Product updates
Introducing AktoGPT to secure APIs
This blog is about the launch of AktoGPT launch, how AktoGPT unleashes the power of GPT to secure APIs!


Akto team
Apr 10, 2023
4 min read
At Akto, we are passionate about securing APIs. As an early stage fast development team, we are always looking out for fastest and innovative ways to serve our customers better. In the last few months, the world has seen crazy power of the GPT model. Our team had been chatting about this beast and had been so wanting to unleash the capabilities of GPT to secure APIs better. When we started experimenting with GPT models on our API data, we knew we are onto something. The results were impressive. We knew we had to share these capabilities with our users. Hence, today we are super excited to announce the launch of AktoGPT to the world to help prioritize your APIs for better security.
We are thrilled to share that Akto is the first API security company to integrate OpenAI's GPT. ✨
AktoGPT is only the beginning of our journey with AI. Our team is exploring the full potential of GPT models to help secure APIs and improve the user experience of our customers. We will bring even more exciting features and tools in the near future. Try now.
What is AktoGPT?
AktoGPT is a new feature that uses the power of GPT model with Akto to solve these three use cases:
Prioritize APIs
Logically group APIs
Find sensitive params in APIs
I will explain these uses cases below.
AktoGPT to prioritize APIs
Typically, the API inventory page has a list of 500-10,000s of APIs and a lot of rich metadata around them. Security teams struggle to prioritize their APIs for security testing. It’s very hard to test all the APIs every week especially if you are doing a manual pentest. If you use simple filters with certain keywords like ‘auth’ or ‘login’ you will only be able to filter APIs which have ‘auth’ in URL. Enters AktoGPT! With AktoGPT, you will be able to find all the APIs based on a few keywords. You simply have to tell AktoGPT to ‘tell me all APIs related to auth’ and it will find all the APIs which are related to auth for you. This is super cool and we have tested in it multiple apps. GPT doesn’t just rely on developer adding auth in the URL. It know APIs so well that it can figure what all APIs might be related to auth and give those APIs. See below example of product APIs through AktoGPT prompt.👇

At Akto, we are passionate about securing APIs. As an early stage fast development team, we are always looking out for fastest and innovative ways to serve our customers better. In the last few months, the world has seen crazy power of the GPT model. Our team had been chatting about this beast and had been so wanting to unleash the capabilities of GPT to secure APIs better. When we started experimenting with GPT models on our API data, we knew we are onto something. The results were impressive. We knew we had to share these capabilities with our users. Hence, today we are super excited to announce the launch of AktoGPT to the world to help prioritize your APIs for better security.
We are thrilled to share that Akto is the first API security company to integrate OpenAI's GPT. ✨
AktoGPT is only the beginning of our journey with AI. Our team is exploring the full potential of GPT models to help secure APIs and improve the user experience of our customers. We will bring even more exciting features and tools in the near future. Try now.
What is AktoGPT?
AktoGPT is a new feature that uses the power of GPT model with Akto to solve these three use cases:
Prioritize APIs
Logically group APIs
Find sensitive params in APIs
I will explain these uses cases below.
AktoGPT to prioritize APIs
Typically, the API inventory page has a list of 500-10,000s of APIs and a lot of rich metadata around them. Security teams struggle to prioritize their APIs for security testing. It’s very hard to test all the APIs every week especially if you are doing a manual pentest. If you use simple filters with certain keywords like ‘auth’ or ‘login’ you will only be able to filter APIs which have ‘auth’ in URL. Enters AktoGPT! With AktoGPT, you will be able to find all the APIs based on a few keywords. You simply have to tell AktoGPT to ‘tell me all APIs related to auth’ and it will find all the APIs which are related to auth for you. This is super cool and we have tested in it multiple apps. GPT doesn’t just rely on developer adding auth in the URL. It know APIs so well that it can figure what all APIs might be related to auth and give those APIs. See below example of product APIs through AktoGPT prompt.👇

At Akto, we are passionate about securing APIs. As an early stage fast development team, we are always looking out for fastest and innovative ways to serve our customers better. In the last few months, the world has seen crazy power of the GPT model. Our team had been chatting about this beast and had been so wanting to unleash the capabilities of GPT to secure APIs better. When we started experimenting with GPT models on our API data, we knew we are onto something. The results were impressive. We knew we had to share these capabilities with our users. Hence, today we are super excited to announce the launch of AktoGPT to the world to help prioritize your APIs for better security.
We are thrilled to share that Akto is the first API security company to integrate OpenAI's GPT. ✨
AktoGPT is only the beginning of our journey with AI. Our team is exploring the full potential of GPT models to help secure APIs and improve the user experience of our customers. We will bring even more exciting features and tools in the near future. Try now.
What is AktoGPT?
AktoGPT is a new feature that uses the power of GPT model with Akto to solve these three use cases:
Prioritize APIs
Logically group APIs
Find sensitive params in APIs
I will explain these uses cases below.
AktoGPT to prioritize APIs
Typically, the API inventory page has a list of 500-10,000s of APIs and a lot of rich metadata around them. Security teams struggle to prioritize their APIs for security testing. It’s very hard to test all the APIs every week especially if you are doing a manual pentest. If you use simple filters with certain keywords like ‘auth’ or ‘login’ you will only be able to filter APIs which have ‘auth’ in URL. Enters AktoGPT! With AktoGPT, you will be able to find all the APIs based on a few keywords. You simply have to tell AktoGPT to ‘tell me all APIs related to auth’ and it will find all the APIs which are related to auth for you. This is super cool and we have tested in it multiple apps. GPT doesn’t just rely on developer adding auth in the URL. It know APIs so well that it can figure what all APIs might be related to auth and give those APIs. See below example of product APIs through AktoGPT prompt.👇

