Shadow APIs and zombie APIs — undocumented or abandoned endpoints that still accept traffic — are the attack surface most organizations cannot see. Salt Security automatically discovers every API across clouds, environments, and microservices by analyzing live traffic, surfacing shadow, zombie, and third-party endpoints that no inventory tool or manual audit can catch. Government departments running hybrid cloud environments with years of accumulated services face exactly this risk: attackers exploit what the security team does not know exists. The most damaging API attacks — Broken Object Level Authorization (BOLA), data exfiltration, and business logic abuse — do not trigger signature-based rules because the requests look legitimate in isolation. Salt’s AI-based runtime engine builds a behavioral baseline for every user and every API, detecting low-and-slow reconnaissance patterns that precede these attacks. This is directly relevant to federal systems handling personal, financial, and national security data, where a single compromised object-level authorization flaw can expose millions of records without triggering conventional alerting. As federal departments adopt AI agents and Model Context Protocol (MCP) servers to automate workflows, the API attack surface expands to include every action an AI agent can trigger across enterprise systems. In March 2026 Salt launched the industry’s first Agentic Security Platform, combining Agentic Security Posture Management (AG-SPM) and Agentic Detection and Response (AG-DR) to continuously discover LLM connectivity, MCP servers, and the APIs they invoke — and detect abuse or anomalous agent-driven behavior in real time. Gartner projects that by 2028, 80% of enterprise API consumption will come from AI agents rather than human developers. Salt Security has raised $281M from investors including Sequoia Capital, Y Combinator, and CrowdStrike, carries a $1.4B valuation, and protects more than 100 global enterprises including Siemens, Aon, American Airlines, and AstraZeneca. In 2025, the EMA PRISM Report awarded Salt a perfect Platinum score across all four API security evaluation categories — the highest possible rating — and Salt won Gold at the 2025 Globee Cybersecurity Awards for API security excellence. For government procurement teams, this level of analyst and investor validation signals a platform with long-term viability, not a point solution at risk of disappearing.

Content Development Hooks:

Procurement Vehicles

Featured Procurement Vehicles

Artificial Intelligence Scribe
DIVA
SLSA
Learning Management VOR
OECM
IT Security Products and Services
SaaS SA
Mandates

Featured Mandates

Resources

Related Content

Delivering Solutions to Canadian Government — Quickly, Compliantly

Looking for additional information? DCI can provide guidance on procurement pathways, solution alignment, and public sector engagement.

  • Procurement expertise
  • Solution alignment
  • Public sector insight
  • Strategic guidance
Speak with our team