Mobile applications have become a primary gateway to some of an organization’s most sensitive systems. Banking apps process financial transactions. Healthcare apps provide access to medical information. Retail apps store payment details and purchasing histories. Connected vehicle apps can even control physical functions.
Behind each of these applications is a collection of APIs responsible for exchanging data and executing commands. Attackers are increasingly using artificial intelligence to target those APIs at a speed and scale that traditional defenses may struggle to match.
When the press release announcing Approov’s latest platform upgrade came across my desk, the underlying issue caught my attention. The announcement was about a particular product, but the larger story—the growing ability of agentic AI to impersonate legitimate mobile applications and attack their APIs—is something BSM readers will certainly want to understand.
This is not simply another example of a vendor adding AI-related language to a product announcement. It points to a meaningful change in how quickly attackers can study mobile APIs, imitate trusted traffic, and adapt when defenses stand in their way.
When Malicious Traffic Looks Legitimate
Many mobile API attacks do not originate from a compromised copy of the legitimate application.
Instead, attackers study how the app communicates with its backend systems. They then reproduce those requests using scripts, emulators, automated tools, or infrastructure hosted in data centers.
To the API, the resulting traffic may appear to be coming from an authorized mobile device.
Agentic AI tools could make this impersonation significantly easier.
An AI agent can potentially probe APIs, analyze responses, adjust its tactics, and repeat the process with limited human direction. Tasks that once required an attacker to spend days or weeks studying an application may increasingly be automated.
That changes the economics of API attacks.
A threat actor may be able to launch more attacks, test more variations, and adapt more quickly when a defensive control blocks a particular technique.
“Agentic AI has changed the economics of attacking mobile APIs,” said Ted Miracco, CEO of Approov. “Attacks that once took weeks of engineering can now be launched in minutes, and they adapt faster than signature-based defenses can respond.”

The Problem With Trusting the Request
Traditional API security measures often evaluate the request itself.
They may check credentials, tokens, IP addresses, traffic patterns, or other indicators associated with the connection. These remain important controls, but they may not establish whether the request actually came from the organization’s legitimate mobile application.
A request can contain a valid credential and still be malicious.
Credentials may be stolen through phishing, malware, credential stuffing, or weaknesses in account recovery processes. Attackers may also replay captured API traffic or attempt to forge the tokens used to validate a session.
This makes the origin of the request an important part of the security decision.
Is the request coming from the authentic application?
Has the application been modified?
Is it running on a legitimate device, or is the traffic originating from an emulator, script, or server farm?
Without reliable answers, an API may be asked to distinguish between a customer and an attacker based largely on traffic that the attacker is actively trying to imitate.
Verifying the App, Not Just the User
Mobile app attestation is intended to address this problem by requiring evidence that an API request originated from a genuine, untampered application running in an acceptable environment.
Approov applies this approach to mobile apps and their APIs. The company says it currently processes billions of verifications for organizations in banking, healthcare, retail, and automotive markets.
Its newly announced Approov 2026 Version 3.6 expands the company’s global attestation infrastructure while adding capabilities designed to help security teams detect and respond to AI-driven attacks.
The platform evaluates the application and device before protected backend systems accept the request. A script or spoofed client running in a data center should not be able to provide the same proof as the authentic mobile application.
This adds another trust decision beyond determining whether the request contains a valid username, password, or token.
Extending Protection Without Adding Friction
Security checks are only effective if they can operate without disrupting legitimate users.
Attestation introduces an additional verification step, so latency and availability are important considerations—especially for organizations with customers distributed across multiple regions.
Approov has deployed new regional infrastructure in Mexico and plans to add a region in Milan. According to the company, the expansion will improve response times for users across Central America, the southern United States, Southern Europe, the Middle East, and parts of Africa.
The network operates across multiple independent cloud providers and uses automatic failover and intelligent traffic routing.
The objective is to perform security checks close enough to users that the verification is effectively invisible during normal application use.
Turning APIs Into Threat Sensors
Attestation data may also give security operations teams greater visibility into attempted API abuse.
Approov 2026 allows backend systems to decode device and application threat signals locally and send the results to platforms such as Splunk, Microsoft Sentinel, or another security information and event management system.
This can help analysts correlate a failed app verification with other information about the request, such as the originating address, targeted account, geographic location, or frequency of activity.
The release also expands forgery detection through cryptographic message signatures and increased visibility into valid, failed, and potentially attacker-signed tokens.
These distinctions could become increasingly valuable as AI agents generate and test counterfeit credentials at scale.
A failed verification is useful. Knowing that an attacker is actively attempting to forge the verification mechanism provides a stronger indication of malicious intent.
Responding Without Locking Out Customers
Fast-moving attacks create another operational challenge.
Security teams may recognize a new pattern but hesitate to deploy a stricter policy because of the risk of blocking legitimate customers. An overly aggressive response can turn a security incident into a customer-service outage.
Approov 2026 introduces gradual policy rollouts to reduce that risk.
A new defense can first be applied to a small percentage of traffic. Security teams can observe the results, identify unexpected effects, and expand the policy once they are confident it will not interfere with legitimate activity.
“This release is a direct response to how fast the threat landscape is moving,” said Jae Hossell, CTO of Approov. “Security teams shouldn’t have to choose between reacting quickly and protecting their users’ experience.”
The platform also includes configurable alerts for unusual increases in failed verifications and global anomaly detection across Approov’s customer environment. If several customers experience similar failure patterns simultaneously, the activity may provide an early indication of a broader attack or infrastructure problem.
Automated secret rotation further reduces the need for manual intervention when backend keys and secrets must be replaced.
A Changing Mobile Security Model
Agentic AI does not necessarily introduce an entirely new class of mobile API attack.
Many of the underlying tactics—application impersonation, traffic replay, credential abuse, emulation, and token forgery—already exist.
What AI changes is the potential speed, adaptability, and scale of those attacks.
That makes it increasingly risky to assume that a correctly formatted request must have come from the legitimate application. Attackers are becoming better equipped to reproduce the expected traffic and adjust when a defense recognizes their behavior.
Organizations may need to place more emphasis on continuously proving the origin and integrity of each request.
For mobile APIs handling financial information, health records, customer accounts, or connected physical systems, knowing the user’s credentials may no longer be enough.
Security teams must also be able to determine whether the application presenting those credentials can be trusted.
Steven Bowcut is the Editor-in-Chief of Brilliance Security Magazine and host of the BSM Podcast. He has spent years covering cybersecurity and physical security, focusing on the technologies, strategies, and leadership insights that matter most to security practitioners and decision-makers. Through the magazine and podcast, Steven brings readers and listeners practical content with industry leaders, innovators, and experts shaping the future of security. Follow and connect with Steve on Instagram and LinkedIn.

