DevCentral Connects Recap: Open Finance, APIs, AI & Security
Did you miss our latest DevCentral Connects livestream? No worries—we recorded a great conversation about one of the hottest topics in financial services today: open finance. We unpacked Twimbit's 2025 Global State of Open Finance report and explored how the industry is evolving from “open banking” into the broader open finance movement — and what that means for APIs, security, regulation and the customer journey.
Watch the full conversation here: DevCentral Connects - Open Finance Security Risks, Compliance And Architectures
What we covered (high-level takeaways)
- The shift from open banking to open finance
- Open finance expands the scope beyond payments and banking data to include investments, insurance, pensions and more. That broadening creates new opportunities for innovation — and a much wider attack surface to secure.
- API security risks grow as open finance scales
- More endpoints, more data sharing, more third parties = more risk. We discussed practical countermeasures: strong API authentication/authorization (OAuth2, mTLS where appropriate), per‑API rate limits, threat detection, and consistent enforcement via an API gateway or security fabric.
- Shadow APIs and visibility gaps
- Shadow APIs (undocumented/unsupported endpoints) are a major blind spot. Inventory and runtime discovery, API cataloging, and centralized logging/telemetry are essential first steps. If you can’t see it, you can’t secure it.
- Securing the customer journey end‑to‑end
- Security can’t be an afterthought at the API layer alone. Protect the entire flow — device, client apps, API gateways, backend services and data stores — and apply risk‑based controls where customer friction would otherwise spike.
- AI’s impact on financial ecosystems
- AI brings capability (fraud detection, personalization, automation) and risk (adversarial attacks, model bias, data exfiltration). We covered operationalizing AI safely — model monitoring, provenance, access controls and explainability where regulation requires it.
- Regulatory landscape and practical compliance
- Regulations continue to evolve across regions. Compliance is not just legal paperwork — it’s about building controls that support auditability, consent management, data minimization and robust identity verification.
Actionable next steps for teams
- Start with discovery: map your APIs, dependencies and third‑party integrations.
- Apply least privilege and strong identity for APIs and service accounts.
- Centralize enforcement: use API gateways, WAFs, and observability tools to get consistent policies and telemetry.
- Hunt shadow APIs with runtime discovery tools and CI/CD checks.
- Treat AI models as components — build monitoring, access control and incident playbooks for them.
Join the conversation
We want to hear from you: how is open finance shaping your architecture, security posture or product strategy? Drop a comment on the video or share your thoughts here — what are you worried about, and what are you doing about it?
Watch the full discussion