- 89% surge in AI-enabled adversary attacks over the past year (CrowdStrike).
- Attackers move from initial access to lateral movement in just 29 minutes.
- Approov expanded global infrastructure with new attestation points in Mexico and Milan, Italy.
Experts would likely conclude that Approov's latest platform upgrade represents a critical advancement in defending against the escalating threat of autonomous AI attackers targeting mobile APIs.
Approov Fortifies APIs Against a New Breed of Autonomous AI Attackers
EDINBURGH, Scotland – July 15, 2026 – The economics of cybercrime are being rewritten by a new and formidable adversary: agentic AI. These autonomous systems are not simply faster bots; they are adaptive, intelligent attackers that can probe mobile applications, perfectly mimic legitimate user behavior, and bypass traditional defenses at a scale and speed that defies human intervention. In a direct response to this escalating threat, mobile security leader Approov has announced a significant upgrade to its platform, Approov 2026 3.6, engineered to neutralize this new wave of AI-driven attacks on the mobile APIs that power our digital lives.
The New Economics of Cybercrime: Agentic AI
For years, security teams have battled automated bots, but the threat landscape has undergone a seismic shift. Agentic AI represents a fundamentally new class of adversary. Unlike scripted bots that follow predictable patterns, these AI agents can operate autonomously, learning from their environment and adapting their tactics in real-time. They can launch attacks that once took weeks of careful engineering in a matter of minutes.
Industry research substantiates the severity of this emerging threat. A recent CrowdStrike report revealed an 89% surge in attacks by “AI-enabled adversaries” over the past year, with the average time for an attacker to move from initial access to lateral movement plummeting to just 29 minutes. The threat is so tangible that analysts at Forrester have predicted the first major public breach caused by agentic AI will occur this year, warning that these agents operate at machine speed, often outside the visibility of conventional security tools.
These attacks disproportionately target Application Programming Interfaces (APIs), the digital conduits that connect mobile apps to backend servers. By impersonating a legitimate app, an AI agent can exploit APIs to scrape sensitive data, take over user accounts, and commit fraud, all while appearing to be a genuine user. This impersonation is the crux of the problem; the AI rarely runs inside the actual mobile app, instead replaying its API traffic from sophisticated scripts and server farms, making it incredibly difficult for signature-based defenses to detect.
A Global Immune System for Mobile APIs
Approov’s latest release confronts this challenge by doubling down on its core technology: runtime attestation. The platform is designed to verify that every single API request originates from a genuine, untampered version of the mobile app running on a safe, real-world device. This creates a cryptographic proof of authenticity that an impersonator, whether a human or an AI agent running in a data center, simply cannot generate.
“Agentic AI has changed the economics of attacking mobile APIs,” said Ted Miracco, CEO of Approov, in a statement. “Our enterprise customers are scaling to unprecedented attestation volumes precisely because attestation exposes these impersonation attacks at the source.”
To ensure this verification process happens without creating frustrating delays for legitimate users, the company has significantly expanded its global infrastructure. New regional attestation points have been deployed in Mexico and are soon to follow in Milan, Italy. This builds on an existing network spanning North and South America, Europe, and the Asia-Pacific region. By routing traffic intelligently to the nearest server, the company can cut response times for users across Central America, the southern United States, Southern Europe, and the Middle East, delivering on its promise of “protection without friction.” This ultra-low latency is critical for industries like banking, healthcare, and retail, where a seamless user experience is paramount.
Arming the SOC: From Raw Data to Real-Time Intelligence
Recognizing that enterprise security is a team sport, Approov 2026 turns every protected API into a distributed sensor for its customers' Security Operations Centers (SOCs). The new platform introduces direct integration with major SIEM (Security Information and Event Management) systems like Splunk and Sentinel. This allows security teams to decode Approov’s threat signals locally and correlate them with other security data, providing a unified view of an attack without adding latency or complexity.
Furthermore, the upgrade bolsters forgery detection. New message signatures cryptographically tie each network request to the device it came from, while enhanced token verification can distinguish between a valid ‘pass’ token, a validly signed ‘fail’ token, and an invalid or forged token—a critical signal when AI agents attempt to counterfeit credentials at scale. To manage this cryptographic ecosystem, the platform now supports fully automated secret rotation, eliminating a common point of human error and operational friction.
Perhaps one of the most practical innovations is the ability to perform gradual rollouts of new security policies. Responding to a novel attack often carries the risk of inadvertently blocking legitimate users. With this new feature, security teams can deploy a new defensive measure to a small percentage of traffic, monitor its real-world impact live, and then expand the policy with confidence. This allows organizations to respond aggressively to fast-moving threats without risking business disruption.
A Proactive Stance in a Fragmented World
This release signals a broader shift in security posture from reactive defense to proactive threat mitigation. An updated monitoring suite provides customer-configurable alerts that can flag unusual spikes in failed verifications—the earliest signs of an emerging attack. At a macro level, the system performs global anomaly detection, watching for correlated failures across its entire customer base. If multiple accounts show simultaneous issues, Approov’s own engineering team is automatically alerted, turning isolated signals into an ecosystem-wide early warning.
“This release is a direct response to how fast the threat landscape is moving,” explained Jae Hossell, CTO of Approov. “We’ve expanded the edge network, automated threat intelligence sharing for enterprise SOCs, and made deploying new security policies entirely risk-free. Security teams shouldn’t have to choose between reacting quickly and protecting their users’ experience.”
Looking ahead, the platform upgrade also activates backend support for Huawei’s HarmonyOS. While a small player on the global stage, HarmonyOS recently surpassed Apple's iOS to become the second-largest mobile operating system in China, a massive and critical market. By preparing for the platform’s expansion, Approov is future-proofing its solution and demonstrating an understanding of the increasingly fragmented global mobile landscape. This proactive readiness ensures that enterprises with a global user base can maintain a consistent security posture, regardless of the device or operating system their customers choose to choose to use.
Topics & Related
Cybersecurity
Agentic AI
📝 This article is still being updated
Are you a relevant expert who could contribute your opinion or insights to this article? We'd love to hear from you. We will give you full credit for your contribution.
Contribute Your Expertise →