Our new report reveals risks in exposed Fortune 1000 & CAC 40 APIs! Discover what we found
%20(1).png)
Using advanced subdomain enumeration, AI-driven fingerprinting, and OSINT techniques, Escape’s security research team scanned Fortune 1000 and CAC 40 top-level domains to discover thousands of exposed APIs. Through a multi-layered process, we identified 158,079 subdomains, enabling extensive coverage and detailed analysis.
One of the key challenges was obtaining API specifications to effectively scan newly discovered exposed API services for vulnerabilities. Our approach within Escape’s platform focused on two areas: Semantic Analysis—identifying essential code fragments using custom rules to optimize LLM prompts, and Specification Generation—leveraging the LLM to create precise OAS methods, with contextualization to resolve code dependencies and references for accuracy.
After completing the specification generation process, the final step was API security scanning. Using Escape’s Dynamic Application Security Testing (DAST) solution, we conducted an in-depth analysis of each identified API endpoint to detect potential vulnerabilities and risks.
You can find an in-depth technical explanation of the algorithm here.
%20(1).png){kind=logo}
