Products

Pricing

Test Library

Solutions

Resources

See docs

Start free

Back

Product updates

Introducing AktoGPT to secure APIs

This blog is about the launch of AktoGPT launch, how AktoGPT unleashes the power of GPT to secure APIs!

Akto team

Apr 10, 2023

4 min read

At Akto, we are passionate about securing APIs. As an early stage fast development team, we are always looking out for fastest and innovative ways to serve our customers better. In the last few months, the world has seen crazy power of the GPT model. Our team had been chatting about this beast and had been so wanting to unleash the capabilities of GPT to secure APIs better. When we started experimenting with GPT models on our API data, we knew we are onto something. The results were impressive. We knew we had to share these capabilities with our users. Hence, today we are super excited to announce the launch of AktoGPT to the world to help prioritize your APIs for better security.

We are thrilled to share that Akto is the first API security company to integrate OpenAI's GPT. ✨

AktoGPT is only the beginning of our journey with AI. Our team is exploring the full potential of GPT models to help secure APIs and improve the user experience of our customers. We will bring even more exciting features and tools in the near future. Try now.

What is AktoGPT?

AktoGPT is a new feature that uses the power of GPT model with Akto to solve these three use cases:

  1. Prioritize APIs

  2. Logically group APIs

  3. Find sensitive params in APIs

I will explain these uses cases below.

AktoGPT to prioritize APIs

Typically, the API inventory page has a list of 500-10,000s of APIs and a lot of rich metadata around them. Security teams struggle to prioritize their APIs for security testing. It’s very hard to test all the APIs every week especially if you are doing a manual pentest. If you use simple filters with certain keywords like ‘auth’ or ‘login’ you will only be able to filter APIs which have ‘auth’ in URL. Enters AktoGPT! With AktoGPT, you will be able to find all the APIs based on a few keywords. You simply have to tell AktoGPT to ‘tell me all APIs related to auth’ and it will find all the APIs which are related to auth for you. This is super cool and we have tested in it multiple apps. GPT doesn’t just rely on developer adding auth in the URL. It know APIs so well that it can figure what all APIs might be related to auth and give those APIs. See below example of product APIs through AktoGPT prompt.👇

At Akto, we are passionate about securing APIs. As an early stage fast development team, we are always looking out for fastest and innovative ways to serve our customers better. In the last few months, the world has seen crazy power of the GPT model. Our team had been chatting about this beast and had been so wanting to unleash the capabilities of GPT to secure APIs better. When we started experimenting with GPT models on our API data, we knew we are onto something. The results were impressive. We knew we had to share these capabilities with our users. Hence, today we are super excited to announce the launch of AktoGPT to the world to help prioritize your APIs for better security.

We are thrilled to share that Akto is the first API security company to integrate OpenAI's GPT. ✨

AktoGPT is only the beginning of our journey with AI. Our team is exploring the full potential of GPT models to help secure APIs and improve the user experience of our customers. We will bring even more exciting features and tools in the near future. Try now.

What is AktoGPT?

AktoGPT is a new feature that uses the power of GPT model with Akto to solve these three use cases:

  1. Prioritize APIs

  2. Logically group APIs

  3. Find sensitive params in APIs

I will explain these uses cases below.

AktoGPT to prioritize APIs

Typically, the API inventory page has a list of 500-10,000s of APIs and a lot of rich metadata around them. Security teams struggle to prioritize their APIs for security testing. It’s very hard to test all the APIs every week especially if you are doing a manual pentest. If you use simple filters with certain keywords like ‘auth’ or ‘login’ you will only be able to filter APIs which have ‘auth’ in URL. Enters AktoGPT! With AktoGPT, you will be able to find all the APIs based on a few keywords. You simply have to tell AktoGPT to ‘tell me all APIs related to auth’ and it will find all the APIs which are related to auth for you. This is super cool and we have tested in it multiple apps. GPT doesn’t just rely on developer adding auth in the URL. It know APIs so well that it can figure what all APIs might be related to auth and give those APIs. See below example of product APIs through AktoGPT prompt.👇

