security with the business pace. In today’s digital economy, APIs are the product. Takeaways APIs are your primary business attack surface, not back-end infrastructure. Most damaging API attacks use valid credentials and exploit weak authorisation. Visibility gaps and API drift quietly expand your exposure over time. Machine-to-machine identities often carry excessive, unmonitored privileges. Runtime, intent-aware detection is now essential to stopping business logic abuse. Chapters 00:00 Introduction to API Security 02:04 Understanding API Misconceptions 04:49 Current API Threat Landscape 06:43 Business Logic Abuse in APIs 09:11 Challenges in API Security 12:03 Runtime Protection and Intent Detection 13:40 Key Takeaways for IT Decision Makers For more information, please visit em360tech.com and radware.com Follow: @EM360Tech on YouTube, LinkedIn and X @enterprisemanagement360 Radware YT: @radware Radware LinkedIn: https://www.linkedin.com/company/radware/ Radware X: @radware #APISecurity #BusinessLogicAbuse #AuthenticatedAttacks #RuntimeProtection #IntentAwareSecurity #Radware #Cybersecurity2026 #OWASP #BusinessLogic #ZeroTrust #TechPodcast #EnterpriseSecurity #IntentAwareProtection #TheSecurityStrategist #Cybersecurity

Can Your Observability Stack Handle 24/7 Agentic Query Volume?
21 views

Agentic AI is changing Cybersecurity in 2026
22 views

Coding Agents are an identity problem in 2026
20 views

Claude Mythos and the future of cybersecurity
29 views

AI Hype vs Reality: What Security Leaders Are Getting Wrong
23 views

Why Most Enterprise AI Investments Fail to Deliver ROI
25 views