While APIs, which allow different applications to talk to each other over the internet, have become vital tools for increasingly cloud-enabled workplaces, they’re also uniquely vulnerable to cyber attacks. In fact, a GitGuardian report recently found that in 2021 six million passwords, API keys and other sensitive data were leaked through API attacks. In recent years, organizations like Peloton, Experian, Facebook, LinkedIn and Clubhouse have all had user data fall into nefarious hands because of API weaknesses.
Corsha, which recently raised $12 million in Series A funding, is one organization trying to fortify API communication against such attacks.
The Vienna-based company secures machine-to-machine communication by adding automated MFAs to APIs. Corsha’s platform does this by assigning dynamic identities to an organization’s already trusted machines and then giving pin API access to only those machines. Each API call request requires a new, one-time-use credential as well, further securing communications between machines.
“The greater we automate our application development and deployment processes, the more the risk shifts from human to machine. It’s more important than ever to have clear visibility into the machines that are accessing APIs and be able to seamlessly control access,” Corsha CEO and co-founder Chris Simkins said in a statement.
This funding news follows Corsha’s recently launched API Security Scorecard, which allows organizations to measure their API security. The scorecard is free to use, lowering the barrier for organizations to assess and secure their cloud systems.
Corsha plans to use the recent funding co-led by Ten Eleven Ventures and Razor’s Edge Ventures to further develop its platform. Specifically, the company will invest capital into PI discovery and observability, integrations across the API ecosystem and open-source tools.
