With the rise of agentic AI, API exposure has proliferated. Agents fan out call paths and amplify traffic, effectively turning APIs into the enterprise “plumbing” of operations, according to Michael Callahan, chief marketing officer of Salt Security. This has created the “API fabric” — a complex, constantly moving mesh of connections that enterprises struggle to see, let alone secure. A large part of the API security conversation is on the role of MCP, an open standard championed by Anthropic PBC, and A2A, Google’s protocol for agent-to-agent interactions, according to Nicosia. Both sit atop existing APIs, acting as brokers to manage data retrieval and collaboration between agents. “For us, the visibility of the AIs and the MCPs … the protocols are so paramount because you can’t protect what you don’t know,” Nicosia said. “Having that visibility from either a zombie API or a zombie MCP protocol server, we give you that visibility. At least you’re aware of all of this proliferation that’s going on with the organization. And then how do you govern it? And then how do you protect against it?” Salt’s momentum has been bolstered by its close partnership with CrowdStrike Holdings Inc. The company is a Falcon Fund portfolio company and has integrated its API security solutions with CrowdStrike’s Falcon platform and next-generation security information and event management. Together, they provide customers with unified visibility across APIs and AI-driven workflows, Nicosia added.