Additional Info

Company size (employees)100 to 499
Headquarters RegionNorth America


Founded in 2016, Salt Security has revolutionized API Security by building a solution that leverages big data along with machine learning (ML) and artificial intelligence (AI) to discover all unique APIs and enable early detection of attackers. Through its flagship offering, the Salt Security API Protection Platform, organizations are able to protect their APIs across build, deploy, and runtime phases. Through its unique API Context Engine (ACE) architecture, the Salt platform is able to discover all APIs and the sensitive data that they expose; stop API attackers; provide remediation insights during the build phase to harden APIs; prevent data exfiltration, account takeovers, and service disruption; and simplify compliance.

Conventional security tools such as Web Application Firewalls (WAFs) and management tools like API gateways cannot protect against today’s modern API attacks because their proxy architecture validates API transactions one at a time and detects only known attacks. They have no ability to correlate activity over time and therefore cannot identify the reconnaissance activities that bad actors must perform to learn the unique business logic of an API and propagate a successful API attack.

In contrast, Salt Security taps its big data engine to collect and analyze the activity of millions of users and APIs in parallel. This architecture allows the Salt platform to piece together the subtle probing of an attacker during reconnaissance, assess the risk of all their activity, and pinpoint and stop them early in their process. This process turns attackers into penetration testers who provide valuable feedback that developers can leverage to eliminate API vulnerabilities. These correlated insights help reduce the number of alerts, eliminate false positives, and allow incident response teams to quickly assess alerts and block attackers before they reach their ultimate objective. The platform also identifies API vulnerabilities in pre-production testing and scanning.

How we are different

1. The Salt Security API Protection Platform has been in the market the longest, so its algorithms are the most advanced. The company also boasts the most customers, the fastest growth, the most application environments and ecosystem integrations supported, the most use cases enabled, and the most API traffic protected - setting the standard for API protection for security teams and the organizations they protect.

2. Salt Security holds the only granted patent for using AI to identify and prevent API attacks and is the only solution that automatically and continuously discovers all APIs across customer environments and identifies API vulnerabilities during the build phase.

3. While the company continues to lead the way in developing innovative API security technology, Salt Security also remains dedicated to growing public awareness of API security issues. On that front, the company recently launched Salt Labs, a public forum for research on API vulnerabilities to provide resources and reports that organizations can use to improve their API security posture and mitigate threats impacting API-centric businesses. Most recently, Salt Labs published research centered around a novel vulnerability found in GraphQL.