Listing Thumbnail

    Salt Security API Protection Platform

     Info
    Deployed on AWS
    Salt Security protects the APIs that power your business including the APIs behind AI agents, mobile apps, SaaS platforms, and microservices. Our platform delivers deep visibility, threat detection, and runtime protection to stop API attacks and secure your entire API ecosystem leveraging the AWS infrastructure.
    4.7

    Overview

    Play video

    Salt Security is the leader in API security, delivering the industry's most comprehensive solution to discover, protect, and govern the APIs that power modern applications and agentic AI. Our platform provides continuous discovery of all APIs including internal, shadow, and third-party APIs without relying on traffic replay or manual effort.

    Salt uses patented AI and ML to detect anomalies in API behavior, stop attacks in real time, and help organizations shift left by integrating security insights into development pipelines.

    As AI agents, LLMs, and MCP servers reshape the software landscape, Salt uniquely enables security teams to see which agents are active, what data they access, and whether they are operating within policy. Salt deploys in minutes, scales across your AWS cloud environment, and helps businesses protect critical data, reduce risk, and accelerate digital innovation with confidence.

    Highlights

    • Salt Discovery - Discover all APIs and exposed sensitive data
    • Salt Prevention - Stop attacks early, during reconnaissance
    • Salt Remediation - Improve your API security posture

    Details

    Delivery method

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Salt Security API Protection Platform

     Info
    Pricing is based on the duration and terms of your contract with the vendor, and additional usage. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for overages or additional usage not covered in the contract. These charges are applied on top of the contract price. If you choose not to renew or replace your contract before the contract end date, access to your entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    12-month contract (2)

     Info
    Dimension
    Description
    Cost/12 months
    Overage cost
    Enterprise
    Console Access and Support + up to 100M API calls/month for 12 months
    $100,000.00
    Startup
    Console Access and Support + up to 5M API calls/month for 12 months
    $36,000.00
    -

    Vendor refund policy

    Custom pricing options

    Request a private offer to receive a custom quote.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Resources

    Vendor resources

    Support

    Vendor support

    The Salt Security license includes access to customer support and customer success teams for full on-boarding support, including deployment support and technical integrations for alerts, enforcement, remediation tickets, and other security tasks. support@salt.security 

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    100
    In Testing
    Top
    50
    In Managed Services

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    12 reviews
    Insufficient data
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    API Discovery and Inventory
    Continuous discovery of all APIs including internal, shadow, and third-party APIs without relying on traffic replay or manual effort
    Anomaly Detection and Threat Prevention
    Patented AI and ML algorithms to detect anomalies in API behavior and stop attacks in real time
    Sensitive Data Exposure Identification
    Discovery and identification of exposed sensitive data across API ecosystem
    Agent and LLM Activity Monitoring
    Visibility into active AI agents and LLMs with tracking of data access patterns and policy compliance verification
    Development Pipeline Integration
    Integration of security insights into development pipelines to enable shift-left security practices
    API Discovery and Cataloging
    Identifies and catalogs all APIs present within environments through a dedicated Discovery Module
    API Posture Management
    Assesses and maintains overall security posture of APIs through continuous evaluation and monitoring
    API Vulnerability Testing
    Detects and identifies API vulnerabilities during the development lifecycle through active testing capabilities
    Infrastructure Integration
    Integrates seamlessly with existing application environments including API gateways, load balancers, and Web Application Firewalls
    API Discovery and Mapping
    Discovers external and internal APIs to create visual site maps and identify potential exposure points for data loss, compliance violations, or system compromise.
    Machine Learning-Based Traffic Analysis
    Utilizes patented analytics engine with machine learning to analyze application transactions without requiring JavaScript instrumentation or mobile SDK integration.
    Automated Attack Detection
    Detects account takeovers, credential stuffing, fake account creation, content scraping, and API-based business logic abuse through customizable rules and policies.
    Flexible Mitigation Actions
    Provides multiple response options including blocking, rate limiting, geofencing, and fake response generation using behavioral fingerprinting to track and counter evolving attacks.
    Multi-Deployment Model Support
    Supports passive/inline, on-premises, SaaS, and hybrid deployment configurations with optional managed infrastructure operations.

    Contract

     Info
    Standard contract
    No

    Customer reviews

    Ratings and reviews

     Info
    4.7
    15 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    73%
    27%
    0%
    0%
    0%
    0 AWS reviews
    |
    15 external reviews
    External reviews are from G2  and PeerSpot .
    Tbaker Baker

    Behavioral AI has protected critical applications and now blocks complex external attacks

    Reviewed on Jun 22, 2026
    Review provided by PeerSpot

    What is our primary use case?

    My main use case for Salt Security  is that one of my clients uses it as a security vendor for their security across all of their overlying applications.

    I can give you a specific example of how my client uses Salt Security  to secure their applications. They use it to track behavior and leverage the AI to track behavior and block any attacks that could be coming in from outside the company, such as phishing or cybersecurity data breach attacks.

