Not often in the startup world are you able to witness your product line over time consistently fulfill the vision that the company was founded upon. Here at Cequence, we’re doing exactly that. We started a decade ago helping enterprises protect their applications from malicious bots, architecting the original solution to be network based for easy deployment and superior behavioral analysis. This architectural choice proved very wise as attackers began to embrace APIs as their target of choice, as our Bot Management solution was able to stay in front of them. We added an API Security product to the mix using the same architecture which uniquely enabled Cequence to have these two solutions work in concert for maximum protection benefit. We call this the Cequence Unified API Protection platform, or UAP for short.
Now, we’ve introduced a new product, the Cequence AI Gateway, which enables organizations to safely and securely connect their enterprise applications to AI agents. We heard loud and clear from the market that making their applications AI-ready using available MCP server tooling was relatively straightforward to prototype, but exceedingly difficult to develop for production use where scale, authentication, and security are non-negotiable requirements. Cequence’s experience in protecting applications and APIs and our understanding business context through traffic analysis makes us uniquely qualified to help organizations realize the promise of AI productivity – safely and securely.
A Brief History of Access
Organizations created applications to be used through web browsers, which was really just an extension of the client-server computing model. Then came mobile applications and direct API consumers like your business partners and aggregators. Along the way, attackers used each of these channels to target applications for fraud and abuse. Today, AI browsers and agents represent a new channel, and as such, a new attack vector to worry about.
The Model Context Protocol (MCP) has emerged as the de facto standard for connecting AI browsers and agents to enterprise applications and APIs. However, in talking to customers, prospects, analysts, and the media, we quickly realized that people were struggling to create MCP servers in their pursuit of AI productivity gains. Further, we consistently saw that most folks were hacking together single-user prototypes, connecting AI agents to critical systems without sufficient security, oversight, or context.
Note that MCP doesn’t replace existing APIs – it depends on them to provide data, context, tools, and resources for autonomous agents and AI applications. In fact, as MCP adoption grows, it’s driving the creation of even more APIs and increasing overall API usage.
With our years of application and API experience, we immediately knew that we were uniquely positioned to solve this problem of rapid and secure AI enablement.
A New and Different Channel
It would be easy to assume that AI agents are just another channel using APIs. While true, consider that applications have been overwhelming crafted for a specific audience – humans. It should be alarming to see the percentage of bot users go up and human users go down. The speed with which agents can make decisions and execute transactions far outpaces what humans are capable of doing. Even legitimate/good bots must be kept in check, e.g., making sure that appropriate rate-limiting boundaries prevent any bot from taxing a given system.
Some examples:
- Joe may very well be permitted to instruct an agent to access the corporate web site logs and Salesforce to put together a report of interested prospects. However, should he be able to compile a list of all customer interactions and email it to an external domain? Likely not.
- Mary, who works in the finance dept should be able to use an AI agent to access the infrastructure needed to create a monthly report of filed invoices, their remit history, and days outstanding. She and her agents should not, however, be able to access the systems used by the CFO and CEO that detail unreleased quarterly financial reporting info. A proper authentication and authorization system is needed to make sure Mary’s bot can’t cross an inappropriate access line.
- If agents are accessing specific APIs in concert that suggest business logic abuse, controls are needed to detect and mitigate. The speed of bots requires that the mitigation be handled immediately, not waiting hours or possibly even days for a ticket to be filed, processed, and prioritized.
Going Fast, Safely
We’re all excited about what can be accomplished with AI browsers and agents, but one must still pay attention to core enterprise requirements. These requirements are what differentiate an interesting prototype from a production-ready solution. Robust enterprise scale, authentication, authorization, oversight, and security are just some of the things that enterprise-class solutions must accommodate.
Robust enterprise scale with proper authentication and authorization to consistently ensure least-privilege access. Monitoring, logging, and oversight of user and tool activity are needed for solution debugging as well as seeing that agent behavior aligns with user intentions.
The Cequence AI Gateway offers all these capabilities, enabling organizations to create production-ready agentic AI solutions in no time. And when it comes to protecting applications and APIs from attacks, business logic abuse, and fraud, the Cequence AI Gateway integrates tightly with our API Security and Bot Management products. After all, AI agents are just specialized bots, but with the ability to take traditional attacks to new levels. From security guardrails that protect against expensive runaway agent queries to subtle business logic abuse that can only be detected by understanding the business context of API transactions, Cequence has you covered.
Cequence – The “Easy Button”
Cequence offers a safe, protected environment where your applications can be made AI-ready, without code, in minutes, while still delivering on your critical enterprise needs.
We recognize that not every enterprise is ready to immediately dive into the AI pool, and that’s fine. But even if you’re not jumping in just yet, it’s prudent to make sure that you have adequate application and API security in place, so that when you do bring AI in, or your workforce brings in shadow AI, it happens with appropriate security measures in place.
In either case, we’d love an opportunity to talk with you, understand your situation, and show you how Cequence can help you meet your productivity and security goals. Contact us today to learn more.