At Akto, we are passionate about securing APIs. As an early stage fast development team, we are always looking out for fastest and innovative ways to serve our customers better. In the last few months, the world has seen crazy power of the GPT model. Our team had been chatting about this beast and had been so wanting to unleash the capabilities of GPT to secure APIs better. When we started experimenting with GPT models on our API data, we knew we are onto something. The results were impressive. We knew we had to share these capabilities with our users. Hence, today we are super excited to announce the launch of AktoGPT to the world to help prioritize your APIs for better security.

We are thrilled to share that Akto is the first API security company to integrate OpenAI's GPT. ✨

AktoGPT is only the beginning of our journey with AI. Our team is exploring the full potential of GPT models to help secure APIs and improve the user experience of our customers. We will bring even more exciting features and tools in the near future. Try now.

What is AktoGPT?

AktoGPT is a new feature that uses the power of GPT model with Akto to solve these three use cases:

  1. Prioritize APIs

  2. Logically group APIs

  3. Find sensitive params in APIs

I will explain these uses cases below.

AktoGPT to prioritize APIs

Typically, the API inventory page has a list of 500-10,000s of APIs and a lot of rich metadata around them. Security teams struggle to prioritize their APIs for security testing. It’s very hard to test all the APIs every week especially if you are doing a manual pentest. If you use simple filters with certain keywords like ‘auth’ or ‘login’ you will only be able to filter APIs which have ‘auth’ in URL. Enters AktoGPT! With AktoGPT, you will be able to find all the APIs based on a few keywords. You simply have to tell AktoGPT to ‘tell me all APIs related to auth’ and it will find all the APIs which are related to auth for you. This is super cool and we have tested in it multiple apps. GPT doesn’t just rely on developer adding auth in the URL. It know APIs so well that it can figure what all APIs might be related to auth and give those APIs. See below example of product APIs through AktoGPT prompt.👇

Monthly product updates in your inbox. No spam.

AktoGPT to logically group APIs

We have has so many customers asking us to group APIs according to their functional teams, according to API types and various other criteria. Well, we couldn’t have found a better way to group these APIs. On the inventory page, you can click on AktoGPT button and ask it to group APIs. It will auto group your APIs based on functionality. In the next release, we plan to ask users to auto create collections based on logical groups found by GPT. See below how AktoGPT groups APIs👇

AktoGPT to detect sensitive params in APIs

Finally, while Akto as a product detects sensitive param in APIs, it still needs a lot of definite patterns to detect sensitive APIs. Using ChatGPT, you don’t have to just rely on adding patters to Akto. ChatGPT can use its “intuition” to find out any sensitive params. Say, you see a new API that devs have introduced. You can open it up in Akto and simply ask AktoGPT to find out if it has any sensitive or PII parameters in its payloads. This will again use intuition of ChatGPT to find if any keys or values seems sensitive or private information. See below 👇

‍How we built it?

We have been experimenting and exploring ChatGPT for some time now for API Security cases. We have found ChatGPT’s “intuition” and “information” can empower users in quite a few ways -

  1. What does this API do?

  2. What are other similar APIs? Can you please tell me all APIs which handle order and deliveries?

  3. What APIs are called before or after this API?

  4. What tests should I run on this API? Does SSRF testing makes sense on this API?

  5. If yes, can you please help me write an AWS Metadata SSRF test config for this API?

Being impressed with ChatGPT’s answers, we decided to serve it to our users. Thu(Apr 6, 2023) evening we decided to start with 3 simple use cases and put it in the next release - Mon (Apr 10, 2023). Simple timeline -

  • Thu - Initiation: Decide 3 most simple and obvious use cases for AktoGPT

  • Fri - Design: Start designing the interface. At the same time, start designing backend arch

  • Sat - Action: Get all of UI ready based on the design. Infra up and running using AWS

  • Sun - Fine tune: Improve UI, improve GPT prompts, handle edge cases & large input etc.

