Latest news with #CequenceSecurity
Zawya
23-07-2025
- Business
- Zawya
Cequence Security launches AI gateway, safely enabling enterprises to realize the promise of agentic AI productivity
Dubai, UAE — Cequence Security, a pioneer in application security, today unveiled the Cequence AI Gateway, a powerful new solution enabling enterprises to take full advantage of the productivity gains promised by agentic AI. Bridging the gap between AI agents and enterprise applications, the AI Gateway enables instant connectivity with the guardrails enterprises need to stay in control. Enterprises, eager to embrace the power of artificial intelligence (AI), have lacked the tools needed to do so safely and efficiently at scale. For CISOs and security-first engineering leaders, the rush to expose applications to agentic AI is outpacing guardrails such as those outlined by the EU AI Act and Anthropic's ASL. CIOs are understandably concerned about the opportunity cost incurred by having to up-skill needed developers. At the same time, they want a solution that accelerates ROI by avoiding insecure, one-off prototypes in favor of a scalable, enterprise-grade solution. Cequence AI Gateway is that missing layer, instantly connecting AI agents to enterprise applications and APIs using emerging standards like the Model Context Protocol (MCP) while enforcing real-time policies that prevent abuse, protect data, and ensure AI acts within bounds. 'The race to adopt agentic AI in enterprises is well underway, but the foundation to support it is immature," said Ameya Talwalkar, CEO and co-founder of Cequence Security. 'This has left organizations backed into a corner, connecting AI agents to critical systems without sufficient security, oversight, or context. With the combination of our Unified API Protection platform and the new AI Gateway, Cequence delivers both sides of the equation: open, seamless access for AI agents, and the enterprise-grade security, governance, and visibility that leaders need to trust this next wave of automation.' The Cequence AI Gateway Advantage: Your AI Easy Button – AI Gateway converts any API into an MCP-compatible endpoint, enabling agentic AI access to any internal, external, or SaaS application in minutes, without coding. Avoids time and costs associated with up-skilling, coding, QA, integration, hosting, and ongoing management. No need to update your solution when new protocol versions emerge, as the AI Gateway handles this for you. End-to-End Authentication and Authorization – OAuth 2.0 IdP support ensures appropriate identity-based access to systems and data, preventing unauthorized AI agent access. Existing solutions lack seamless integration with enterprise IdPs. Monitoring and Visibility of AI Interactions – Real-time visibility into AI-API traffic with full audit logging enables detailed tracking of agent and user behavior, what applications are being accessed, and which API calls are being made via agents. Enterprise-Ready – Unlike alternatives, Cequence is designed for the enterprise, offering a SaaS solution with continuous environment monitoring and discrete pre-prod/prod modes. Integrates with existing infrastructure without disruption. Today, the Cequence Unified API Protection (UAP) platform is used by a broad spectrum of the world's largest organizations to monitor and secure their applications and APIs. The combination of AI Gateway and UAP allows Cequence customers to stop agent-fueled attacks, fraud, and abuse such as the high-profile incidents recently publicized in the news. 'Cequence doesn't just secure applications and APIs. They enable entirely new business models, said Amir Sarhangi, CEO and co-founder of Skyfire, creators of the KYAPay open payment and identity protocol for AI Agents. 'The AI Gateway is critical infrastructure that brings agentic AI into the real world by making secure, compliant access to enterprise APIs scalable and seamless. Cequence is a trusted partner because they know how to protect real time interactions without slowing innovation. It's a critical component as we build the infrastructure that gives AI agents everything they need to transact, including verified identity, real-time micropayments, and instant monetization." Early adopters have been quick to recognize AI Gateway value. 'We were trying to enable a complex, customer-facing agentic application experience, a process we thought would take months,' said an early enterprise customer. 'With Cequence AI Gateway, we went from 'stalled' to 'operational' in under 48 hours. Now, customers can ask natural language questions and get real-time answers, reducing costly support interactions. It solves a real business problem faster and more safely than we thought possible.' 'This launch is a natural evolution of our Unified API Protection platform,' said Shreyans Mehta, CTO and co-founder at Cequence Security. 'We've engineered the AI Gateway to transform any application or API into an MCP-compatible endpoint, with real-time enforcement policies baked in. It's built to meet developers where they are, while giving security teams the control they need. It's not just about enabling agentic AI; it's about enabling it responsibly at scale.' Mehta added: 'Building this requires deep knowledge of how APIs are structured, used, and abused at scale. That's why Cequence is uniquely positioned to enable the next generation of intelligence automation responsibly.' Enabling agentic AI starts at the API layer, and that's where Cequence leads. Cequence was built to solve difficult API security challenges in real time, at scale. While others are still trying to figure out how to safely expose APIs to agentic AI, Cequence brings years of enterprise experience to a problem that demands security-first thinking. It's designed by the same team that protects over 10 billion API interactions daily, and is built to handle the performance, governance, and authentication challenges unique to this new era of AI automation. Availability Cequence AI Gateway: August 2025 Deployment formats: SaaS and Helm chart Additional Resources Learn more on the Cequence AI Gateway product page Discover the full Cequence Unified API Protection platform Follow us on LinkedIn and About Cequence Security Cequence is a pioneer in API security and bot management, making the applications and APIs that organizations depend on AI-ready while protecting them from attacks, business logic abuse, and fraud. Our unique solutions unlock the promise of agentic AI productivity while providing real-time security against increasingly subtle and sophisticated threats. Cequence delivers value in minutes rather than days or weeks with a highly scalable, no-code, no-risk approach. Trusted by the largest and most demanding private and public sector organizations, Cequence protects more than 10 billion daily API interactions and 4 billion user accounts. To learn more, visit Media Contact cequence@
