Announcing LLM Enrichments for API Specifications

Author
Brian Joe
Published on
April 16, 2024
Read time
2
Brian Joe
April 16, 2024
2
min

Announcing LLM-Powered API Specification Enrichment

Today we’re excited to announce Specification Enrichment, an LLM-powered enhancement to our API Discovery feature. This enhancement is a copilot bolted onto a SaaS experience—a truly integrated enhancement that helps security teams better understand their risk and makes them more efficient.

LLM-powered Specification Enrichment

This enhancement enriches API descriptions provided by developers or automatically discovered by Impart, and makes them easier for humans to read by generating human readable endpoint descriptions and summaries based on API behavior.  

This helps security teams:

  • More quickly understand the purpose of large collections of endpoints
  • Reduce risk by improving documentation quality with high-quality descriptions that can be sent to engineering teams via developer workflows
  • Become more efficient by being able to use these enhanced API specifications directly in Impart’s integrated API security platform

Here’s what one of our customers said when we showed them the enhancement:

“It’s very cool knowing these API endpoint descriptions were generated via Large Language Models. They’re much easier to understand quickly.”

How API Discovery Helps Security Teams

Endpoint Inventory powered by API Discovery

API Discovery was designed to solve a few customer problems that we heard often from security teams:

  • Not knowing what API endpoints were in production
  • Not knowing what sensitive data was being carried by these APIs
  • Not being able to provide DAST tooling with an endpoint map
  • Not being able to provide DAST tooling with realistic test payloads

To solve these problems, we built an API Discovery solution that worked primarily through observing API traffic. By observing API traffic through multiple integration methods, we are able to determine what endpoints are seeing traffic as well as what the actual payloads are.  

This enables us to build a real-time API specification on the fly with rich detail about API endpoints and parameters, baseline that traffic, and compare live traffic to that baseline to identify risk factors like shadow APIs or non-conforming behavior.  

This API catalog and traffic baseline can be shared directly with DAST tooling such as BURP to enable security teams to easily run tests against different endpoints, without having to spend lots of time identifying what endpoints to test, or analyzing production databases to recreate realistic test payloads.

Schedule a demo at try.imp.art today to learn more about how Impart can help you better manage your API risk efficiently with LLM-powered Specification Enrichment. Also, be sure to follow us on LinkedIn for the latest and greatest.

Subscribe to newsletter

Want to learn more about API security? Subscribe to our newsletter for updates.

By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

See why security loves us

Get a demo