Monthly product updates in your inbox. No spam.
AktoGPT to logically group APIs
We have has so many customers asking us to group APIs according to their functional teams, according to API types and various other criteria. Well, we couldn’t have found a better way to group these APIs. On the inventory page, you can click on AktoGPT button and ask it to group APIs. It will auto group your APIs based on functionality. In the next release, we plan to ask users to auto create collections based on logical groups found by GPT. See below how AktoGPT groups APIs👇

AktoGPT to detect sensitive params in APIs
Finally, while Akto as a product detects sensitive param in APIs, it still needs a lot of definite patterns to detect sensitive APIs. Using ChatGPT, you don’t have to just rely on adding patters to Akto. ChatGPT can use its “intuition” to find out any sensitive params. Say, you see a new API that devs have introduced. You can open it up in Akto and simply ask AktoGPT to find out if it has any sensitive or PII parameters in its payloads. This will again use intuition of ChatGPT to find if any keys or values seems sensitive or private information. See below 👇

How we built it?

We have been experimenting and exploring ChatGPT for some time now for API Security cases. We have found ChatGPT’s “intuition” and “information” can empower users in quite a few ways -
What does this API do?
What are other similar APIs? Can you please tell me all APIs which handle order and deliveries?
What APIs are called before or after this API?
What tests should I run on this API? Does SSRF testing makes sense on this API?
If yes, can you please help me write an AWS Metadata SSRF test config for this API?
Being impressed with ChatGPT’s answers, we decided to serve it to our users. Thu(Apr 6, 2023) evening we decided to start with 3 simple use cases and put it in the next release - Mon (Apr 10, 2023). Simple timeline -
Thu - Initiation: Decide 3 most simple and obvious use cases for AktoGPT
Fri - Design: Start designing the interface. At the same time, start designing backend arch
Sat - Action: Get all of UI ready based on the design. Infra up and running using AWS
Sun - Fine tune: Improve UI, improve GPT prompts, handle edge cases & large input etc.
Mon - Deploy! LFG!: Docs ✅ Demo video ✅ Website update ✅ Blog ✅ Release testing ✅ Social media ✅
We are writing a tech blog about it soon to help those who want to introduce GPT in their product or otherwise.
Welcoming suggestions
We would love your suggestions here. Any accepted suggestion will get you an Akto swag:

Be part of AktoGPT discussions!
To contribute or get the latest on AktoGPT, join our community on Discord, Twitter, LinkedIn and GitHub.
AktoGPT to logically group APIs
We have has so many customers asking us to group APIs according to their functional teams, according to API types and various other criteria. Well, we couldn’t have found a better way to group these APIs. On the inventory page, you can click on AktoGPT button and ask it to group APIs. It will auto group your APIs based on functionality. In the next release, we plan to ask users to auto create collections based on logical groups found by GPT. See below how AktoGPT groups APIs👇

AktoGPT to detect sensitive params in APIs
Finally, while Akto as a product detects sensitive param in APIs, it still needs a lot of definite patterns to detect sensitive APIs. Using ChatGPT, you don’t have to just rely on adding patters to Akto. ChatGPT can use its “intuition” to find out any sensitive params. Say, you see a new API that devs have introduced. You can open it up in Akto and simply ask AktoGPT to find out if it has any sensitive or PII parameters in its payloads. This will again use intuition of ChatGPT to find if any keys or values seems sensitive or private information. See below 👇

How we built it?

