SAIL

/

Deploy - Runtime Guardrails

/

Insecure API Endpoint Configuration

5.1

.

Insecure API Endpoint Configuration

sail
5.1
Risk

Insecure API Endpoint Configuration

Description

Weak authentication, lack of encryption, misconfigured CORS, or other API security flaws, exposing the endpoint to unauthorized access or attacks.

Example

API endpoint deployed with HTTP instead of HTTPS, no authentication.

Assets Affected

Model Inference endpoint

AI access credentials

Mitigation
  • Enforce strong authentication, HTTPS, proper CORS, WAFs
  • Pre-deployment security checks
Standards Mapping
  • ISO 42001: A.6.2.5, A.8.2
  • NIST AI RMF: MEASURE 2.7, MANAGE 2.4
  • DASF v2: MODEL SERVING 9.11