The Business Impact:
“While many companies talk about a shift-left model, at Ada, we really embrace that. Security is a wholly separate team from development, but everything we do is centered on the belief that security is baked in from the start. APIsec helps our security team fill documentation gaps, eliminating friction. With APIsec, we capture and deliver critical insights about vulnerabilities with very little noise (false positives) and feed those insights directly into our existing ticketing system as part of the CI/CD process.”
About Ada
Company: Ada
Founded: 2016
Industry: Automated Brand Interaction
Mission: Ada is an AI-powered customer service automation platform on a mission to make customer service extraordinary for everyone.
Ada's award-winning platform has empowered over 320 brands to automate more than 2.6 billion interactions, delivering exceptional customer experiences.
Business Challenge
Ada faced several key challenges as they scaled rapidly:
- Managing a broad library of APIs with inconsistent documentation.
- Maintaining a shift-left security approach without introducing development friction.
- Ensuring API security without impacting platform performance.
Ada’s security organization sought an automated, continuous, and proactive API security solution that did not require proxies, agents, or any intrusive components that could degrade performance.
The Solution
Ada chose APIsec as the cornerstone of their API security program to ensure a strategy and solution that allowed them to:
- Rapidly onboard a vast library of APIs.
- Detect security vulnerabilities early in the SDLC.
- Maintain a shift-left approach with an automated solution that integrates with existing CI/CD processes.
With APIsec, Ada can proactively protect their APIs through automated, continuous penetration testing, uncovering and remediating security vulnerabilities and logic flaws that could lead to breaches and data loss.
The Business Impact
Frictionless Deployment Delivers Rapid Value
“We evaluated A LOT of API security solutions. But even the solutions that promised to run parallel, without any code or, agent, or proxy to run, still had to insert something upfront to learn our APIs. APIsec was unique. The only requirement was that I give them our URL, and from there, the APIsec solution was able to learn each API, identify all of our endpoints, and reverse-engineer the documentation we needed to onboard our APIs. We had been trying and failing with another solution for months to get to this point.”
— Jason Barr, Chief Information Security Officer, Ada
Shift-Left by Design
“While many companies talk about a shift-left model, at Ada, we really embrace that. Security is a wholly separate team from development, but everything we do is centered on the belief that security is baked in from the start. APIsec helps our security team fill documentation gaps, eliminating friction. With APIsec, we capture and deliver critical insights about vulnerabilities with very little noise (false positives) and feed those insights directly into our existing ticketing system as part of the CI/CD process.”
— Jason Barr, Chief Information Security Officer, Ada
Extend Valuable Security Resources
“Like most organizations, our security team is a fraction of our development team. APIsec gives us the ability to proactively, continuously pen test our APIs with less than a single, dedicated resource, and frees up that resource to focus additional time on only the most complex/new attack scenarios.”
— Jason Barr, Chief Information Security Officer, Ada
Risk Reduction and Improved Visibility
“In addition to supporting our annual SOC II certification process, the continuous and detailed insights from the APIsec platform help Ada ensure we are maintaining proper cybersecurity hygiene and remain good stewards of customer data in line with GDPR and CCPA.”— Jason Barr, Chief Information Security Officer, Ada
Looking Ahead: Continuous Improvement in API Security
Ada is committed to further strengthening their API security measures with a focus on:
- Expanding Testing Coverage: Continuously broadening the scope of API security tests to cover new functionalities and services.
- Enhancing Automation: Increasing automation in security processes to reduce manual intervention and accelerate response times.
- Ongoing Training: Investing in continuous training for their development and security teams to stay updated with the latest security practices and threats.
- Collaborating with APIsec: Leveraging new features and updates from APIsec to enhance their security posture.
By focusing on these areas, Ada aims to stay ahead of potential threats, ensuring robust protection of sensitive data and reinforcing their commitment to security and customer trust.