DevCentral Connects Recap: Open Finance, APIs, AI & Security

Did you miss our latest DevCentral Connects livestream? No worries—we recorded a great conversation about one of the hottest topics in financial services today: open finance. We unpacked Twimbit's 2025 Global State of Open Finance report and explored how the industry is evolving from “open banking” into the broader open finance movement — and what that means for APIs, security, regulation and the customer journey.

Watch the full conversation here: DevCentral Connects - Open Finance Security Risks, Compliance And Architectures

What we covered (high-level takeaways)

The shift from open banking to open finance
- Open finance expands the scope beyond payments and banking data to include investments, insurance, pensions and more. That broadening creates new opportunities for innovation — and a much wider attack surface to secure.
API security risks grow as open finance scales
- More endpoints, more data sharing, more third parties = more risk. We discussed practical countermeasures: strong API authentication/authorization (OAuth2, mTLS where appropriate), per‑API rate limits, threat detection, and consistent enforcement via an API gateway or security fabric.
Shadow APIs and visibility gaps
- Shadow APIs (undocumented/unsupported endpoints) are a major blind spot. Inventory and runtime discovery, API cataloging, and centralized logging/telemetry are essential first steps. If you can’t see it, you can’t secure it.
Securing the customer journey end‑to‑end
- Security can’t be an afterthought at the API layer alone. Protect the entire flow — device, client apps, API gateways, backend services and data stores — and apply risk‑based controls where customer friction would otherwise spike.
AI’s impact on financial ecosystems
- AI brings capability (fraud detection, personalization, automation) and risk (adversarial attacks, model bias, data exfiltration). We covered operationalizing AI safely — model monitoring, provenance, access controls and explainability where regulation requires it.
Regulatory landscape and practical compliance
- Regulations continue to evolve across regions. Compliance is not just legal paperwork — it’s about building controls that support auditability, consent management, data minimization and robust identity verification.

Actionable next steps for teams

Start with discovery: map your APIs, dependencies and third‑party integrations.
Apply least privilege and strong identity for APIs and service accounts.
Centralize enforcement: use API gateways, WAFs, and observability tools to get consistent policies and telemetry.
Hunt shadow APIs with runtime discovery tools and CI/CD checks.
Treat AI models as components — build monitoring, access control and incident playbooks for them.

Join the conversation

We want to hear from you: how is open finance shaping your architecture, security posture or product strategy? Drop a comment on the video or share your thoughts here — what are you worried about, and what are you doing about it?