The National
19-06-2025
- The National
WhatsApp security questioned as Israel remains the only known actor to hack it
WhatsApp is facing renewed scrutiny after Iranian state media urged citizens to delete the app and alleged it was sending user data to Israel. The messaging platform, owned by US tech giant Meta, denied the claim and said it was 'concerned these false reports will be an excuse for our services to be blocked at a time when people need them the most'. 'We do not track your precise location, we don't keep logs of who everyone is messaging and we do not track the personal messages people are sending one another,' a statement said. 'We do not provide bulk information to any government.' The timing of the accusation has sparked fresh debate around WhatsApp's security, particularly given that Israel is the only country known to have successfully hacked the platform. Strong encryption? 'WhatsApp uses strong end-to-end encryption, which means only the sender and receiver can read the messages,' said Mohammad Ismail, vice president for EMEA at Cequence Security, a company that offers application programming interfaces security management. "Even WhatsApp itself can't see what's being shared." In practice, this kind of encryption is considered very secure and is trusted by security professionals around the world, he said. "However, the biggest risks usually does not come from the encryption, but from things like someone getting access to your phone or tricking you into revealing your login,' he told The National. Pegasus breach In 2019, the messaging platform filed a lawsuit against Israeli spyware company NSO Group, claiming the firm's Pegasus software had exploited a vulnerability in the app to target more than 1,400 users. Victims included journalists, human rights defenders and activists across several countries. The attack did not compromise WhatsApp's end-to-end encryption. Instead it utilised a 'zero-click' exploit, a method that enables spyware to be installed simply by sending a specially crafted message or call, which triggers the hack without the user needing to click or even see it. Once Pegasus is installed, it can bypass encryption entirely by accessing messages directly, recording calls and even activating the phone's camera and microphone without the user's knowledge, according to the Organised Crime and Corruption Reporting Project. The NSO Group says it licenses Pegasus exclusively to vetted government clients for use in counterterrorism and criminal investigations, and all foreign sales are subject to approval by the Israeli Defence Ministry. Encryption v device-level threats While WhatsApp's encryption remains intact in such cases, security experts warn encryption alone is not enough to protect against sophisticated surveillance tools. Experts say directly breaching WhatsApp encryption is extremely unlikely. 'It would take huge computing power and advanced knowledge, which even most government agencies don't have,' Mr Ismail said. 'Instead, hackers usually go after easier targets, like hacking into your phone, sending fake links, or using spyware.' Technical flaws and metadata risks Subho Halder, chief executive and co-founder of Appknox, a security platform, noted that WhatsApp's encryption protocol, the Signal Protocol, is considered the gold standard in secure messaging. 'WhatsApp's end-to-end encryption remains mathematically unbreakable with today's technology,' Mr Halder told The National. However, a recent scan of WhatsApp's latest Android build (v2.25.9.78) by Appknox uncovered several critical and high-severity implementation flaws, including insecure network configurations, hardcoded secrets and potential file access vulnerabilities. 'These don't break encryption directly, but they expose sensitive data through poor engineering practices,' he added. 'The real risk often lies not in the cryptography, but in how securely it's implemented.' He added that other vectors remain concerning. 'WhatsApp does not encrypt metadata, like who messaged whom, when and for how long, which can still be revealing even without access to the message content,' Mr Halder said. He noted that cloud backups, while now optionally encrypted, have previously posed security risks. Regional distrust The renewed concern over WhatsApp's vulnerability comes amid broader distrust in Meta in the Middle East. Last year, the firm updated its hate speech guidelines to restrict posts referencing Zionists, saying the term was frequently used in way to dehumanise Jews and Israelis. However, researchers and rights groups argue this change has led to the suppression of political speech, especially from pro-Palestinian voices. Meta has been accused of 'shadow-banning' Arabic or Palestine-related content, and Human Rights Watch documented more than 1,000 instances of post removals or demotions on Facebook and Instagram in October and November last year. Wider context in Iran Iran's call to delete WhatsApp is not unprecedented. The app was blocked during nationwide protests in 2022 following the death of Mahsa Amini in police custody. Although the ban was lifted late last year, the government maintains tight control over digital communication and platforms like WhatsApp are widely used via virtual private networks (VPNs). WhatsApp is one of Iran's most popular messaging apps, along with Instagram and Telegram.
