DevCentral Connects Recap: Open Finance, APIs, AI & Security

Did you miss our latest DevCentral Connects livestream? No worries—we recorded a great conversation about one of the hottest topics in financial services today: open finance. We unpacked Twimbit's 2025 Global State of Open Finance report and explored how the industry is evolving from “open banking” into the broader open finance movement — and what that means for APIs, security, regulation and the customer journey.

Watch the full conversation here: DevCentral Connects - Open Finance Security Risks, Compliance And Architectures

 

What we covered (high-level takeaways)

  • The shift from open banking to open finance
    • Open finance expands the scope beyond payments and banking data to include investments, insurance, pensions and more. That broadening creates new opportunities for innovation — and a much wider attack surface to secure.
  • API security risks grow as open finance scales
    • More endpoints, more data sharing, more third parties = more risk. We discussed practical countermeasures: strong API authentication/authorization (OAuth2, mTLS where appropriate), per‑API rate limits, threat detection, and consistent enforcement via an API gateway or security fabric.
  • Shadow APIs and visibility gaps
    • Shadow APIs (undocumented/unsupported endpoints) are a major blind spot. Inventory and runtime discovery, API cataloging, and centralized logging/telemetry are essential first steps. If you can’t see it, you can’t secure it.
  • Securing the customer journey end‑to‑end
    • Security can’t be an afterthought at the API layer alone. Protect the entire flow — device, client apps, API gateways, backend services and data stores — and apply risk‑based controls where customer friction would otherwise spike.
  • AI’s impact on financial ecosystems
    • AI brings capability (fraud detection, personalization, automation) and risk (adversarial attacks, model bias, data exfiltration). We covered operationalizing AI safely — model monitoring, provenance, access controls and explainability where regulation requires it.
  • Regulatory landscape and practical compliance
    • Regulations continue to evolve across regions. Compliance is not just legal paperwork — it’s about building controls that support auditability, consent management, data minimization and robust identity verification.

 

Actionable next steps for teams

  • Start with discovery: map your APIs, dependencies and third‑party integrations.
  • Apply least privilege and strong identity for APIs and service accounts.
  • Centralize enforcement: use API gateways, WAFs, and observability tools to get consistent policies and telemetry.
  • Hunt shadow APIs with runtime discovery tools and CI/CD checks.
  • Treat AI models as components — build monitoring, access control and incident playbooks for them.

 

Join the conversation

We want to hear from you: how is open finance shaping your architecture, security posture or product strategy? Drop a comment on the video or share your thoughts here — what are you worried about, and what are you doing about it?

 

Watch the full discussion

 

Published Aug 26, 2025
Version 1.0
No CommentsBe the first to comment