AI is transforming how businesses operate—but the security gaps it introduces are just as profound. In this episode, Rupesh Chokshi outlines the rising risks of agentic AI, API exposure, and bot-driven scraping—and what security teams can do about it today.
Ahead of Black Hat USA 2025, Sean Martin and Marco Ciappelli sit down once again with Rupesh Chokshi, Senior Vice President and General Manager of the Application Security Group at Akamai, for a forward-looking conversation on the state of AI security. From new threat trends to enterprise missteps, Rupesh lays out three focal points for this year’s security conversation: protecting generative AI at runtime, addressing the surge in AI scraper bots, and defending the APIs that serve as the foundation for AI systems.
Rupesh shares that Akamai is now detecting over 150 billion AI scraping attempts—a staggering signal of the scale and sophistication of machine-to-machine activity. These scraper bots are not only siphoning off data but also undermining digital business models by bypassing monetization channels, especially in publishing, media, and content-driven sectors.
While AI introduces productivity gains and operational efficiency, it also introduces new and uncharted risks. Agentic AI, where autonomous systems operate on behalf of users or other systems, is pushing cybersecurity teams to rethink their strategies. Traditional firewalls aren’t enough—because these threats don’t behave like yesterday’s attacks. Prompt injection, toxic output, and AI-generated hallucinations are some of the issues now surfacing in enterprise environments, with over 70% of organizations already experiencing AI-related incidents.
This brings the focus to the runtime. Akamai’s newly launched Firewall for AI is purpose-built to detect and mitigate risks in generative AI and LLM applications—without disrupting performance. Designed to flag issues like toxic output, remote code execution, or compliance violations, it operates with real-time visibility across inputs and outputs. It’s not just about defense—it’s about building trust as AI moves deeper into decision-making and workflow automation.
CISOs, says Rupesh, need to shift from high-level discussions to deep, tactical understanding of where and how their organizations are deploying AI. This means not only securing AI but also working hand-in-hand with the business to establish governance, drive discovery, and embed security into the fabric of innovation.
Learn more about Akamai: https://itspm.ag/akamailbwc
Note: This story contains promotional content. Learn more.
Guests:
Rupesh Chokshi, SVP & General Manager, Application Security, Akamai | https://www.linkedin.com/in/rupeshchokshi/
Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com
Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com
______________________
Resources
Learn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamai
Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs
Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/
Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
[00:00:00]
[00:00:00] Sean Martin: Marco
[00:00:00] Marco Ciappelli: Sean,
[00:00:02] Sean Martin: Vi room. Vi room.
[00:00:04] Marco Ciappelli: I know you already engine, uh, engine on.
[00:00:07] Sean Martin: engine on with the AI inside.
[00:00:10] Marco Ciappelli: Oh yeah.
[00:00:11] Sean Martin: the vi room.
[00:00:12] Marco Ciappelli: So are you just telling me that you don't trust my driving and you're rather AI drive you to Las Vegas?
[00:00:17] Sean Martin: I would, I would never say that. I'd let people, uh,
[00:00:20] Marco Ciappelli: You should, you should. Well, you know, it's, it's that time of the year that, uh, we, we go through the desert, we get to Las Vegas. We meet a lot of cool people that, uh, we been meeting many of them for, for many years now. I think, uh, we, we said it was number 11 as ITSP magazine. And, and every year we meet somebody new.
But, uh, what is exciting is that we started the coverage for Black Cat 2025 even earlier, which is right now.
[00:00:53] Sean Martin: I know and, uh. I mean, chat's on the road. It's a tradition for us and we get to get [00:01:00] a preview of what's going on at the events. We get to talk to keynotes and, and sponsors and other speakers, and, and I'm thrilled to have repress on from Malcolm. I ruka to see you again.
[00:01:11] Rupesh Chokshi: Same here. Same here. Thank you so much for having me and, uh, you know, excited to be at, uh, black Hat 2025. It's amazing that the time flies by when you're having fun.
[00:01:24] Marco Ciappelli: You're definitely one of those that has become a tradition to talk with before, during, and uh, and sometimes even after the event. So I'm very excited to see you.
[00:01:34] Rupesh Chokshi: Same here. Same here.
