Approov Expands Global Infrastructure to Counter the New Wave of Agentic AI Attacks on Mobile APIs

Attackers are no longer writing bots by hand. Agentic AI systems can now probe mobile APIs, mimic legitimate app behavior, and adapt to defenses in real time – at a scale no human-operated botnet could match. Today Approov, the leader in mobile app and API security, announced Approov 2026 3.6, a major global attestation platform upgrade built to meet that threat head-on, combining expanded global infrastructure with the deep, real-time visibility enterprise security teams need to detect and shut down AI-driven attacks as they happen.

The release arrives as Approov processes record attestation volumes for organizations whose mobile apps handle their customers’ most sensitive data – banks, healthcare providers, retailers, and automakers – billions of verifications confirming that every API request comes from a genuine, untampered app on a safe device. Agentic AI attacks rarely run inside the real mobile app; instead, they impersonate it, replaying its API traffic from scripts, emulators and server farms while masquerading as genuine mobile devices. Attestation cuts through that disguise by requiring each request to prove it originates from the authentic app on a real device – proof that a spoofed client running in a data center cannot supply.

“Agentic AI has changed the economics of attacking mobile APIs. Attacks that once took weeks of engineering can now be launched in minutes, and they adapt faster than signature-based defenses can respond,” said Ted Miracco, CEO of Approov. “Our enterprise customers are scaling to unprecedented attestation volumes precisely because attestation exposes these impersonation attacks at the source. Approov 2026 ensures they get that protection with imperceptible latency, anywhere in the world.”

New Global Infrastructure for Ultra-Low Latency

Approov has deployed new regional attestation infrastructure in Mexico, with a Milan region following shortly, expanding a global network that already spans North America, South America, Europe, and Asia-Pacific. The new regions cut response times for users across Central America, the southern United States, Southern Europe, the Middle East, and parts of Africa. The Approov attestation network runs across multiple independent cloud providers with automatic failover, using intelligent traffic routing to minimize latency worldwide. As attestation volumes surge, the expanded edge network keeps security checks invisible to legitimate users – protection without friction.

Real-Time Threat Intelligence, Straight into the SOC

Approov turns every protected API into a sensor for AI-driven attack activity, unlocking advanced logging and security use cases:

  • Direct SIEM integration. Backend systems can now decode Approov’s device and app threat signals locally – no extra round trip to Approov servers – and pass detection results directly into Splunk, Sentinel or any SIEM correlated with other request data.
  • Forgery detection. Message Signatures on each network request ensure the origin of the request data verified with a cryptographic key from the device. Additional key and secret visibility allow verification of attestation ‘pass’ JWT tokens, validly signed ‘fail’ JWT tokens, and invalid or attacker-signed forged tokens – a critical signal when AI agents attempt to counterfeit credentials at scale.
  • Hands-off secret rotation. Setup automated retrieval and deployment of the secrets and keys that backend systems require to secure your mobile APIs, enabling fully automated secret rotation with no manual intervention and no maintenance window.

Deploy New Defenses Without Risking Real Users

Responding to a new attack pattern has always carried a hidden cost: a security policy that blocks attackers can also lock out legitimate customers. Approov 2026 replaces all-or-nothing policy updates with gradual rollouts. Security teams can deploy a new defense to a small slice of traffic, watch its real-world impact live, and expand with confidence – making it safe to respond aggressively to fast-moving AI threats.

Early Warning Before Incidents Escalate

An updated monitoring and alerting suite give both customers and Approov’s own engineers advance notice of trouble:

  • Customer-configurable alerts flag unusual spikes in failed verifications – whether caused by an emerging attack or a third-party network anomaly – so teams can act before failover systems are needed.
  • Global anomaly detection watches pass/fail patterns across Approov’s entire customer base. If multiple accounts show simultaneous failures, Approov’s on-call engineers are paged automatically, turning isolated signals into ecosystem-wide early warning.

“This release is a direct response to how fast the threat landscape is moving,” said Jae Hossell, CTO of Approov. “We’ve expanded the edge network, automated threat intelligence sharing for enterprise SOCs, and made deploying new security policies entirely risk-free. Security teams shouldn’t have to choose between reacting quickly and protecting their users’ experience.”

Looking Ahead: HarmonyOS Readiness

The release also activates backend support for Huawei’s HarmonyOS platform, now in internal validation, positioning Approov to deliver enterprise-grade protection ahead of the platform’s full market expansion.

Availability

The Approov 2026 backend upgrade is rolling out automatically to all enterprise customers. Documentation for the new SIEM integration, gradual rollout, and automated secret rotation capabilities is available in the updated Approov CLI documentation. For more information, visit approov.com.

About Approov

Approov is a comprehensive runtime security solution for mobile apps and their APIs, protecting against automated attacks, credential stuffing, and API abuse. By verifying that every request comes from a genuine, untampered app running on a safe device, Approov stops attackers — human or AI — in their tracks while ensuring a frictionless experience for legitimate users.

Media gallery