Get the New State of AI & API Security Report (H1 2026)

Product

Say Hello to Ask Pepper AI: Turning API Security into a Conversation

December 1, 2025

Eric Schwake
Head of Product Marketing

In the world of cybersecurity, we have a "data" problem. We have more of it than ever before, more logs, more alerts, and definitely more APIs.

But recently, this challenge has compounded. The rise of Agentic AI and Model Context Protocols (MCPs) has exploded the number of machine-to-machine connections in our environments. These agents spin up new pathways and access data in ways that are often invisible to traditional monitoring. Having data isn't enough anymore; you need answers, and you need them fast.

At Salt Security, we pride ourselves on giving you the deepest visibility into your API landscape. But we also know that when you’re investigating a potential breach involving a complex chain of AI agents, you don't want to spend time clicking through dashboards or remembering complex filter syntax.

You just want to ask the question and get the answer.

Today, we are thrilled to announce the launch of Ask Pepper AI, a generative AI-powered engine that transforms the Salt Security platform into a conversational partner capable of answering questions across your entire security posture, Inventory, Compliance, and Threats.

The End of "Dashboard Fatigue"

We built Ask Pepper AI to solve a specific friction point: the gap between intent and insight.

Traditionally, finding "all external-facing APIs that accept file uploads and have no authentication" required knowledge of our filtering system. This was powerful but could be slow during a crisis.

With Ask Pepper AI, the interface disappears. You simply type: "Show me unauthenticated APIs allowing file uploads."

Ask Pepper AI understands your intent, queries your specific inventory, posture, and threat data, and presents the results instantly. It democratizes security data, making deep insights accessible to developers, junior analysts, and executives alike.

Taming the Complexity of Agentic AI

This capability is especially critical for the new wave of Agentic AI. As developers deploy MCP servers to connect LLMs to your internal data, the "who, what, and where" of your API traffic gets murkier.

Ask Pepper AI acts as a flashlight in this new dark room. You can use it to instantly cut through the complexity of these new architectures without needing to understand the underlying plumbing.

What Can You Ask Pepper?

Ask Pepper AI isn’t a generic chatbot; it is deeply integrated with the Salt API Protection Platform. It knows your Inventory, your Posture Gaps, your API Labels, your Risk Scores, and your active Threat Alerts.

Here are just a few ways our customers are already using it:

  • Triage Faster (Inventory): "What APIs have the highest Risk Score?" Instead of sorting columns, get an immediate list of critical assets, including risky MCP servers.
  • Check Compliance (Posture): "Which APIs are Authentication APIs?" or "Do I have any APIs exposing PII without encryption?" Instantly validate your compliance stance without digging through reports.
  • Spot Attacks (Threats): "Show me all APIs that have experienced a BOLA attack in the last 24 hours." Quickly pivot from proactive governance to reactive threat hunting.
  • Deep Dive (Context): "Give me a summary of my highest risk API, including its open Posture Gaps." Pepper synthesizes data, explaining why an asset is risky by pulling together context that might be scattered across different views.

Powered by AWS Bedrock

To build Ask Pepper AI, we needed a foundation model that was fast, accurate, and, most importantly, secure. That is why we chose to build on Amazon Bedrock.

By leveraging AWS Bedrock, we ensure that Ask Pepper AI delivers enterprise-grade performance while maintaining the strict data privacy and security standards our customers expect. It allows us to bring the power of Generative AI to your fingertips without compromising on security.

Complexity, Simplified

The H2 2025 State of API Security Report showed that organizations are struggling with visibility; only 19% are very confident in their API inventory. As Agentic AI adds more moving parts to that inventory, that confidence will only drop further without the right tools.

Ask Pepper AI is our answer to that complexity. It’s not just a new feature; it’s a new way to interact with your security stack. It ensures that no matter how complex your API ecosystem gets, the answers you need are always just one question away.

If you want to learn more about Salt and how we can help you, please contact us, schedule a demo, or visit our website. You can also get a free API Attack Surface Assessment from Salt Security's research team and learn what attackers already know.

Categories

Customer
Product
Industry
Technical
Company
Salt Labs

Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

Our latest posts

Industry
Your AI Agents Are Already Acting. The Question Is Whether You Can See What They’re Doing.
Michael Callahan
 |
May 13, 2026

The future of AI in the enterprise will be defined by how safely organizations allow their agents to act.

Read more
Industry
You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be.
Roey Eliyahu
 |
April 22, 2026

We've been saying for months that MCP servers are the most dangerous unmonitored layer in your agentic infrastructure. This proves it.

Read more
Industry
Claude Mythos Changed Everything. Your APIs Are the First Target.
Roey Eliyahu
 |
April 14, 2026

The question is no longer whether AI can hack at scale. We now know it can. The question is whether your attack surface is ready.

Read more