For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

DevCentral Connects Recap: Open Finance, APIs, AI & Security

Did you miss our latest DevCentral Connects livestream? No worries—we recorded a great conversation about one of the hottest topics in financial services today: open finance. We unpacked Twimbit's 2025 Global State of Open Finance report and explored how the industry is evolving from “open banking” into the broader open finance movement — and what that means for APIs, security, regulation and the customer journey.

Watch the full conversation here: DevCentral Connects - Open Finance Security Risks, Compliance And Architectures

 

What we covered (high-level takeaways)

  • The shift from open banking to open finance
    • Open finance expands the scope beyond payments and banking data to include investments, insurance, pensions and more. That broadening creates new opportunities for innovation — and a much wider attack surface to secure.
  • API security risks grow as open finance scales
    • More endpoints, more data sharing, more third parties = more risk. We discussed practical countermeasures: strong API authentication/authorization (OAuth2, mTLS where appropriate), per‑API rate limits, threat detection, and consistent enforcement via an API gateway or security fabric.
  • Shadow APIs and visibility gaps
    • Shadow APIs (undocumented/unsupported endpoints) are a major blind spot. Inventory and runtime discovery, API cataloging, and centralized logging/telemetry are essential first steps. If you can’t see it, you can’t secure it.
  • Securing the customer journey end‑to‑end
    • Security can’t be an afterthought at the API layer alone. Protect the entire flow — device, client apps, API gateways, backend services and data stores — and apply risk‑based controls where customer friction would otherwise spike.
  • AI’s impact on financial ecosystems
    • AI brings capability (fraud detection, personalization, automation) and risk (adversarial attacks, model bias, data exfiltration). We covered operationalizing AI safely — model monitoring, provenance, access controls and explainability where regulation requires it.
  • Regulatory landscape and practical compliance
    • Regulations continue to evolve across regions. Compliance is not just legal paperwork — it’s about building controls that support auditability, consent management, data minimization and robust identity verification.

 

Actionable next steps for teams

  • Start with discovery: map your APIs, dependencies and third‑party integrations.
  • Apply least privilege and strong identity for APIs and service accounts.
  • Centralize enforcement: use API gateways, WAFs, and observability tools to get consistent policies and telemetry.
  • Hunt shadow APIs with runtime discovery tools and CI/CD checks.
  • Treat AI models as components — build monitoring, access control and incident playbooks for them.

 

Join the conversation

We want to hear from you: how is open finance shaping your architecture, security posture or product strategy? Drop a comment on the video or share your thoughts here — what are you worried about, and what are you doing about it?

 

Watch the full discussion

 

Published Aug 26, 2025
Version 1.0
API Discovery
API Security
banking
financial services
Open Banking
open finance
No CommentsBe the first to comment