Techday NZ
17-06-2025
- Business
- Techday NZ
AI Agents - The struggle to balance automation, oversight, & security
Visa's recent announcement to harness agentic artificial intelligence (AI) for automatically transacting payments on behalf of customers has attracted widespread interest and scrutiny within the technology and security communities. The move, reported by Associated Press, signals a step change in how everyday purchases could be managed in the near future, promising to reduce both friction and manual intervention in digital commerce. James Sherlow, Systems Engineering Director EMEA at Cequence Security, observes that Visa is "betting on AI agents to remove the friction and mundanity of regular purchases by using the technology to hunt for, select and pay for goods and services automatically." He notes that, amid the current climate of multi-level authentication processes, such innovation may prove both groundbreaking and beneficial in deterring fraudsters. However, Sherlow highlights significant hurdles regarding consumer acceptance: "The question remains whether the user will be comfortable giving AI that level of autonomy." Sherlow elaborates on the technical aspects, explaining that Visa intends its AI agents to initially recommend purchases based on learned patterns and preferences, before moving towards more autonomous decision-making. Security remains paramount, with verification to be managed by Visa in a manner analogous to ApplePay, yet now underpinned by AI agents and with Visa handling disputes. He cautions that using AI agents with sensitive personally identifiable information (PII) and payment card industry (PCI) data "could have far reaching ramifications." Clear visibility, accountability, and robust guard rails must be built from the outset, stressing the evolving role of API security, especially as API endpoints become critical to both ecommerce and AI utilisation. Echoing these concerns, information security practitioners point to the risks inherent in delegating decision-making to semi-autonomous systems. Joshua Walsh, Information Security Practitioner at rradar, believes agentic AI offers dramatic gains in productivity and efficiency by automating complex tasks. Still, "this same autonomy also brings serious security and governance risks that must be addressed before deployment to the live environment," he states. Because AI agents operate across multiple platforms and often without direct human oversight, vulnerabilities such as prompt injection or misconfiguration carry disproportionately high risks, potentially leading to compromised data or even regulatory breaches. Walsh underscores accountability as a core issue: "When an agent makes a bad call or acts in a way that could be seen as malicious, who takes responsibility?" He advocates for human-in-the-loop safeguards for high-risk actions, strict role-based access controls, rigorous audit logging, and continuous monitoring—especially where sensitive data is involved. Walsh argues that deploying such capabilities safely requires a foundation of transparency and meticulous, sustained testing before production rollout. Within the broader debate on agentic AI, there is also scepticism about overestimating its capabilities. Roberto Hortal, Chief Product and Technology Officer at Wall Street English, warns that "the promise of AI agents is tempting," but urges caution: "Agents aren't a silver bullet. They're only effective when built with clear goals and deployed with human oversight." Hortal points out that unsupervised use often results in "AI slop," an abundance of low-value output that increases rather than decreases human workload. He draws a parallel to onboarding untested staff, stating, "You wouldn't let a brand-new intern rewrite your strategy or email your customers unsupervised. AI agents should be treated the same." Hortal emphasises the value of keeping AI tightly scoped and always supportive, not substitutive, of human decision-making. Gartner's latest research indicates that so-called "guardian agents" will account for up to 15% of the agentic AI market by 2030, reflecting the heightened importance of trust and security as AI agents proliferate. Guardian agents, according to Gartner, are designed for "trustworthy and secure interactions," acting both as assistants for content review and autonomous overseers capable of redirecting or blocking AI actions to ensure alignment with predefined objectives. In a recent webinar, 24% of CIOs and IT leaders reported already deploying multiple AI agents, while the majority are either experimenting or planning imminent adoption. As agentic AI gains traction across internal administrative and customer-facing tasks, risks including data poisoning, credential hijacking, and agent deviation have come to the fore. Avivah Litan, VP Distinguished Analyst at Gartner, comments, "Agentic AI will lead to unwanted outcomes if it is not controlled with the right guardrails." With the rapid evolution toward complex, multi-agent systems, traditional human oversight is becoming impractical, further accelerating the need for automated, intelligent checks and balances. Gartner recommends organisations categorise guardian agents into three primary types: reviewers (verifying AI-generated content), monitors (tracking agentic actions for follow-up), and protectors (automatically intervening to adjust or block actions as needed). Integration of these roles is expected to become a central pillar of future AI systems, with Gartner predicting that 70% of AI applications will utilise multi-agent approaches by 2028. The debate on agentic AI thus hinges on balancing automation, oversight, and security at unprecedented scale. Visa and other firms setting the pace in this new domain will need to combine technological innovation with careful risk management to achieve both user adoption and operational resilience.
