Ep 20 - API Security - Shadows, Zombies, and Other APIs We Pretend Don't Exist

🎙️ Coffee, Chaos and ProdSec

Ep 20 APIs are the backbone of modern apps, and attackers know it.

This week, Kurt and Cameron break down the API security mess with stories from the trenches, practical fixes, and a few "how is this still happening" moments that'll make you check your own endpoints.

From unauthenticated APIs sitting wide open to broken authorization bugs that let you change one ID and steal the whole database, the hosts walk through the Hall of Shame with examples that sting. They tackle the nightmare of zombie and shadow APIs nobody remembers deploying, explain why API inventory is nearly impossible to maintain, and explore how bots have evolved into AI agents that can scan, exploit, and exfiltrate faster than any human.

Your hosts dig into why security through obscurity still exists in 2026, how to actually test APIs before attackers do, and what happens when AI shopping agents and MCP servers become the new attack surface. It's a tour through Application Security, DevSecOps, and Cybersecurity realities with humor and zero fluff.

If you're building or defending APIs, this episode is required listening.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.