Cequence Platform 9.0 Brings Agentic AI to API Security and Compliance Workflows
- 14 minutes ago
- 4 min read
Cequence Security is betting that the next major interface for API security will not be another dashboard. It will be a conversation with an AI agent that can investigate risk, draft controls, generate reports, and explain exactly what it is doing before a human approves the change.
The Santa Clara-based API security company announced general availability of Cequence Platform 9.0, a major AI-native release designed to let security teams, internal AI assistants, and automation tools query and act on API security data directly. The release includes a built-in AI Assistant, an open Model Context Protocol server, a library of more than 250 pre-built risk rules mapped to 25 compliance frameworks, and a rebuilt API security engine intended for large enterprise environments.
The launch lands as companies are rapidly adopting agentic AI systems that rely heavily on APIs to connect applications, data, services, and customer-facing workflows. That shift is increasing the pressure on security teams to understand where sensitive APIs exist, which endpoints are exposed, and how emerging AI-driven traffic changes the risk profile of modern applications.
Cequence’s pitch is that API security tools need to become usable by more than just specialists. Platform 9.0 allows users to ask plain-language questions such as which API risk matters most right now, what compliance gaps exist, or which endpoints require attention. The AI Assistant then pulls from live platform data to return ranked findings, supporting evidence, and recommended next steps.
“Most vendors looked at the agentic era and added a chatbot. We looked at it and rebuilt the architecture. Cequence Platform 9.0 exposes the entire Cequence platform through an open MCP architecture so any agent can operate it directly, whether through our built-in AI Assistant, or a customer’s own agent. That is what AI-native actually means: the UI becomes optional. We are building for the way the agentic enterprise already works, while making sure a human approves every change along the way,” said Ameya Talwalkar, CEO and Co-Founder at Cequence.
The Model Context Protocol support is one of the more important pieces of the release. Instead of limiting AI use to Cequence’s own assistant, the company is opening platform capabilities to MCP-capable agents, SOAR platforms, and automation workflows. In practice, that means an enterprise could connect its own AI security assistant to Cequence and use it to classify APIs, investigate anomalous behavior, draft rules, or generate audit evidence without building a custom integration from scratch.
Cequence says the system is designed with governance controls built in. Read-only actions can run freely, but any write action requires explicit human approval. The platform also shows the reasoning behind responses and the tool calls used to produce them. If the assistant does not have the right tool to complete a task, the company says it will say so rather than fabricate an answer.
That design directly addresses one of the biggest concerns about using AI in cybersecurity operations: trust. Security teams may want faster investigation and automation, but few are comfortable giving autonomous systems unchecked authority to make changes to production security controls.
“Most security chatbots are only as useful as the person asking the questions, which means they fall flat in the hands of anyone who is not already an expert. We built the Platform 9.0 agent differently. It runs a full agentic loop, planning which tools answer the question, calling them, and synthesizing ranked, evidence-backed recommendations while showing you exactly how it got there. When it does not have the tool to do something, it tells you instead of guessing. That governance-first design is not an afterthought. It is the same conviction behind the Cequence AI Gateway, and it is what makes this safe to put in front of any practitioner from the start,” said Shreyans Mehta, CTO and Co-Founder at Cequence.
Platform 9.0 also focuses heavily on compliance, a common driver behind API security purchases. The release includes more than 250 risk rules mapped to 25 global and regional frameworks, including OWASP API Security Top 10, PCI DSS, GDPR, HIPAA, SOC 2, ISO 27001, NIST CSF, DORA, NIS2, LGPD, SAMA, and MAS TRM.
The platform can generate audit-ready reports from live API data, map findings to framework-specific controls, score risk by control area, and provide remediation guidance. For teams that need to test new rules before flooding security queues with findings, Cequence added an observe mode and a test panel for validating rules against sample request and response data before activation.
The company also says it rebuilt the underlying API security engine to support far larger API estates. Platform 9.0 is designed to support a 50x increase in API endpoints while keeping page load times under five seconds across views, according to Cequence. The company also claims the new architecture lowers CPU usage, which could reduce infrastructure costs for enterprises running deployments on premises.
The broader signal is clear: API security is moving from discovery and alerting toward AI-assisted operations. As enterprises deploy more AI agents, API endpoints are likely to multiply across internal tools, SaaS platforms, customer applications, and automation layers. That makes it harder for security teams to rely on manual navigation, static reports, or specialist-only workflows.
Cequence Platform 9.0 is now available for new customers.