Techday NZ
29-05-2025
- Business
- Techday NZ
Skyfire & Cequence enable secure digital access for AI agents
Skyfire and Cequence Security have announced a partnership aimed at enabling secure, compliant access to digital services for autonomous AI agents. The partnership focuses on integrating Cequence Security's API security and bot management capabilities with Skyfire's payment and identity network, which has been developed specifically for the AI agent economy. Cequence Security reports that it currently secures over 8 billion API interactions daily and protects more than 3 billion user accounts across numerous Fortune 500 and global enterprises. Its existing systems distinguish between malicious and benign bots. With the addition of Skyfire's technology, Cequence's platforms can now identify Skyfire-verified AI agents as trusted automation. The growing role of AI agents as consumers of online services is presenting challenges for both access and security. Many digital platforms require credentials, identity verification, and payment authorisation, which tend to presume the presence of a human user. Without these, AI agents are often blocked from engaging with such services. Skyfire addresses this limitation by providing infrastructure that allows AI agents to present verified credentials and payment methods programmatically. This allows digital services—ranging from paywalled websites to private APIs—to be accessed autonomously and securely, using peer-to-peer connections similar to those used by human users. Cequence's support for the Skyfire identity and payment protocol enables security teams to recognise and authorise verified AI agents while continuing to block untrusted automation that may be associated with scraping, fraud or abuse. Amir Sarhangi, CEO and co-founder of Skyfire, commented, "AI agents aren't just scraping the surface of the web anymore. They're transacting, subscribing, booking, and buying. But they've been locked out by security measures that assume every brand engagement is coming from a user who has fingers and a keyboard. Through our partnership with Cequence, we're enabling an internet where agents are first-class participants in the digital economy, and where identity and security protocols work with them, not against them." Skyfire's protocol assigns AI agents programmable wallets, which can be funded through various sources, including payment cards, ACH, wire transfers, or USDC. These wallets are integrated with identity credentials and payment rules, making them suitable for enterprise use. Cequence Security's bot management platform evaluates a range of behavioural and contextual signals—including new Skyfire-issued identifiers—to enhance trust in automated interactions with business services. The organisations say that this combination addresses the challenge of AI agents accessing valuable digital content behind login walls, anti-bot systems, or compliance requirements that previously blocked non-human users. Securing APIs is evolving beyond simply blocking attacks; there is increased demand to distinguish and enable trusted forms of automation without compromising performance or customer experience. Cequence Security's platform is described as combining API visibility with native enforcement. This approach allows teams to detect abnormal behaviour, interpret intent, and enforce access controls without requiring modifications to their existing applications or deploying additional third-party tools. Where other security approaches may rely on JavaScript, SDKs, or basic risk scores, Cequence employs context-aware detection grounded in traffic patterns and adaptive machine learning to remain ahead of automated threats, while now also authorising verified AI agents. Ameya Talwalkar, CEO of Cequence, said, "Security should never be a barrier to business. Our mission has always been to protect the internet without slowing innovation, and that includes AI agents. With Skyfire, we now have a shared framework to verify and trust additional non-human users at the edge. This unlocks a new era where businesses can safely serve AI agents the same way they serve human users, securely, seamlessly, and at scale." Through this integration, both companies aim to support the emerging needs of the AI agent economy by providing secure, autonomous access to digital services while maintaining compliance and protection against fraud.
