APIs Demand Dynamic Security, Not Static Controls

Postman's Sam Chehab on Secrets Management and AI-Driven API Security Michael Novinson (MichaelNovinson) • December 8, 2025

Modern API security is no longer a one-time exercise. As architectures shift, data flows multiply and artificial intelligence-driven development accelerates, organizations face a moving target: securing APIs amid constant technological change.

See Also: Real-Time Application and Cloud Workload Protection

For Sam Chehab, head of security at Postman, the answer is to embed protection directly into the development life cycle rather than treating it as an external process. This means "finding the right hooks in the engineering life cycle to ensure that you're working within their workflow instead of outside of their workflow," he said, underscoring the need for integrated secrets handling, regional data controls and guardrails that scale with teams.

In this video interview with Information Security Media Group at AWS re:Invent 2025, Chehab also discussed:

• Why evolving API paradigms and ...