CLAYMONT, Del., Sept. 03, 2025 (GLOBE NEWSWIRE) — Astra Security, the platform for continuous pentesting, combines automated scans with expert-led testing for complete coverage. Today, the company announced the release of its new API Security Platform. The platform uncovers undocumented, zombie, and shadow APIs that put infrastructures and sensitive PII at risk. Rather than relying on reactive, siloed detection tools, adopting Astra’s API Security Platform provides proactive, automated protection against hackers using application programming interfaces (APIs) to compromise systems. Most businesses lack a complete API inventory, and developers rarely run active security tests on the APIs they build. Astra API Security Platform solves for both, providing complete visibility into APIs that a company may not have known existed, and testing them autonomously for security vulnerabilities.
APIs power modern apps, from logins and payments to medical records, but unchecked API sprawl is now a critical security issue. As organizations undertake digital transformation and modernization, the number of APIs proliferates across distributed infrastructures. Zombie APIs, abandoned or outdated endpoints, often linger in systems and become easy targets for attackers. Shadow APIs, built outside official security controls, expose sensitive data and bypass governance. Shadow APIs may lack proper authentication protocols, exposing sensitive data and creating a point of vulnerability. APIs can misrepresent the data they expose and who can access them without triggering a security alert.
Astra’s API Security Platform solves this by finding every undocumented, dormant, and shadow API across infrastructure. The platform analyzes live traffic in real-time and runs offensive Dynamic Application Security Testing (DAST) scans across all APIs, applying 15,000+ test cases.
API exploits are rising fast, driving a 90% year-over-year surge in demand for API penetration testing. AI agent APIs and MCP servers are emerging risks: 23% of IT professionals report AI agents leaking credentials, while 80% have seen bots take unintended actions like accessing unauthorized systems.
“APIs continue to be the unguarded backdoor to corporate data,” said Shikhil Sharma, co-founder and CEO of Astra Security. “Automated security tools tend to focus on web applications, overlooking APIs. All the innovation happening in the AI world, with AI Agents to MCP servers, has APIs as its backbone. With the release of the Astra API security platform, we can now discover, scan, and secure APIs in real time, closing the gaps before hackers can exploit them.”
Astra’s API Security Platform provides real-time visibility into every API in infrastructure, including undocumented, dormant, and shadow APIs. Integrations capture live traffic across cloud and distributed systems, including NGINX, AWS, GCP, Azure, Istio, Apigee, Kong, and Postman. Rather than relying exclusively on automation, Astra applies over 15,000+ DAST test cases as well as manual penetration tests conducted by in-house cybersecurity experts certified in OSCP, CEH, and eWPTXv2. Astra also maintains a continually updated API inventory derived from real-world traffic observations.
“It’s essential to identify weaknesses before they lead to compromised data,” said Ananda Krishna, co-founder & CTO of Astra Security. “By applying a hybrid strategy, our API Security Platform identifies security issues others miss, from misconfigurations and broken authentications to authorization flaws.”
Astra Security offers a unique penetration testing platform featuring a suite of products, including an AI-powered DAST scanner that continually emulates hacker behavior, as well as a team of CREST-accredited (Council of Registered Ethical Security Testers) ethical hackers manually performing penetration testing. Astra Security is CREST-accredited, ISO27001 certified, and CERT-in empanelled. It is also one of the few companies worldwide to hold a PCI DSS Approved Scanning Vendor (ASV) certification.
Last year, Astra Security uncovered more than 2.8 million+ vulnerabilities, saving customers millions of dollars in potential data breach costs.
About Astra Security
Astra Security is a SaaS cybersecurity company that simplifies otherwise chaotic pentests with its Continuous Pentest Platform, which consists of a suite of products including PTaaS, DAST Scanner & API Security Platform. Astra Security’s AI-powered offensive vulnerability scanning engine, Attack AI, emulates hacker behavior to scan applications for 15,000+ security tests. CTOs & CISOs trust Astra Security because it helps them fix vulnerabilities in record time and move from DevOps to DevSecOps with Astra Security’s CI/CD integrations.
Over 1,000 companies worldwide secure their applications with Astra Security’s penetration testing and continuous security platform. Last year, Astra Security uncovered over 2,000,000 vulnerabilities for its customers, saving them $2.88 billion in potential losses due to security vulnerabilities.
Media Contact:
Photos accompanying this announcement are available at
https://www.globenewswire.com/NewsRoom/AttachmentNg/12a223d9-787e-44f1-8c40-5f055df7852e
https://www.globenewswire.com/NewsRoom/AttachmentNg/9f25c927-f1e8-472e-a34d-4f450b3c911c