    My client generally conducts a quarterly review where they receive any outstanding threats from Salt Security or review them, ensuring that any data is properly assessed and analyzed, and if there are any logic flaws, they are able to work through them at that time.

    What is most valuable?

    The best features Salt Security offers are definitely their behavioral AI to track API behavior as well as their vendor support.

    One of my clients had a complex attack come through that Salt Security was able to identify and stop before it came through. They have also had questions about the application, and they were able to reach out and get proper support for implementing a change that they were looking for.

    Their behavioral AI and vendor support are two of the key strengths of the application.

    Salt Security has positively impacted my organization and my client's organization by being able to stop cyberattacks and ensure that they have proper security over all their applications. It gives them a sense of peace of mind that they have security over something that could ultimately take down the whole company if not mitigated properly.

    What needs improvement?

    I think Salt Security could improve their implementations. The one that I saw was very complex and took quite a bit of time, and if the environment is unique at all, it takes quite a bit of time to figure out how to properly ensure that it will be implemented.

    A lot of times there is a steep learning curve for someone that hasn't been in it to figure out the APIs and really dig deep into it, but once you get used to it, it is easy. However, that ramp-up period could be tough.

    I think Salt Security could use a more enterprise focus. Some of the smaller companies that I have referred them to think it is a little bit too complex for them, so if they could come up with a different version or something a little bit easier to simplify their platform, they may be able to find more customers that way.

    For how long have I used the solution?

    I have been using Salt Security for three years.

    What do I think about the stability of the solution?

    Salt Security is stable.

    What do I think about the scalability of the solution?

    Regarding scalability, for users in smaller environments, it is not exactly the best. As companies continue to grow, it is something that could be simplified, but it is not the most out-of-the-box, intuitive platform.

    How are customer service and support?

    The customer support for Salt Security is phenomenal and has some of the best vendor support I have ever seen.

    Which solution did I use previously and why did I switch?

    I did not previously use a different solution. The security was done in-house, and it was taking too long, and attacks were not being properly mitigated or stopped.

    How was the initial setup?

    My experience with pricing, setup cost, and licensing is that I think it was affordable. For smaller companies, it might be a barrier to entry, but for the large enterprise that I was working with, it was not a problem.

    What was our ROI?

    I have seen a return on investment of 240 man-hours saved by the fact that they were able to stop and mitigate attacks.

    What's my experience with pricing, setup cost, and licensing?

    My experience with pricing, setup cost, and licensing is that I think it was affordable. For smaller companies, it might be a barrier to entry, but for the large enterprise that I was working with, it was not a problem.

    Which other solutions did I evaluate?

    I did not evaluate other options before choosing Salt Security. This was the first RFP we put out, and we were fine with it.

    What other advice do I have?

    I rate Salt Security an eight out of ten.

    I give it an eight because the implementation complexity kept it from being a nine or ten.

    My advice for others looking into using Salt Security is that if you are a larger company that needs quite a bit of security, it is a great option. However, if you are a smaller company or in a smaller environment, there may be other options for you.

    Salt Security's AI capabilities regarding governance and security are very strong and help companies get peace of mind that they have the proper governance and security in place to stop any attacks that could possibly happen.

    Salt Security's AI capabilities regarding accuracy and reliability of output are very accurate and very reliable, as I have seen use cases where it has actually stopped attacks.

    Tacio Veiga

    Improved API visibility has revealed sensitive data exposures and supports faster remediation

    Reviewed on May 26, 2026
    Review provided by PeerSpot

    What is our primary use case?

    I use Salt Security  primarily for API discovery, mainly regarding data-sensitive information across the company. Before using Salt Security  for API discovery and sensitive information, I didn't have any visibility regarding APIs in my environment. This was a significant issue because I had some APIs configured incorrectly and exposing sensitive information. With Salt Security, I could see these APIs and report to the owners to correct them.

    What is most valuable?

    Salt Security gave me much better visibility into API risk. It helped me identify exposed endpoints, misconfigured APIs, and sensitive data flowing through APIs that required additional controls. Salt Security has become an important part of my API security program.

    The tool was straightforward to set up, and I gained visibility regarding the APIs that I didn't have before.

    What needs improvement?

    Alert tuning can require some time depending on API volume. Some findings need internal validation before actioning. The collaboration flows between security and engineering teams could be expanded further.

    While the solution was straightforward to set up and gave me the visibility that I needed, it has to improve some details and features to achieve a perfect rating.

    For how long have I used the solution?

    I have been using Salt Security for three years.

    What do I think about the stability of the solution?

    I experienced no stability issues.

    What do I think about the scalability of the solution?

    I experienced no scalability issues.

    How are customer service and support?

    Customer service was good.

    How was the initial setup?

    The tool was straightforward to set up, and I gained visibility regarding the APIs that I didn't have.

    What was our ROI?

    Salt Security impacted my ROI positively. I mainly avoided incidents after using Salt Security.

    What's my experience with pricing, setup cost, and licensing?