[00:01:36] Sean Martin: So, uh, let's get straight into it. So, clearly your team is constantly innovating. Uh, you're, you're leading market trends. You're watching market trends. Um. What are you sharing with folks this year at Black Hat, uh, from Akamai in terms of, I mean, we can't escape the AI part, right? But so AI and [00:02:00] anything else you wanna highlight in terms of what you, what you expect to share with folks?
[00:02:04] Rupesh Chokshi: Now that's, uh, you know, as, as you mentioned, like cannot, uh, escape AI and it's everywhere and it's soon gonna be part of our everyday lives, the way the adoption and the momentum is happening. So we're, we're coming in, you know, with a very sort of, you know, clear point of view when it thinking about.
Accelerating ai, but also securing ai and then what is happening with AI in so many different ways. So we'll be talking about securing generative AI at runtime, right? So what can we do to secure, uh, at runtime all the different gen AI apps that are popping up? How are the bots evolving? Because we are seeing a lot of AI scraper bots that are constantly scraping information so they can kind of put that in there.
Models and training and learning and, and provide responses, right? And the third area is, you know, why APIs are [00:03:00] exposed. Uh, you know, more than ever because a lot of the APIs actually power the AI ecosystem. So three things. AI, security at runtime, what's happening with AI bots, and then the importance of API security.
[00:03:16] Sean Martin: So good. We're gonna talk about, uh, all three of these in a little more detail when we, when we see you on site as well, but maybe a, a, a sneak preview of some of the, some of the bot activity that perhaps you're seeing, uh, on the ground in that in customer sites.
[00:03:32] Rupesh Chokshi: So the, the whole kind of AI scraper bots has just taken off this year in 2025 because, you know, a lot of these, uh, LLMs are, are really kind of trying to. Get better and they're learning and educating and training and like this constant on mode. So we at Akamai saw 150 billion, 150 billion, you know, bot scraping attacks, and we [00:04:00] published a blog on this thing.
It's available. It's a ginormous number if you think about it. I think it's even bigger than. Then the number of stars in the universe. So a lot of activity, uh, that is taking place and we are starting to see some interesting kind of friction points with certain business models. If you think about, you know, if I'm a publisher, right?
So my job is to, you know, create content or provide content, whether it's in news, whether it's in media, whether it's somewhere else. And all of this is being scraped by the, by the bot and kind of shown or represented to the user that is querying that. And I'm kind of, you know, in a tough place because my monetization has a big impact of it.
So we are seeing, you know, this impact to different industries. As we, and I think we're just at the cusp of, uh, you know, AgTech, right? So if AG agentic AI starts to take off, it's gonna be more machines talking with machines, et cetera. [00:05:00] So a lot of concerns, whether it is, you know, shadow ai, whether it is bots, whether it is ca, you know, attacks that we're seeing on the ground, uh, et cetera.
And, and the numbers are, are amazing. I think it was like. More than 70% of the enterprises have had, uh, an AI related incident in the last 12 months. You know, Gartner has a report on that. Uh, we are seeing prompt injections. We're seeing, you know, jailbreaks, data manipulation, data poisoning, toxic language, hallucination.
A list goes on. You get the point.
[00:05:31] Marco Ciappelli: Yeah. You know, I get the point. We live in the future and in a sci-fi world. Right. You know, I'm, I'm rereading Asimov. Now, I don't know if you're, you know, familiar with that, with what it does, but you know, when you talk about robots and it wrote it like in 1935, 1940s. Now we're leaving that future. So when, when you talk about agent ai, I just envision this bottle of the bots, which is not just bots, mechanical, they're actually thinking machine.
So I like to hear [00:06:00] what you think is gonna be, 'cause it's definitely gonna be the buzz agent, ai, this, this year. I'm putting some of my money on that roulette, uh, on that number. So what, how, how are you addressing this with your customers? Is it fear? Is it optimism? What is it?
[00:06:17] Rupesh Chokshi: So I think there are two parts to it, right? Let's talk about sort of the promise of AI and, and let's talk about sort of agentic ai. And I, you know, I'm personally a believer that, you know, the AI era is, is transformational, revolutionized evolution, whatever you wanna say, but it's gonna change. The way we do things in a very, very big way and a lot of gains to sort of, you know, uh, humankind, right, in terms of the work, the business processes, the how things evolve, et cetera.
