TL;DR: Runtime AI and API security now has to track live behaviour across endpoints, consumers, and MCP servers because shadow routes, endpoint scope creep, and weak authentication can expose sensitive data even when systems look documented, according to Upstream Security. Static gateway enforcement is no longer enough when perimeter assumptions trail runtime change.
NHIMG editorial — based on content published by Upstream Security: AI in Mobilty Cybersecurity Runtime AI and API Security Rethinking the Perimeter
Questions worth separating out
Q: What breaks when endpoint controls rely on static gateways instead of runtime behaviour?
A: Static gateway controls fail when the endpoint’s purpose changes after deployment.
Q: Why do internal and legacy APIs become high-risk over time?
A: They become high-risk when they keep accepting traffic after their original assumptions have expired.
Q: What do security teams get wrong about shadow data?
A: Many teams treat shadow data as a discovery problem when it is also a governance problem.
Practitioner guidance
- Map live endpoint consumers continuously Correlate each active endpoint with the users, services, agents, and tools currently calling it so that behavioural changes are visible before the endpoint’s purpose drifts.
- Classify endpoint sensitivity in motion Reassess whether an endpoint is low, medium, or high risk based on the data it now handles and the actions it can perform, then escalate review when the classification changes.
- Retire compatibility routes aggressively Remove legacy versions, test utilities, and internal portals once their business purpose ends, and require explicit revalidation before they remain reachable in production traffic.
What's in the full article
Upstream Security's full analysis covers the operational detail this post intentionally leaves for the source:
- The article’s endpoint-by-endpoint breakdown of where shadow routes, backend tools, and customer portals slip past perimeter assumptions.
- The runtime AI and digital twin explanation for how live traffic can surface hidden APIs and unexpected authentication gaps.
- The detailed research example showing how client-side bypasses and exposed backend APIs lead to large-scale data extraction.
- The broader AI and API security framing that connects machine-to-machine integrations, MCP servers, and live behavioural monitoring.
👉 Read Upstream Security's analysis of hidden endpoint blast radius in AI and API security →
Hidden endpoint blast radius: are your API controls keeping up?
Explore further
Runtime perimeter drift is now an identity problem, not just an API problem: The article shows that endpoints become risky when their consumer set, data sensitivity, and authentication expectations evolve faster than governance. That is an identity issue because authorisation now depends on live operational context, not a fixed perimeter. Teams that still treat APIs as static assets are governing yesterday’s trust model, not today’s runtime reality.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- 48% of companies say they cannot track and audit the data their AI agents access, leaving a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How should teams govern endpoints that sit inside machine-to-machine flows?
A: Teams should govern them as access-bearing assets, not as passive infrastructure. If an MCP server or backend route can trigger actions, receive sensitive telemetry, or expose administrative functions, it needs runtime classification, ownership, and review. That keeps machine-to-machine access tied to purpose instead of permanent trust.
👉 Read our full editorial: Hidden endpoint blast radius is redefining API and AI security