Salt Security has unveiled its “12 Months of Innovation” recap, a holiday-inspired look at the company’s product, partnership, and research momentum across 2025. As organisations raced to adopt AI agents, MCP servers and cloud-native architectures, Salt delivered an unmatched innovation “gift” to the industry almost every month, helping security teams keep pace with an expanding API attack surface.
From discovering zombie APIs and blind spots across the API fabric to securing AI agents and protecting MCP actions at runtime, Salt’s 2025 roadmap focused on one goal: giving security teams the visibility and control they need at the API action layer where applications, data, and AI intersect.
“In 2025, APIs didn’t just power applications, they powered AI agents, automation, and entire digital business models,” said Roey Eliyahu, co-founder and CEO at Salt Security. “That shift created massive new risk across the API fabric. Our team responded with a steady drumbeat of innovation across the year, so customers weren’t left defending yesterday’s problems while attackers moved on to tomorrow’s opportunities.”
The 12 Months of Innovation: A Year of Gifts for Security Teams
January – The Year Kicks Off with APIs at the Center
Salt Labs and early-year research showed how quickly API traffic and risk were growing, from zombie and unmanaged APIs to software supply chain vulnerabilities, setting the stage for why 2025 demanded a new approach to securing the API fabric. Security teams saw clearly that legacy tools weren’t built for dynamic, AI-driven environments.
February – A Spotlight on API Reality
Salt published its State of API Security Report and celebrated key industry recognition such as inclusion in top security lists, providing hard data on how fast API risk is growing. For CISOs and boards, the message was simple: API security is no longer a niche problem – it’s a core business issue.
March – Gold Medals & Rising Shadows
Salt’s innovation earned industry awards, including a Gold Globee, even as new blogs and research detailed how compliance pressure, data privacy obligations, and AI-driven attacks were expanding the API attack surface. Excellence and urgency moved in lockstep.
April – A Season of Partnerships & Paradigm Shifts
Salt deepened integrations with leading security platforms, including CrowdStrike, and strengthened protections for MCP server–driven architectures. These partnerships gave customers richer context and made it easier to bring Salt’s API intelligence into existing security workflows, connecting more of the enterprise API fabric into a cohesive defence.
May – The Cloud Era Gets Real
With cloud-native adoption surging, Salt expanded coverage for leading cloud environments and partners, powering posture governance, risk-aware recommendations, and alignment with emerging insurance and regulatory expectations. API security moved squarely into the boardroom.
June – Illuminate Everything
Salt launched Salt Illuminate along with expanded Cloud Connect capabilities, giving customers instant visibility into APIs across complex multi-cloud and hybrid environments. What was previously blind – shadow, zombie, and unmanaged APIs – suddenly came into view across the API fabric.
July – CISOs Sound the Alarm
Research and blogs from Salt Labs highlighted high-profile AI incidents, including conversational AI mishaps like the McDonald’s chatbot breach, and introduced Salt Surface to help organisations directly tackle their exposed API footprint. Visibility turned into prioritised, actionable defence.
August – Autonomous Everything
As organisations embraced autonomous workflows, Salt advanced protections for autonomous threat hunting and AI-driven security use cases, underscoring the inseparability of APIs and AI. The message: you can’t secure intelligent autonomy without securing the APIs – and API fabric – that power it.
September – Securing the AI Agent Revolution
Salt introduced the industry’s first solution to secure AI agent actions across APIs and MCP servers, protecting sensitive operations from prompt injection, abuse, and unintended access. This launch moved AI agent security from theory to practical, enforceable controls at the API action layer.
October – The Blind Spots Strike Back
New Salt data revealed the hidden risks in AI agent deployments and complex API ecosystems. Through detailed vulnerability breakdowns and guidance, Salt gave security and development teams the education and clarity they needed to modernise their security posture and better understand blind spots across their API fabric.
November – Security Starts in Code
Salt launched GitHub Connect and MCP Finder, enabling customers to discover shadow APIs, spec mismatches, and risky MCP configurations directly in code repositories and CI/CD pipelines – before deployment. Shift-left security met shift-right runtime intelligence across the API lifecycle, connecting design, code, and runtime behaviour.
December – Hello, Pepper
Salt closed the year by introducing Ask Pepper AI, a conversational assistant powered by the Salt platform, alongside MCP protection for AWS WAF. Security teams can now ask questions, investigate threats, and operationalise Salt insights in natural language while enforcing protection at the edge for MCP-aware and AI-driven applications.
“Instead of a partridge in a pear tree, security teams got 12 months of very real innovation – spanning discovery, governance, runtime protection, MCP and AI agent security, and now conversational investigation with Ask Pepper AI,” said Michael Callahan, CMO at Salt Security. “This year, customers told us they needed both visibility and speed. Our roadmap delivered both, and the market response has been tremendous. We delivered more API and AI security innovation in 2025 than any other player in our space.”
Looking Ahead to 2026
As organisations move deeper into AI-driven operations, agentic workflows, and API-centric architectures, Salt will continue to invest in securing the API action layer and API fabric – the place where AI, applications, and data intersect.
“In 2026, we expect APIs to become even more tightly woven into autonomous systems and mission-critical workflows,” added Eliyahu. “We’re already building the next wave of innovations so our customers can safely move faster than their adversaries.”
