The world is about to write a new chapter in the story of AI. If the first was about unlocking the technology’s predictive abilities, and the second tapped into its generative (GenAI) potential, the third will be dominated by agentic AI driving autonomous decisions. These technologies offer seemingly unlimited potential, but to unlock it, organizations need to seamlessly connect their AI agents to a multitude of systems and data.

Application Programming Interfaces (APIs) have therefore become essential to the success of AI strategies, providing the layer of connective tissue that agents need to communicate with enterprise systems. In fact, they’re already helping to unlock the value of GenAI. IDC claims that those with GenAI-enhanced applications and services in production have roughly five times more APIs than those who haven’t yet invested in the technology.

However, if unmanaged, the soaring number of connections between internal and external systems will compound the existing problems around API sprawl. This in turn creates major cybersecurity and compliance risks. As organizations embrace the agentic AI era, their motivation to create new APIs will outpace their ability and desire to follow best practices for governance, security, and lifecycle management, due to the delays they introduce.

To mitigate this risk and safely harness the power of agentic AI, IT leaders need a fully integrated API management (APIM) strategy.

Zombies, shadows, and risk

It’s impossible to accurately estimate just how bad API sprawl has become, in part because of undocumented “shadow APIs”. An oft-cited report claimed the number of APIs worldwide exceeded 200 million in 2021.

However, with larger enterprises potentially running thousands or even tens of thousands—and an estimated 29 shadow APIs in every enterprise account—all bets are off as to the true number that are active today. In any case, the number is set to explode as agentic AI takes hold. A “build-now-think-governance-later” culture will only add to the number of shadow APIs in existence across organizations.

The problem is exacerbated further by the prevalence of zombie APIs—that is, connectors that are no longer actively used but still accessible. For example, a developer might create an API to meet a temporary need to pull data from one system into another, but then fail to decommission it after the transfer is complete. Both shadow and zombie APIs pose a major security risk.

This is worsened by the fact that nearly one in three (30%) APIs are unmanaged, and only half of enterprises have software to detect them, according to IDC. On the other hand, threat actors are past masters at seeking out unmanaged and exposed APIs. They know these endpoints may have outdated, weak or missing authentication, and other flaws they can exploit.

The result could be anything from data theft and ransomware infections to credential stuffing and fake account creation. This can ultimately lead to compliance risk, financial loss, and reputational damage. Last year’s Trello breach served as a stark reminder of that risk, when an adversary exploited a misconfigured API endpoint to access the data of 15 million users.

Building a robust API Management strategy

Identifying API sprawl as an issue is one thing, but doing something about it can be more challenging. The problem is that the point API Management (APIM) solutions that most organizations rely on are not fit for purpose in today’s agentic AI era. They create IT bottlenecks that stifle innovation and slow development workflows, encouraging developers to take shortcuts when it comes to governance and documentation.

To overcome these challenges, organizations should centralize visibility and control of their APIs in one platform and apply federated governance throughout the end-to-end lifecycle. In this way, they can set granular policies, manage security and observability requirements, and automate as much work as possible to alleviate the burden on developers.

It’s also important to establish API usage monitoring and control capabilities so partners can be onboarded quickly, and rapidly offboarded if their software becomes incompatible, or when their contract expires. Compliance and ongoing SLA management are other important elements of a central APIM strategy—to minimize regulatory risk and ensure consistent quality of experience.

Towards a more connected future

As enterprises continue to adopt agents at scale, the need for robust API management is critical. If overlooked, organizations will be at risk of increased security vulnerabilities and left unable to unlock the full potential of agentic AI. But with a robust, fully integrated APIM strategy, organizations will have a much firmer foundation for building a truly autonomous future.

Taking a unified approach to connecting systems and data will enable IT and business teams to harness the power of agentic AI without increased risk. That will set them on a path to supercharge business operations and free employees to work on higher value tasks, creating a stronger and more lasting competitive advantage.

We feature the best Active directory documentation tool.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro