# Overview

Akto's API security posture gives you a comprehensive view of all crucial information such as identified issues, data exposure risks and test coverage, giving you clear visibility into the security of your APIs and enabling proactive management of vulnerabilities.

<figure><img src="/files/3aoydEOuWGJ86G6zJtm8" alt=""><figcaption></figcaption></figure>

### Key Capabilities

#### 1. API Risk Scoring

* Every API is **scored based on its risk level**, making it easy to prioritize remediation.
* Helps security teams focus on the APIs that pose the greatest potential business and compliance risk.

#### 2. Compliance Alignment with API Security

* Maps APIs against **regulatory frameworks** such as GDPR, HIPAA, and PCI DSS.
* Highlights compliance gaps and provides visibility into what needs fixing.
* Enables **automated compliance checks** so that you can continuously validate security posture.

#### 3. Misconfiguration Detection

* Detects common API misconfigurations including:
  * Missing authentication
  * Weak authorization
  * CORS issues
* Flags misconfigured APIs before attackers can exploit them.

#### 4. Sensitive Data Detection

* Identifies APIs that **expose or transmit sensitive data types** like PII, PHI, or financial data.
* Helps ensure sensitive data is **properly secured and masked** where necessary.

#### 5. Unauthenticated & Publicly Exposed APIs

* Flags APIs that are accessible **without authentication controls**.
* Identifies APIs that are **publicly exposed to the internet**, reducing attack surface.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.akto.io/api-security-posture/concepts/overview.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.