So very positive on that. I think along that journey there's gonna be a lot of, you know, uh, sort of adaptability that is needed. So one example I was listening to, [00:07:00] uh, I think it was Wall Street Journal's podcast, and it talks about that Amazon will have, you know, more than, uh. 1 million robots, uh, and they'll surpass and the robots would surpass the number of, uh, employees that might have.
And all of that is gonna pivot over the next five to 10 years. And you know, the obvious reaction is that, oh my God, you know what's gonna happen? You hear headlines on, Hey, you don't need software developers because AI will do all the coding. And then you hear about all of these business processes are going to be agentic AI powered, which means that they're all gonna do all of this work in the background.
Which is fantastic, but when I really think about, you know, the cyber aspects of it, or the cybersecurity aspects of it, and the exposures, right, the attack surfaces, the, the complexities that it is bringing forward. I am concerned, I am, I am concerned, I'm nervous, I'm concerned about the, the, the privacy, the trust.
You know, do I [00:08:00] trust an agent workflow to carry my PII. For my credit card information to make a reservation or plan a trip for me. Right. And then where does it reside? Because a lot of ai, it's not like a database. You can go to a row and say, delete this information. Right. Once it has it, it lifts. And that is the biggest fear that as more and more of this automation kicks in, what happens to all this information?
How is it gonna be utilized? Et cetera. So concerned about that, but I'm pro in terms of the future.
[00:08:35] Sean Martin: Yeah, a lot endless, uh, number of scenarios there. And, and I wanna maybe talk about a couple things here, um, together, and I know there's this idea, I mean, looking at this from a risk perspective, um, what you're leading on, leaning in on here a bit, but there's the bigger business picture of what, what does it mean to get this right [00:09:00] and.
And I think with that as, as companies kind of build out their AI enabled business, they're using agents, they're using services, they're using APIs, and, and the exposure, the information they're providing, the exposure that they're creating, um, is tremendous. Which could impact the, all the workflows. I mean, connecting all this stuff makes it complex and we know complexity, uh, drives, uh, risk up as well.
So your thoughts on the, the value and the importance of getting it right, um, connected to this world of, uh, tremendous exposure that we're creating.
[00:09:37] Rupesh Chokshi: So we're definitely in a, in a very hyper connected world, right? Everything is like connected to everything and, and you know. Whether it's the robots, whether it's the cars, whether it's the machines, whether it's the humans, whether it's a workforce, whether it's a supply chain, everything connected to everything.
And, uh, we see sort of, you know, APIs at the core of it, right? Because the [00:10:00] APIs are providing that sort of, you know, enablement even in the world of ai. They're the backbone of, uh, of ai, if you think about it, right? Every LLM integration, every agent workflow, every autonomous decision is going to be tying back to APIs.
So securing, you know, AI is gonna require securing APIs, and we saw some of that with, uh, one of the recent, uh, you know, uh, McDonald's was in the news recently about, uh, some data leakage that happened. You go back underneath all of that and it is tied to securing APIs, right? So we have to think about that.
The infrastructure layer or the the communication layers or the software layers that are. Powering the AI and the agent workflows, those need to be very systematically secure. You know, we also see a lot of business logic related, uh, abuse that takes place. And AgTech could be very concerning when it comes to business logic abuse, [00:11:00] like our internal, you know, telemetry of the data that we see shows that.
Almost like, you know, 40% of the attacks are, are business logic attacks when it comes to API security. So I feel, you know, there is a lot of risk, there is a lot of work to be done. I think customers need to think about enterprise, need to think about how do you do it in a, in a very, you know, kind of thoughtful way where security is an enabler to the future of ai, but it has to go hand in hand, not an afterthought.
[00:11:33] Marco Ciappelli: Yep. That sounds, yep. That security by design is still that kymera that we're, that we're all chasing. Um, I know you're having a, you're giving a talk there. It's, uh, it's on firewall for ai, um, in ing. Uh, like to hear a little bit about that.
[00:11:50] Rupesh Chokshi: So at, uh, you know, RSA, we, we talked about a new product that we launched, which is the firewall for ai. You know, a lot of, you know, great feedback from [00:12:00] customers, from industry analysts. You know, we won some awards at RSA and, and afterwards. Um, so we are launching a AI security capability focused on runtime, and the use cases are all around Gen AI apps and LLM based apps, et cetera.
