A talk given by Francois Lascelles from Ping Identity at the 2019 Austin API Summit in Austin, Texas. API security issues keep surfacing at big-name organizations. Data leaks, reputation is damaged, service is disrupted. APIs are innovation enablers but also have a downside: the sensitive data that flows through them make them prime target for hackers. Why is API security so hard? Francois ‘s presentation will explain how traditional API security is not bullet-proof, review recent API vulnerability examples, and discuss the role of AI and implicit security in detecting and stopping exploits of these specific vulnerabilities.