Google Cloud has released an update to its Apigee platform, enhancing API security with new abuse detection features designed to address key risks.
Google Cloud announced an update to its Apigee Advanced API Security platform on October 2, 2025, introducing new features designed to refine abuse detection and incident reporting. The release is part of an ongoing effort to address what industry resources describe as a primary attack vector for modern web and mobile applications.
New Exclusion Capabilities for Abuse Detection
According to the official release notes, the updated version of Advanced API Security introduces exclusion lists for its Abuse Detection and incidents functionality. Users can now specify CIDR ranges and IP addresses to exclude from future incident reports. Google states this feature is intended to help teams exclude traffic known to be safe, such as requests originating from automated testing, thereby reducing noise and focusing on genuine threats. The new functionality allows for the creation and management of multiple exclusion lists that define which traffic to ignore and the reasons for the exclusion. This rollout follows an August 25, 2025 update that provided more detailed explanations for anomalies detected in traffic.
The Growing Importance of Securing APIs
API security is broadly defined as the practice of protecting APIs throughout their entire lifecycle. As noted by security platform Wiz, this involves using authentication, authorization, encryption, and monitoring to prevent unauthorized access and data exposure. Because APIs often serve as the backend framework for applications, breaches can lead to significant data leaks. As one expert, Thiago Bertuzzi, highlighted during a recent MVPConf 2025 presentation, APIs handle critical data and operations, making them targets for a wide range of attacks, from authorization failures to denial-of-service via unrestricted resource consumption.
Addressing Top Industry Risks
The need for robust security tools is underscored by the top risks identified by organizations like OWASP. Bertuzzi’s conference talk referenced several key vulnerabilities from the OWASP API Security Top 10 list, including Broken Object Level Authorization (BOLA), Broken Authentication, and Unrestricted Access to Sensitive Business Flows. These risks demonstrate why a multi-layered approach is essential. Effective API security must preserve data confidentiality, ensure authorized-only access, and maintain data integrity. Strategies recommended by security professionals include implementing rate limiting, using non-sequential IDs like UUIDs to prevent resource inference, and maintaining strict version governance to decommission obsolete endpoints.
#APIsecurity #GoogleCloud #Apigee #cybersecurity #OWASP
