Get the New State of AI & API Security Report (H1 2026)

Industry

The Next Security Frontier: AI Agents, MCP, and the Coming API Wave

July 9, 2025

Roey Eliyahu
CEO & Co-founder

I’ve seen this story before,  and I’m seeing it again.

When we founded Salt Security in 2016, APIs already powered the digital economy, Kubernetes started to accelerate the growth of APIs, yet almost nobody was monitoring them. Visibility was near zero, context was missing, and protection was an afterthought.

Fast-forward to 2025, and the same blind spot is forming, only bigger.

AI agents are no longer just generating content; they are also creating it. They are being widely deployed, making decisions, triggering workflows, and moving money. Every one of those actions rides on an API, brokered by the emerging Model Context Protocol (MCP). MCP defines:

  • what an agent knows
  • what it may do
  • how it reasons and when it calls downstream services

MCP is the connective tissue between LLMs, autonomous agents, and your production systems. That connective tissue is powerful, but also exploitable. A single poisoned prompt, an over-permissive role, or an unmonitored callback can turn an agent into a Trojan horse with unfettered access to sensitive data.

And it’s not just a technical risk; it’s a business risk too.  Think about the ramifications of an AI agent going rogue and how that could affect your business.  It could leak sensitive information, trigger fraudulent transactions, and destroy customer trust in an instant.  

If you cannot see how AI agents are using APIs, you cannot secure them.

Modern AI agents interact with internal and external services almost exclusively through APIs.  

What does this mean to you and your business?

We’re about to see API traffic explode — 100x growth, driven by machines talking to machines.  

That’s why we’re expanding the vision of how Salt helps customers.

We’re not just securing APIs.

We’re securing AI agents, LLMs, and the MCP layer that connects them to your business.

We’re giving organizations:

  • Full visibility into which agents and MCP servers are running — and where
  • Governance over what they can access and do
  • Context to understand how agents are using APIs
  • Detection when something goes wrong

We created Salt because we saw the future of software.

This next chapter, with AI agents reasoning and acting through APIs, is that future, accelerating even faster than we expected.

And just like before, it needs security built for what’s really happening.

There is a right way to deploy AI agents securely. And Salt is building it.

Our team is ready to show you today how to deploy AI agents securely. Schedule a call with one of our AI security experts.

—Roey Eliyahu, Co-Founder & CEO, Salt Security

Categories

Customer
Product
Industry
Technical
Company
Salt Labs

Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

Our latest posts

Industry
Your AI Agents Are Already Acting. The Question Is Whether You Can See What They’re Doing.
Michael Callahan
 |
May 13, 2026

The future of AI in the enterprise will be defined by how safely organizations allow their agents to act.

Read more
Industry
You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be.
Roey Eliyahu
 |
April 22, 2026

We've been saying for months that MCP servers are the most dangerous unmonitored layer in your agentic infrastructure. This proves it.

Read more
Industry
Claude Mythos Changed Everything. Your APIs Are the First Target.
Roey Eliyahu
 |
April 14, 2026

The question is no longer whether AI can hack at scale. We now know it can. The question is whether your attack surface is ready.

Read more