We have been experimenting and exploring ChatGPT for some time now for API Security cases. We have found ChatGPT’s “intuition” and “information” can empower users in quite a few ways -
What does this API do?
What are other similar APIs? Can you please tell me all APIs which handle order and deliveries?
What APIs are called before or after this API?
What tests should I run on this API? Does SSRF testing makes sense on this API?
If yes, can you please help me write an AWS Metadata SSRF test config for this API?
Being impressed with ChatGPT’s answers, we decided to serve it to our users. Thu(Apr 6, 2023) evening we decided to start with 3 simple use cases and put it in the next release - Mon (Apr 10, 2023). Simple timeline -
Thu - Initiation: Decide 3 most simple and obvious use cases for AktoGPT
Fri - Design: Start designing the interface. At the same time, start designing backend arch
Sat - Action: Get all of UI ready based on the design. Infra up and running using AWS
Sun - Fine tune: Improve UI, improve GPT prompts, handle edge cases & large input etc.
Mon - Deploy! LFG!: Docs ✅ Demo video ✅ Website update ✅ Blog ✅ Release testing ✅ Social media ✅
We are writing a tech blog about it soon to help those who want to introduce GPT in their product or otherwise.
Welcoming suggestions
We would love your suggestions here. Any accepted suggestion will get you an Akto swag:

Be part of AktoGPT discussions!
To contribute or get the latest on AktoGPT, join our community on Discord, Twitter, LinkedIn and GitHub.
AktoGPT to logically group APIs
We have has so many customers asking us to group APIs according to their functional teams, according to API types and various other criteria. Well, we couldn’t have found a better way to group these APIs. On the inventory page, you can click on AktoGPT button and ask it to group APIs. It will auto group your APIs based on functionality. In the next release, we plan to ask users to auto create collections based on logical groups found by GPT. See below how AktoGPT groups APIs👇

AktoGPT to detect sensitive params in APIs
Finally, while Akto as a product detects sensitive param in APIs, it still needs a lot of definite patterns to detect sensitive APIs. Using ChatGPT, you don’t have to just rely on adding patters to Akto. ChatGPT can use its “intuition” to find out any sensitive params. Say, you see a new API that devs have introduced. You can open it up in Akto and simply ask AktoGPT to find out if it has any sensitive or PII parameters in its payloads. This will again use intuition of ChatGPT to find if any keys or values seems sensitive or private information. See below 👇

How we built it?

We have been experimenting and exploring ChatGPT for some time now for API Security cases. We have found ChatGPT’s “intuition” and “information” can empower users in quite a few ways -
What does this API do?
What are other similar APIs? Can you please tell me all APIs which handle order and deliveries?
What APIs are called before or after this API?
What tests should I run on this API? Does SSRF testing makes sense on this API?
If yes, can you please help me write an AWS Metadata SSRF test config for this API?
Being impressed with ChatGPT’s answers, we decided to serve it to our users. Thu(Apr 6, 2023) evening we decided to start with 3 simple use cases and put it in the next release - Mon (Apr 10, 2023). Simple timeline -
Thu - Initiation: Decide 3 most simple and obvious use cases for AktoGPT
Fri - Design: Start designing the interface. At the same time, start designing backend arch
Sat - Action: Get all of UI ready based on the design. Infra up and running using AWS
Sun - Fine tune: Improve UI, improve GPT prompts, handle edge cases & large input etc.
Mon - Deploy! LFG!: Docs ✅ Demo video ✅ Website update ✅ Blog ✅ Release testing ✅ Social media ✅
We are writing a tech blog about it soon to help those who want to introduce GPT in their product or otherwise.
Welcoming suggestions
We would love your suggestions here. Any accepted suggestion will get you an Akto swag:

Be part of AktoGPT discussions!
To contribute or get the latest on AktoGPT, join our community on Discord, Twitter, LinkedIn and GitHub.
Monthly product updates in your inbox. No spam.
Keep reading



API security breaches
10 mins
LinkedIn Data Breach: 500 million Users Data on sale online and 2 million records Leaked
500 million LinkedIn profiles are being offered for sale on a well-known hacker forum, and an additional 2 million records have been leaked as a sample.



Insights
15 mins
Ensuring API security within the DevSecOps framework
This article aims to shed some light on the convergence of API security and DevSecOps, emphasizing the urgency of strong API security in the current digital landscape.



Insights
27 mins
Securing Cloud-Native Applications in DevSecOps
DevSecOps gives security teams the tools and practices to scale rapidly along with cloud native development. The end result is a robust combination of speed and protection applied from code committed to production runtime.
Learn from academy
What is API?
Types of APIs
REST API
GraphQL
JSON-RPC
XML-RPC
SOAP API
GraphQL vs REST
REST vs SOAP
GET Method
POST Method
PUT Method
DELETE Method
GET vs POST
PUT vs POST
HTTP Status Code
200 Status Code - OK
201 Status Code - Created
204 Status Code - No Content
301 Status Code - Moved Permanently
302 Status Code - Found
304 Status Code - Not Modified
307 Status Code - Temporary Redirect
400 Status Code - Bad Request
401 Status Code - Unauthorized
403 Status Code - Forbidden
404 Status Code - Not Found
500 Status Code - Internal Server Error
502 Bad Gateway
503 Status Code - Service Unavailable
504 Gateway Timeout
GraphQL Authentication and Authorization
GraphQL Query
GraphQL Mutation
GraphQL Introspection
GraphQL Pagination
GraphQL Subscription
GraphQL Fragment
API Documentation
Swagger for API Documentation
OpenAPI Specification
Authentication
Authorization