Get the New State of AI & API Security Report (H1 2026)

August 5, 2025

Salt Security Launches First-of-its-Kind Autonomous Threat Hunting to stop Stealthy business Logic API Attacks

Capability automates the work of an expert SOC analyst, transforming isolated anomalies into a complete attack story with unmatched context and precision.

PALO ALTO, Calif., August 5, 2025Salt Security, the leader in API security, today announced the launch of Autonomous Threat Hunting, a powerful new capability integrated into the Salt Security API Protection Platform. Building on Salt’s patented intent engine, this innovation automates the investigative work of an expert SOC analyst to uncover the full narrative behind sophisticated API attacks that remain invisible to other tools.

As APIs become the backbone of modern digital services, they also present an increasingly attractive target for attackers who exploit an application's unique business logic and mimic legitimate user behavior. Designed to fly under the radar, these slow-and-low threats easily bypass traditional defenses, putting sensitive data at risk.  Salt’s new Autonomous Threat Hunting capability closes this detection gap by identifying malicious intent hidden within seemingly benign API activity.

Autonomous Threat Hunting leverages advanced AI, machine learning, and deep contextual analysis to connect the dots across disparate API calls, surfacing coordinated attack campaigns that would otherwise go unnoticed. It transforms isolated anomalies into a unified, actionable attack story, empowering security teams to respond faster and more effectively.

“Attackers are no longer just breaking in; they are using legitimate API functionality to walk out the front door with your most valuable data,” said Roey Eliyahu, CEO and co-founder of Salt Security. “With Autonomous Threat Hunting, we are automating the very tradecraft of a security analyst to find these attacks. We’re not just finding more anomalies; we are delivering the ground truth on the real threats to your business.”

Key Benefits of Autonomous Threat Hunting Include:

  • Uncover Complete Attack Campaigns: Detects sophisticated, low-and-slow attacks that evade traditional defenses by analyzing behavior over time and across sessions.
  • Eliminate False Positives and Alert Fatigue: Reduces false positives by distinguishing between benign anomalies and truly malicious activity, allowing teams to focus on real threats.
  • Safeguard Against Business Logic Abuse: Identifies abuse of API functionality that could lead to data exfiltration, fraud, or unauthorized access.
  • Stop Novel and Zero-Day Attacks: Learns from each organization’s unique API usage patterns to detect novel threats without relying on signatures.

From Anomaly to Attack Narrative

For example, an attacker may begin by making a valid API call to view their own account, then subtly alter identifiers in subsequent requests to probe for unauthorized access. While each request may appear harmless in isolation, Salt’s Autonomous Threat Hunting capability correlates these actions, recognizes the enumeration pattern, and reveals the attacker’s true intent—preventing data theft before it occurs.

Availability

Autonomous Threat Hunting is now generally available as a core component of the Salt Security API Protection Platform.

Salt Security will be showcasing its latest innovations at Black Hat USA, August 5-6, 2025, at Booth #5711. Attendees are invited to:

  • See Autonomous Threat Hunting in Action: Schedule a personalized demo to see how Salt's Intent Engine uncovers a full attack story from seemingly benign API traffic. Read the blog here.
  • Request a Complimentary API Attack Surface Assessment: Separately, attendees can also request a free, evidence-based assessment to discover their own external API risks and vulnerabilities.

To schedule a meeting or request your assessment, visit link here.

Back to News Releases