StackHawk announced Sensitive Data Identification to give security teams visibility into high-risk APIs across thousands of code repositories within an organization.
With most security teams only aware of approximately 10% of their API attack surface, StackHawk illuminates the complete API landscape, including shadow APIs, zombie APIs that are no longer under active development, and ghost APIs that bypass traditional gateways.
Leveraging StackHawk’s existing API Discovery platform, which automatically uncovers APIs directly from source code repositories, Sensitive Data Identification enables security teams to prioritize testing of critical APIs handling sensitive data references, such as PII fields, cardholder data, and health information, based on both data sensitivity and rate of change.
“Security teams are overwhelmed by expanding API landscapes they can’t see,” said Joni Klippert, CEO of StackHawk. “We have customers in highly regulated industries like healthcare and financial services, where most APIs remain invisible to security teams—yet these APIs represent the highest security and compliance risk. StackHawk is the only platform that discovers your complete API attack surface from source code, identifies which APIs handle sensitive data, and helps security teams prioritize what to test first based on actual risk.”
By giving security teams the ability to discover their hidden API attack surface and then prioritize testing based on data sensitivity and development activity, companies in high-stakes industries, such as healthcare and fintech, are seeing significant improvements in their security posture and resource allocation.
“With visibility into high-risk vulnerabilities and the APIs that handle sensitive data, I can prioritize testing what matters most,” said Brian Anderson, Technical Manager at Unlimited Systems. “When I see PHI at risk in a critical feature, I know it’s time to get my team testing it immediately.”
This launch reinforces StackHawk’s approach of starting where the code lives, providing complete visibility into API landscapes from legacy systems to rapidly evolving applications and shadow APIs that have emerged outside of governance. Unlike traditional methods that only reveal public endpoints, StackHawk exposes the complete attack surface, ensuring that no critical API goes untested.
StackHawk was recently named the outstanding API security platform by the Global Infosec Awards at RSA 2025. These prestigious global awards, by Cyber Defense Magazine, recognize innovators with compelling value propositions for their products in competitive infosecurity industries. StackHawk is reimagining API security testing by bridging the gap between development velocity and security coverage.