  • Mon - Deploy! LFG!: Docs ✅ Demo video ✅ Website update ✅ Blog ✅ Release testing ✅ Social media ✅

We are writing a tech blog about it soon to help those who want to introduce GPT in their product or otherwise.

Welcoming suggestions

We would love your suggestions here. Any accepted suggestion will get you an Akto swag:

Be part of AktoGPT discussions!

To contribute or get the latest on AktoGPT, join our community on Discord, Twitter, LinkedIn and GitHub.

AktoGPT to logically group APIs

We have has so many customers asking us to group APIs according to their functional teams, according to API types and various other criteria. Well, we couldn’t have found a better way to group these APIs. On the inventory page, you can click on AktoGPT button and ask it to group APIs. It will auto group your APIs based on functionality. In the next release, we plan to ask users to auto create collections based on logical groups found by GPT. See below how AktoGPT groups APIs👇

AktoGPT to detect sensitive params in APIs

Finally, while Akto as a product detects sensitive param in APIs, it still needs a lot of definite patterns to detect sensitive APIs. Using ChatGPT, you don’t have to just rely on adding patters to Akto. ChatGPT can use its “intuition” to find out any sensitive params. Say, you see a new API that devs have introduced. You can open it up in Akto and simply ask AktoGPT to find out if it has any sensitive or PII parameters in its payloads. This will again use intuition of ChatGPT to find if any keys or values seems sensitive or private information. See below 👇

‍How we built it?

We have been experimenting and exploring ChatGPT for some time now for API Security cases. We have found ChatGPT’s “intuition” and “information” can empower users in quite a few ways -

  1. What does this API do?

  2. What are other similar APIs? Can you please tell me all APIs which handle order and deliveries?

  3. What APIs are called before or after this API?

  4. What tests should I run on this API? Does SSRF testing makes sense on this API?

  5. If yes, can you please help me write an AWS Metadata SSRF test config for this API?

Being impressed with ChatGPT’s answers, we decided to serve it to our users. Thu(Apr 6, 2023) evening we decided to start with 3 simple use cases and put it in the next release - Mon (Apr 10, 2023). Simple timeline -

  • Thu - Initiation: Decide 3 most simple and obvious use cases for AktoGPT

  • Fri - Design: Start designing the interface. At the same time, start designing backend arch

  • Sat - Action: Get all of UI ready based on the design. Infra up and running using AWS

  • Sun - Fine tune: Improve UI, improve GPT prompts, handle edge cases & large input etc.

  • Mon - Deploy! LFG!: Docs ✅ Demo video ✅ Website update ✅ Blog ✅ Release testing ✅ Social media ✅

We are writing a tech blog about it soon to help those who want to introduce GPT in their product or otherwise.

Welcoming suggestions

We would love your suggestions here. Any accepted suggestion will get you an Akto swag:

Be part of AktoGPT discussions!

To contribute or get the latest on AktoGPT, join our community on Discord, Twitter, LinkedIn and GitHub.

AktoGPT to logically group APIs

We have has so many customers asking us to group APIs according to their functional teams, according to API types and various other criteria. Well, we couldn’t have found a better way to group these APIs. On the inventory page, you can click on AktoGPT button and ask it to group APIs. It will auto group your APIs based on functionality. In the next release, we plan to ask users to auto create collections based on logical groups found by GPT. See below how AktoGPT groups APIs👇

AktoGPT to detect sensitive params in APIs

Finally, while Akto as a product detects sensitive param in APIs, it still needs a lot of definite patterns to detect sensitive APIs. Using ChatGPT, you don’t have to just rely on adding patters to Akto. ChatGPT can use its “intuition” to find out any sensitive params. Say, you see a new API that devs have introduced. You can open it up in Akto and simply ask AktoGPT to find out if it has any sensitive or PII parameters in its payloads. This will again use intuition of ChatGPT to find if any keys or values seems sensitive or private information. See below 👇

‍How we built it?

