Hi,
This week I read about the security incident at Composio and it made me stop and think a little differently about API security in the age of AI agents.
At first I thought this was going to be another API breach story, but the more I read, the more I felt this is actually a preview of where our industry is going.
Composio connects AI agents to systems like Gmail, Slack, GitHub, Jira and Salesforce. In simple words, they help AI tools not only “talk”, but actually perform actions on behalf of users and organizations.
What interested me is that this attack was not really about breaking into an API in the old way. The APIs themselves were mostly legitimate. The tokens were legitimate. The access flows were legitimate. The problem was in the trust between systems, agents, permissions and automation.
And honestly, I think this is where security becomes much more complicated.
For years we got used to thinking in fairly clear definitions: good traffic vs bad traffic, valid user vs attacker, allowed action vs blocked action.
But AI agents blur these lines.
If an AI agent has permission to access systems, use APIs, read data and execute actions, then the real question becomes not only “is this request malicious?”, but also “does this behavior make sense?”.
That is a very different type of security problem.
While reading this incident, I kept thinking about how much the discussion is shifting toward behavior, business logic and runtime decision-making, not only vulnerabilities.
Article:
Composio Security Incident