Apidays Paris 2023 - Software and APIs for Smart, Sustainable and Sovereign Societies December 6, 7 & 8, 2023 Cloud APIs, ChatGPT 4-Turbo, and Attack Path Visualization Doug Dooley, COO at Data Theorem ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

1. Cloud External APIs with ChatGPT 4-Turbo
and Attack Path Visualization
AI Innovations bring new attacks to Enterprise APIs

2. Agenda
• Playground has changed for APIs…
• AI innovation makes it easier to find new data insights
• Barriers (costs) are dropping for API experimentation
• Data is AI fuel. APIs are the new charging stations.
• GenAI proliferation accelerates 2024+
• API data consumption will explode alongside AI assistants
• API Security & App, Data, SCS Discovery must evolve.
• Context becomes necessary for API and data safety
• “Attack Path Visualization” helps with security & privacy

3. Playground has changed…
Sam Altman - Nov 7, 2023 at DevDay, OpenAPI’s first conf
“Assistants API will make everything easier.”
“[API] retrieval… and
using your own
functions” makes
better Assistants
Ramon Huet, OpenAI’s head of developer experience

4. ChatGPT 3.0 or earlier = no external APIs (Nov 2022)
gpt-3.0

5. Enterprise API Security & Data Classification
API target: https://retoolapi.dev/rv0soy/sensitivedata
API key: sensitivetH16uqkjUPiTX9T6y8S1E0d8myj39f2j1co0w0EzdKF3RfYmtIymyKJ
Data Theorem (API Secure) Teleskope.ai (Cloud Data Security Platform)
Other Security Tools

6. OpenAI: Nov 7 (Functions & Retrieval)

7. gpt-4.0-turbo
After analyzing the provided API response, I found a total of 42 instances of PII. These instances include credit
card numbers, social security numbers, and zip codes. If you have any further questions or need assistance with
anything else, please let me know.
API Key, OAuth 2.0, Azure AD
ChatGPT 4.0 Turbo = yes to External APIs (Nov 2023)

8. Cost = $0.25-$0.35
2-3X lower cost
with Chat GPT-4

9. Data is AI fuel.
APIs are the charging stations.
Elon Musk - Nov 23,2023 at NYT DealBook summit
“Data is probably more valuable than gold.”

10. Growth of OpenAI

11. AI concepts Generative AI (GenAI)
Foundation
Models
LLM (Large
Language
Models)
ChatGPT
(AI app)
AGI
(Artificial General Intelligence)
Today
Not yet… [process more data]

12. “[Not-for-profit Open AI that I named and help start] should be
renamed Super Closed Source for Maximum Profit AI.”
AGI defined as "smarter than the smartest human at anything…
less than three years away.” said on Nov 23, 2023
How far is AGI from reality?

13. API security and data discovery must evolve.
Satya Nadella, Microsoft - Nov 2023 at Ignite 2023
“We are making the age of AI real for
people and businesses everywhere.”

14. Genie
locked in
a bottle

16. Defending Enterprise APIs and apps…

17. API exploits and vulnerabilities… so what?

18. Visualize the API connective tissue

19. Transparency can improve security
VISUAL
CONTEXT
What?
● Vulnerabilities
● Priority Level
● Data Types
Who?
● Owner
● IAM
● CIEM
When?
● Last Changed
● Last accessed
● Alert Time
How?
● Attack Path
● Public/Private
● Exploit Details
MRI for APIs

20. Attack Path Visualization
MRI for APIs

21. Highlight: API Security Leaders
#1 Pure Play
#3 Overall

22. Comprehensive analyst report
on the broadening landscape
of API Security & Management
New Research: API Security & Mgmt
Alexei Balaganski, Analyst

23. Come see us - Booth #5