We have been experimenting and exploring ChatGPT for some time now for API Security cases. We have found ChatGPT’s “intuition” and “information” can empower users in quite a few ways -

  1. What does this API do?

  2. What are other similar APIs? Can you please tell me all APIs which handle order and deliveries?

  3. What APIs are called before or after this API?

  4. What tests should I run on this API? Does SSRF testing makes sense on this API?

  5. If yes, can you please help me write an AWS Metadata SSRF test config for this API?

Being impressed with ChatGPT’s answers, we decided to serve it to our users. Thu(Apr 6, 2023) evening we decided to start with 3 simple use cases and put it in the next release - Mon (Apr 10, 2023). Simple timeline -

  • Thu - Initiation: Decide 3 most simple and obvious use cases for AktoGPT

  • Fri - Design: Start designing the interface. At the same time, start designing backend arch

  • Sat - Action: Get all of UI ready based on the design. Infra up and running using AWS

  • Sun - Fine tune: Improve UI, improve GPT prompts, handle edge cases & large input etc.

  • Mon - Deploy! LFG!: Docs ✅ Demo video ✅ Website update ✅ Blog ✅ Release testing ✅ Social media ✅

We are writing a tech blog about it soon to help those who want to introduce GPT in their product or otherwise.

Welcoming suggestions

We would love your suggestions here. Any accepted suggestion will get you an Akto swag:

Be part of AktoGPT discussions!

To contribute or get the latest on AktoGPT, join our community on Discord, Twitter, LinkedIn and GitHub.

Share this post

Share this post

Share this post

Monthly product updates in your inbox. No spam.

Keep reading

LinkedIn Data Breach
LinkedIn Data Breach
LinkedIn Data Breach

API security breaches

10 mins

LinkedIn Data Breach: 500 million Users Data on sale online and 2 million records Leaked

500 million LinkedIn profiles are being offered for sale on a well-known hacker forum, and an additional 2 million records have been leaked as a sample.

Ensuring API security within the DevSecOps framework
Ensuring API security within the DevSecOps framework
Ensuring API security within the DevSecOps framework

Insights

15 mins

Ensuring API security within the DevSecOps framework

This article aims to shed some light on the convergence of API security and DevSecOps, emphasizing the urgency of strong API security in the current digital landscape.

Cloud Native Applications
Cloud Native Applications
Cloud Native Applications

Insights

27 mins

Securing Cloud-Native Applications in DevSecOps

DevSecOps gives security teams the tools and practices to scale rapidly along with cloud native development. The end result is a robust combination of speed and protection applied from code committed to production runtime.

Learn from academy

What is API?

Types of APIs

REST API

GraphQL

JSON-RPC

XML-RPC

SOAP API

GraphQL vs REST

REST vs SOAP

GET Method

POST Method

PUT Method

DELETE Method

GET vs POST

PUT vs POST

HTTP Status Code

200 Status Code - OK

201 Status Code - Created

204 Status Code - No Content

301 Status Code - Moved Permanently

302 Status Code - Found

304 Status Code - Not Modified

307 Status Code - Temporary Redirect

400 Status Code - Bad Request

401 Status Code - Unauthorized

403 Status Code - Forbidden

404 Status Code - Not Found

500 Status Code - Internal Server Error

502 Bad Gateway

503 Status Code - Service Unavailable

504 Gateway Timeout

GraphQL Authentication and Authorization

GraphQL Query

GraphQL Mutation

GraphQL Introspection

GraphQL Pagination

GraphQL Subscription

GraphQL Fragment

API Documentation

Swagger for API Documentation

OpenAPI Specification

Authentication

Authorization