The 2025 API Threat Report is out, and shocker—we’re still getting wrecked by injection, data leaks, and BOLA. That’s Broken Object Level Authorization, for those of you keeping score at home. Here’s the kicker—95% of these attacks are coming through authenticated sessions. Translation: the bad guys aren’t breaking in through the side door, they’re waltzing in with a valid badge and looting the place. But sure, let’s keep obsessing over password complexity policies while ignoring that our APIs are basically vending machines for sensitive data. In this episode of Pop Goes the Stack, #F5's Lori MacVittie, Joel Moses, and special guest Garland Moore dive into BOLA misconceptions, the impact of #AI, and solutions you can implement now to mitigate risk. Chapters: 00:00 Welcome to Pop Goes the Stack 00:40 What is #BOLA? 02:05 How a BOLA attack works 03:55 Authentication vs Authorization 04:45 BOLA: Who's responsible and what's the solution? 07:20 Both? Both. Centralized authentication and authorization 08:59 The database’s role in BOLA 12:12 Real-world BOLA examples 13:41 BOLA in the era of AI and agents 15:21 Solutions: Training, frameworks, and least privilege 19:55 Three things you can do to prevent BOLA exploits Learn how you can stay ahead of the curve and keep your stack whole with additional insights on app security, multicloud, AI, and emerging tech: https://go.f5.net/3qsoorsy More about F5: https://go.f5.net/ldwzrl9f Read our blog: https://go.f5.net/naknsiu1 Follow us on LinkedIn: https://go.f5.net/q2vso6pe

 103      4