Gulf News
02-05-2025
- Gulf News
Is your password an open door to hackers? Why your digital lock needs an upgrade
Dubai: In our increasingly connected world, every device – from smartphones and home security cameras to complex business systems and even medical equipment – acts as a digital door to users' personal information and sensitive data. And the first, most crucial lock on that door? Passwords. As the world marks World Password Day, cybersecurity experts in the UAE are issuing a clear warning: neglecting your digital front door is an open invitation for attackers. While simply 'changing passwords regularly' has been a long-standing advice, the modern threat landscape demands a more sophisticated approach focusing on strength, uniqueness, and smart management. 'Every device that speaks to your network... instantly becomes part of your attack surface,' said Osama Alzoubi, Middle East and Africa Vice President at Phosphorus Cybersecurity. He impressed upon a simple rule: 'If it's connected, it must be protected.' Alzoubi said that many devices, especially the vast and growing fleets of IoT (Internet of Things), are still vulnerable due to default usernames, outdated software, and, perhaps most commonly, reused or weak passwords. These weak spots allow attackers to penetrate networks rapidly. In 2025, with our lives and businesses deeply integrated with digital systems, robust password practices are non-negotiable. Alzoubi uses a relatable analogy: 'Treat passwords like critical supplies: inspect them, change them, and strengthen them regularly, just like changing oil in an engine.' He sees World Password Day as a vital reminder that weak credentials are 'open doors for attackers. Shut them now.' The threat is real Irina Zinovkina, Head of Information Security Analytics Research at Positive Technologies, points to recent data showing that in late 2024 and early 2025, over half (53 per cent) of successful attacks on organisations led directly to the exposure of confidential information. Passwords, she notes, remain a critical defence but are often the 'weakest link.' Experts agree that the traditional password alone isn't enough, especially when it's weak or reused. Mohammad Ismail, Vice President for EMEA at Cequence Security, explains how weak, reused, or generic passwords are easy targets for automated attacks like 'brute force' (guessing many passwords quickly) and 'credential stuffing' (trying leaked username/password combinations from one site on another). 'AI-driven tools have drastically shortened the time needed to crack simple passwords,' Ismail states, putting data at constant risk. A single compromised password can open the door to significant breaches, ransomware, and severe damage. Attackers are no longer just trying their luck manually; they are using automation, machine learning, and AI at an industrial scale to exploit these weaknesses for account takeovers and persistent access within networks. While the concept of forced, frequent password changes without cause is debated and sometimes discouraged by security experts (as it can lead users to choose simpler, easily forgotten passwords), the core principle remains: your passwords must be strong, unique, and managed wisely. So, what are the crucial steps you, as a consumer in the UAE, should take to secure your digital life? Embrace Strength and Uniqueness: Move beyond simple, easily guessable passwords. Think of passphrases – longer, memorable combinations of unrelated words are often much stronger than short, complex ones with confusing symbols. Crucially, never reuse passwords across different accounts. Your other accounts won't be immediately vulnerable if one site is breached. Utilise a Password Manager: Juggling dozens of unique passwords is hard. Password managers are secure applications that generate strong, unique passwords for each site and remember them for you. This is one of the most effective steps you can take. Enable Multi-Factor Authentication (MFA): This is the most critical layer of defence beyond your password. MFA requires a second step to log in, like a code from your phone or a fingerprint scan. Even if an attacker gets your password, they can't get in without this second factor. Enable MFA everywhere it's offered, especially for email, banking, social media, and cloud services. Be Vigilant Against Phishing: Attackers often trick you into revealing your password through fake emails or websites. Be suspicious of unsolicited requests for your login details. Update Weak or Old Passwords: While forced changes might not be ideal, if you know you have old, weak, or reused passwords, update them now to strong, unique ones, preferably using a password manager. Mohammad Ismail of Cequence Security said that while the future might move towards passwordless authentication (like passkeys and biometrics), passwords are still the reality for most accounts today. Therefore, strengthening our current password hygiene is not optional. Protecting yourself in the digital age starts with your password. By making them strong and unique and supporting them with tools like password managers and MFA, you build a stronger defence against the ever-growing wave of cyber threats.