    The setup cost was acceptable, but adding additional APIs was actually quite expensive.

    What other advice do I have?

    If you want to have more visibility into your network and API security, I recommend Salt Security. Be aware that it will be somewhat expensive. I would rate this product a nine out of ten.

    IgmarRautenbach

    Provides visibility and control over all APIs

    Reviewed on Jan 08, 2024
    Review provided by PeerSpot

    What is our primary use case?

    We use it to provide enhanced and improved security around API integrations for organizations. Given the product's backing by Google and Sequoia Capital, it's truly great.

    What is most valuable?

    It fills a gap in the market. Organizations lack visibility into their API landscape and posture. They don't know if APIs are secure, well-developed, or have vulnerabilities. They also can't detect API attacks until it's too late.

    Salt Security  gives you visibility of all your APIs, identifies API security issues, and immediately alerts you of attacks.

    These are the main things organizations lack, even if they're already using APIs. Salt fills that gap for them.

    What needs improvement?

    I've built integrations for different systems, and some specific integrations might not be built in yet. This might be an issue for large customers but is not a major concern overall.

    So, the integration part could be a bit extended. Every organization has different systems, but Salt integrates with 90% of them. If a custom integration is needed, they can build it. They're very good at integrations. So, Salt Security  can provide a proof of concept with system integration and share results within two weeks, which often leads to customer purchases.

    At this point, the product covers everything needed. They keep adding new features, and my local customers haven't requested any missing functionality. The product roadmap is good for the market.

    For how long have I used the solution?

    I have been with this solution for 18 months. It's new to the EDR market. I only launched in the New York market two years ago. We deal with the latest version.

    What do I think about the stability of the solution?

    It's really great. I would rate the stability a nine out of ten. I haven't encountered any instability issues.

    What do I think about the scalability of the solution?

    It's really, really scalable. Some customers handle seven billion API calls a month. That requires cloud deployment and scaling resources, which they do well, so ten out of ten.

    It's relatively new, about ten organizations in South Africa, but we have ongoing proof of concept. The adoption is rapid.

    How are customer service and support?

    The customer service and support are good; they know their stuff.

    Which solution did I use previously and why did I switch?

    We still use XY and Netscout VSN, but they offer limited API security compared to Salt's comprehensive integration and stability. Salt created its own category.

    Other vendors might be on-premise, part of larger solutions, or more complex. That's Salt's advantage and why it's gaining market share.

    How was the initial setup?

    It's a SaaS solution that mirrors traffic, so it's not an inline solution. That means two weeks is a general guideline for implementation.

    The deployment model is hybrid. Typically, in our market, it's hybrid with an on-prem server and the solution itself in the cloud.

    The challenge with deployments is limited personnel due to rapid growth. I work with over a hundred companies in EMEA for evaluation, so technical constraints might arise.

    However, we assist customers with integrations as it's more organizational than software-related.

    What about the implementation team?

    We have a team of 20 engineers skilled in the solution to provide local support.

    What's my experience with pricing, setup cost, and licensing?

    It is an annual subscription fee. It's very affordable. The value it provides justifies the cost, considering automation and availability features. Compared to other solutions, it's within a typical price range.

    Which other solutions did I evaluate?

    What other advice do I have?

    My initial discussions with organizations often reveal they lack visibility into their API landscape and sensitive data. The first discussion is how many APIs you have. How many integrations? Do you have sensitive data in your organization? And the answer from the head of security is, typically, "We don't know!"

    Organizations need a solution. And from what you've seen, that's where solutions like Salt come in. So, I would recommend this to to any organization, large and small.

    I would rate it a ten out of ten because it addresses fundamental risks that exist in dealing with sensitive information. It's crucial to have a solution like Salt in place. It's like a basic requirement, not just something that enhances efficiency.

    Information Technology and Services

    Senior Manager, Security

    Reviewed on Jul 10, 2023
    Review provided by G2
    What do you like best about the product?
    The product has been instrumental in helping us resolve attacks and better understanding vulnerabilities. The responsiveness from Salt team is great.
    What do you dislike about the product?
    Better root cause findings when issues are identified. However, the product is consistently getting better.
    What problems is the product solving and how is that benefiting you?
    Helping determine API vulnerabilities and prevent attacks.
    Insurance

    Amazing API security tool

    Reviewed on Jun 05, 2023
    Review provided by G2
    What do you like best about the product?
    First of all, the entire Salt team is a pleasure to work with. They are always responsive and are always eager to assist. Secondly, the Salt Security is the creme de la creme of API security tools. It does so much, and is a valuable tool in assisting with keeping our APIs safe.
    What do you dislike about the product?
    There is nothing that I dislike about this too.
    What problems is the product solving and how is that benefiting you?
    Salt Security is solving the issue of API security. As our organization starts to utilize APIs a lot more, we realized that there was a gap in monitoring those APIs. Now that we have brought on Salt, we can rest easy that our APIs are being monitored and protected.
    View all reviews