Impart Resources
Impart Product Update - Nov 2025
We’ve delivered a major round of upgrades across the Impart platform, introducing new AI Bot/MCP and LLM Protection dashboards, a refreshed and more intuitive App Experience, a high-performance Inspector v0.42.0 release, expanded Inspector Metrics for deeper operational visibility, and new SQLi and XSS version control, allowing teams to choose between Detection Version 1, Version 2, or always use the latest release. These updates make it easier than ever to understand AI-driven traffic, configure protections with clarity, manage detection behavior with precision, monitor system performance, and optimize your entire Impart deployment.
MCP Security vs. MCP Protection
MCP security and MCP protection are used almost interchangeably, but they describe fundamentally different approaches. One vendor means access control and authentication. Another means runtime threat detection. Both call it MCP security. This post breaks down the differences, where the real value is, and where the gaps are that neither fully closes on its own.
Filters
Unfiltered Takeaways from API World 2023
We had a great time at API World 2023! Being immersed in the world of APIs and getting to talk with professionals who are shaping the future of technology was invigorating.Although I saw many innovative things, there were three themes in particular that kept surfacing:
1. Not all developers care about security like I do
2. The staying power of legacy IT such as NGINX
3. AI is Everywhere, But It's Not Always Impressive
4 Key Takeaways from OWASP Global DC
After attending OWASP Global DC 2023, there are 4 key takeaways I want to share: (1) Events are back!
(2) AI is being used by everyone, but not well productized. Within the OWASP crowd, AI is viewed as a a "good enough" solution for many problems like static analysis of code. Surprisingly, privacy concerns were not as big of an issue as I thought they would be by practitioners on the ground—the perceived value and benefits people are getting from the tools is, so far, outweighing the perceived security risk of data leaking into public LLMs.
(3) Everyone is an ASPM now. (4) API Security is now a well-understood and accepted problem. Everyone I spoke with at this event knew what the problem was, and furthermore had already tried and failed to secure their APIs using existing solutions like SAST, DAST, and WAF.
Know Your Enemy, Know Yourself: Why WAFs can't protect your APIs
My initial take on API Security was that we could provide API security with a WAF. After all, API traffic is predominantly HTTP, just like a web application. I thought that all we needed to do to provide API security is to block bad API requests. It also didn’t hurt that I worked at a WAF vendor at the time.However, the more I spoke with customers and CISOs, the more I realized that this approach didn’t work. Our WAF had no way to answer the most basic API security questions I was being asked by customers...
.avif)
.png)
.avif)