And what we will do at RSAs, we'll have demos, we'll show how the capabilities work, but it's a, it's a purpose build, you know, capability that is all focused on. AI runtime threats, whether it is prompt injection, whether it is input output, whether it's, uh, you know, things related to, uh, remote code execution, whether it is toxic language, hallucination, you name it, compliance violation.
So all of that, and we are super excited for two other reasons. One is that we're able to provide this capability at scale. Uh, you know, because latency performance, all of these things matter because there's lots of transactions taking place. We have a very easy to deploy kind of model, right? So that is what we will [00:13:00] showcase at Black Hat, and we'll show at the booth and we'll talk about it.
Demo.
[00:13:07] Sean Martin: And is there, is there a specific use case that CISOs might think they have covered with their traditional firewall and other network and perhaps even perimeter protections that you, you can flag for them easily. Say, eh, you might, might wanna reconsider what you're looking at and how you're, how you're view.
[00:13:27] Rupesh Chokshi: So we, we've seen that, right? We've seen that in, in many examples, that, you know, the, the normal thinking is that, hey, a web application firewall. If it's protecting me, then it'll also protect my sort of, you know, ai, uh, agents or chatbots or conversational agents and those interactions that are taking place.
Uh. We've shown CISOs again and again, that, you know, prompt injections is a very different, this is all session based. And then you're also not just looking at input, you're also looking at the output, right? In terms of what is the model, what is the AI agent actually [00:14:00] processing, and how are they responding back?
Right? Are they, you know, giving out information that they should not be? And we have seen, you know, many, one, one example is that we looked at, uh, for one customer around a hundred thousand requests over a period of time. And, and the system came back and said, 6% is flagged in the world of cybersecurity. 6% is a very big number in terms of what we were flagging for PII for toxic, for compliance, for prompt injection, uh, et cetera, et cetera.
So, you know, many of these examples, uh, we're starting to see and we're starting to see not just financial services. We see it in healthcare. We see so many different industries, right, that are starting to really. Power everything with conversational AI agents and we are here to solve those problems.
[00:14:48] Sean Martin: And speaking of power, and I'll, I'll change that to empower, uh, the CISO and their teams. What, what do you hope? They kind of latch onto, [00:15:00] uh, this year at Black Hat and, and speaking with you and your team, what, what do you think they'll walk away with that that will change the way they run their programs?
[00:15:08] Rupesh Chokshi: I think, I think today, you know, I really think that the CISOs, the security teams need to kind of go from the higher level discussion to. A lot more sort of what do I need to do, right? What is relevant in my environments? Like you don't want, as a security professional to be in a meeting with the rest of your AI innovation team and kind of not fully understanding.
What is being done and what is gonna be the ramification of that, right? So let's make Black hat or any of that industry event as a opportunity to learn and go deeper and have those deeper conversations. Because a lot of the talent that is there on the black hat floor is, is very, you know, smart individuals.
Like even from Akamai, we have a number of. Threat researchers that are gonna present, they're gonna be there, they're [00:16:00] available, you know, have a round table, have a conversation, but let's go like 3, 4, 5 levels deeper, right on what needs to be done, how should we think about it and kind of get in front of the innovation versus the high level kind of big ticket statements on, Hey, AI is here.
What are we doing to, let's get to the brass tacks.
[00:16:22] Marco Ciappelli: Which brings me to think like, you know, going down at the, the level and dig deeper into that conversation, but also when you're involved the business, again, not only lead with fear. I mean, you, you say gotta be hand in end right there. You're, you're concerned, you're worried as everybody else, but there are opportunities.
So how do you balance that and, and maybe what do you think, you know, how do you think company can get it? That right? I mean, again sure, think ahead, but some, some specific advices maybe.
[00:16:54] Rupesh Chokshi: Yeah. I, I think, you know, clearly, you know, business leaders, they're gonna make some decisions. It's a [00:17:00] boardroom level conversation. Let's go because at the core of the value proposition of AI is tremendous amount. Whether it is the customer user experience differences, whether it is personalization, whether it is operational efficiencies, whether it is speed, like all of this is real, right?
