NewsExploring the Future of API Security and Identity at Platform Summit 2025 - Read blog post!
Exploring the Future of API Security and Identity at Platform Summit 2025

Every year, Platform Summit gathers the global API community to explore the most pressing challenges and opportunities shaping the world of APIs and the digital world as a whole. In 2025, these conversations feel more critical than ever. APIs are powering all the essential services across finance, healthcare, public sector and many other industries, while AI-driven clients and automated processes are transforming the way systems are built, consumed and secured.

At Curity, we see several themes as most critical for the future of API security and identity - and we are excited to share some of those in October.

API Security: a Longstanding Focus

API security has always been at the core of our work, and it is a topic we have consistently championed at Platform Summit. Over time, we have seen the field grow from protecting endpoints with API keys to securing entire digital ecosystems, with identity and authorization playing a central role.

That’s why we’re especially excited about the introduction of the API Security Unconference on Day 0 (October 13) where participants are encouraged to bring their most challenging questions and experiences and to explore them in an open and collaborative way. Curity identity specialists will join as moderators, helping guide the conversation and connect real-world challenges to practical solutions, as well as share their knowledge and expertise. For us, it’s inspiring to see API security take center stage in such a dynamic format, reflecting how essential it has become.

The Rise of Non-Human Identities

Traditionally, APIs were built for human users or business integrations, authenticated and authorized through predictable flows. But today, APIs are increasingly consumed by AI clients, autonomous agents and ephemeral processes that exist only for moments at a time. These non-human identities create new challenges: permissions that linger after their purpose, workloads that operate outside human oversight and risks that can be hard to detect.

Curity’s CTO, Jacob Ideskog, will explore this shift in his talk, Ghosts, Zombies, and Robots: Handing Off Control to the Non-Humans. Using these metaphors, he will examine how OAuth can be adapted to protect privacy, reduce risk and restore control in a world where API actors are often invisible, uncontrollable, or short-lived.

MCP and the AI-to-API Connection

The emergence of the Model Context Protocol (MCP) highlights how AI systems are increasingly using APIs at scale. While MCP leverages OAuth, its unique patterns raise important questions. Is an MCP client just another OAuth client, or does it demand new infrastructure, policies and safeguards?

In MCP Client — Just Another OAuth Client?, Michal Trojanowski will examine how securing MCP differs from traditional client security, offering best practices for consent, refresh tokens and MCP gateways.

Complementing this, Gary Archer will deliver How to Design Secure MCP Deployments, a lightning talk that looks at authorization-first architectures, the threats MCP introduces and practical flows that maximize value while mitigating risk. Together, these sessions will offer both a conceptual and hands-on view of how to secure AI-to-API interactions responsibly.

Identity as a Strategic Lever

As more digital services are built API-first, identity has become the decisive control point. Whoever governs access effectively governs the system itself. With rising geopolitical tension and growing dependence on third-party cloud services, identity management becomes a matter of sovereignty.

Daniel Lindau will speak on this in Identity: The Kill Switch for API-Driven Digital Sovereignty. He will address the systemic risks of outsourcing identity and authorization to external providers, and show how open standards and wallet-based identities offer a path to restoring autonomy at organizational, sector and even national levels.

Looking Ahead

The intersection of AI, APIs and identity brings enormous potential, but also unprecedented challenges. 

Platform Summit 2025 provides an important opportunity to explore these topics together. For Curity, it is a chance to contribute to the ongoing conversation about how we can build an internet that remains open, secure, and sovereign in the age of automation.

We look forward to seeing many of you at the Summit this October.

BlogView all tags

Join The Discussion

Follow @curityio on X and Bluesky

Next steps

Ready to modernize IAM?

Start Today - Build security and improve ease of use to stay ahead of the competition.

Free trial icon representing Start a free trial

Start a Free Trial

Calendar icon representing Book a Call

Book a Call

User with a computer icon representing Speak to an Identity Specialist

Speak to an Identity Specialist

Book icon representing Explore learning resources

Explore learning resources