BLOG

Protect AI innovation on AWS with API security

Dave Morrissey Thumbnail
Dave Morrissey
Published August 21, 2025

As more and more organizations pursue AI, they increasingly rely on APIs to connect AI models to applications and data for training and inference. However, the more API connections, the higher the risk. Threat actors can abuse APIs to exfiltrate data, jailbreak AI models, and even steal the models themselves. 

A single AI application can have hundreds of API endpoints that are difficult for security teams to track, and configurations are only getting more complicated. According to Gartner, more than 30% of the increase in demand for APIs will come from AI and tools using large language models (LLMs) by 2026.1

Don’t neglect the security infrastructure of APIs used for AI. These APIs require extra due diligence to help protect you and your AI investments from advanced exploits, as well as unique oversight and authentication considerations.

Why you need robust API security

Without API security, your AI models face numerous threats such as prompt injections, model extraction, or the sheer chaos of shadow APIs, which are APIs outside your visibility and beyond your control. Shadow APIs often result from well-intentioned team members who create new API endpoints without the proper security oversight, resulting in blind spots that make it difficult to track who or what is accessing which AI models. 

You also need to be mindful that without the proper guardrails, API endpoints can leak personally identifiable information (PII) or intellectual property during interactions, revealing more than intended from seemingly innocent prompts. If APIs lack rate limiting, they can also be overwhelmed with requests and become vulnerable to denial-of-service (DoS) attacks, leading to service degradation and high compute costs. 

Five key elements to look for in API security

Protecting your AI models and apps requires a comprehensive approach to API security that addresses discovery, authentication, and the elevated risk of AI-specific threats. You want to prioritize the following capabilities:

  • Continuous discovery monitors for any new API endpoints that connect to AI services, enabling real-time visibility. 
  • Access controls ensure that new API endpoints follow due process for authentication and enforce the principle of least privilege—no higher access than is needed.
  • Input/output validation checks all data going to and from AI models to prevent malicious prompts from coming in or sensitive data from going out.
  • Rate limiting enforces thresholds for API calls, preventing systems from being overloaded, as in the case of a DoS attack.
  • Anomaly detection, like in any monitoring software, checks for suspicious behaviors in regular traffic patterns.

How you can enable complete AI protection on AWS

Successful AI is one part development and one part security. Services like Amazon Bedrock, Amazon SageMaker, and Amazon CodeWhisperer allow you to use popular foundation models or build and scale your own with AI-powered development. F5 complements these AWS services with a set of solutions that enables critical API security and integrates the five capabilities explored in the previous section. 

The first solution you should consider is F5 Distributed Cloud API Security, which automatically identifies and maps new API endpoints even if they were created through shadow IT. This enables deeper visibility, so you can more easily enforce security policies and protect APIs from abuse, data leakage, and unauthorized access.

Next, F5 Managed Rules for AWS WAF is a collection of pre-configured rulesets available on the AWS Marketplace and designed to integrate with AWS WAF. These API-specific rulesets provide an additional layer of defense, and they’re continuously updated by F5 security experts to keep up with the latest threats. 

Both solutions work to prevent unauthorized access to models, protect your sensitive data and intellectual property, and ensure AI remains available for legitimate use, whether by human or machine entities.

Innovate faster with more confidence and control

When it comes to your AI initiatives, AWS provides the foundation, and F5 provides the security. F5 solutions integrate with the CI/CD pipeline, allowing your teams to move fast while getting the protection you need. Worry less about threats like prompt injection and model manipulation, or the chance that AI could disclose sensitive data. 

These solutions are easy to deploy on the AWS cloud, and they improve visibility into your infrastructure so you can address shadow IT practices before they spiral out of control. Together, AWS and F5 help you navigate the growing complexity of AI, so you can add all the data sources and APIs you need to achieve success.

Learn more at F5 on Amazon Web Services (AWS).

Also, read my previous blog post, Build fast, secure data pipelines for AI training on AWS.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

1Gartner, "Gartner Predicts More Than 30% of the Increase in Demand for APIs will Come From AI and Tools Using Large Language Models by 2026," March 20, 2024