How to Prevent API Security Risks Caused by AI Agents

As AI agents gain greater autonomy over systems and data, the stakes for API security have never been higher. Developers are increasingly facing complex security challenges, often under tight timelines and evolving threat landscapes.

Join Postman's Pooja Mistry, Senior Developer Advocate, and Sam Chehab, Head of Security and IT, for a practical deep dive into the most common API vulnerabilities today, from over-permissioned AI agents and broken authorization to poor secrets management.

They’ll walk through actionable strategies you can implement right away to build secure APIs from the ground up using tools like OAuth2, JWT, CI/CD integration, spec-first design, and Postman Vault.

📌 Timestamps
0:00 – The Biggest AI Security Fear
0:17 – What to Look for in API Security
0:49 – Common API Security Risks
1:21 – The Importance of OAuth2 and JWT
2:00 – Integrating Security into CI/CD Pipelines
3:06 – Shifting Left: Security for Developers
3:51 – Secret Management and Postman Vault
4:55 – Security vs. Speed in Development
6:01 – AI Agent Permissions & Access Controls
6:45 – #1 Best Practice: Start with an API Spec

What You’ll Learn
- How AI agents introduce new API security risks
- Ways to prevent broken object-level authorization
- How to implement OAuth2, JWT, and mTLS correctly
- Best practices for embedding security into dev workflows
- Safe secrets management using Postman Vault
- Automating API security testing in your CI/CD pipeline

Whether you’re building new APIs or scaling existing ones, this discussion will help you prioritize security without slowing down innovation.

Видео How to Prevent API Security Risks Caused by AI Agents канала Postman