Because the technology has the ability to deliver on those promises. So I think from a. Business side that is all being driven very, very rapidly. And I think what we need to do is, is you know, bring the business and the security leaders together and think about security as an enabler. But also I think in the, in the ai, you know, examples, maybe a lot more focused on red teaming, discovery, you know, those kind of things because it's a lot of shadow AI early days.
So let's at least get a handle on what's going on. Let's build the governance structures, let's get. You know, the processes going, uh, rather than kind of be a little bit on, Hey, [00:18:00] I don't know, so I'm not gonna do anything, and then, oops, something happened. There's enough technology and capabilities available in AI security today to make the progress that we need to.
[00:18:11] Sean Martin: Yeah, it's interesting. I've, I've been to a few non-security conferences, legal tech and FinTech and health tech and the. Of course AI's driving a lot of those events and a lot of conversations there we're, we're seeing lawyers write vibe, code, writing agents, AI agents, and all kinds of fun things. And I think the, the one takeaway from being part of those conversations coming at it from a security perspective is security really needs to find a way to open up those conversations and be part of them and, and bring to them.
Their, their peers and their, their stakeholders within the business. What you and your team Rupesh have to say, you, you see the, you see this stuff as you're working with all your customers and prospects. You see the activities that are taking [00:19:00] advantage of, of, of the innovations and, and the technologies that are being deployed.
So where can they find you and your team at Black Hat? Um, 'cause people, people work in these diff different industries and they need help. So how can they find you?
[00:19:12] Rupesh Chokshi: yeah, absolutely. So we will be at, uh, black Hat on the exhibit, uh, floor. And, uh, we're gonna be. Uh, 1,457 booth or 1 4 5 7 is our booth number. Please. You know, stop by. As I mentioned, we have a lot of talented folks from threat research and, and solution engineering. You know, a lot of intelligent folks that are working day to day with the customers, with the industry experts that can really go, uh, dig deeper.
And then we have a number of presenters also, uh, during the kind of main blackhead and DEFCON agenda, right? So. Lot to kind of take in, but stop by at, uh, 1457. That's.
[00:19:52] Sean Martin: We will certainly see you there. I think, uh, we're gonna have another chat with you, Rupesh, and, and the team, uh, digging deeper. Um. [00:20:00] Perhaps if, if folks want us to, uh, focus in on something, uh, they can let us know. Uh, but I'm excited to talk about APIs and bots and, and, and the whole agent AI space and, and looking at the content, looking at the sessions and knowing what's going on.
And you, your team has the insights there, so.
[00:20:17] Rupesh Chokshi: Yeah. Yeah, absolutely. Absolutely. Looking forward to it. And uh, again, you know, blackhead is a great event for security professionals. We wanna, you know, help, we wanna be there and we wanna bring the message with clarity, as I mentioned early on, right? It's all about AI security for runtime. It's about the AI scraper bots, and it's about securing APIs as they power the ai.
[00:20:39] Sean Martin: Sounds good. Well, thanks everybody for, uh, listening to this. Episode of Chats on the Road to, uh, black Hat in Las Vegas, Rupe. It's always a, a pleasure chatting with you. Looking forward to seeing you on location in Las Vegas, and, uh, anybody else who's there, um, find Rupe and team at the booth. Perhaps you'll see us there [00:21:00] as well.
And,
[00:21:00] Marco Ciappelli: But most importantly, not everybody's gonna be able to be there, and that's why we are gonna be there and we're gonna bring, uh, this conversation again before. During, after the event and, uh, as much fun as Las Vegas may sound, it's really hot, so you're not gonna miss out. But you know, luckily the the place where black hat happened, it's nice and cool and we're gonna hang out in there.
So we're looking forward to see you refresh.
[00:21:27] Rupesh Chokshi: Yeah.
[00:21:28] Sean Martin: If you're lucky enough to go, we're excited to see you there. You there? If you're lucky enough to not have to go, we're, we're excited to connect with you online.
[00:21:37] Rupesh Chokshi: I like the way you just used the word lucky three times.
[00:21:39] Sean Martin: There you go. Lucky. Lucky, lucky. All right. Thanks, Rupe. Thanks everybody.
[00:21:45] Rupesh Chokshi: Thank you.
[00:21:46] Marco Ciappelli: Take care.