PATTERN Cited by 1 source
Positive security model API validation¶
Intent¶
Neutralise the advantage of automated exploit generators (including frontier AI models) by only permitting traffic that matches a known-valid schema, rather than trying to enumerate all invalid traffic.
Problem¶
Negative security models (block known-bad) degrade as the attacker can generate novel payloads faster than defenders can write rules. The defender is always playing catch-up.
Solution¶
For each API endpoint, define what a valid request looks like — from an OpenAPI spec, GraphQL schema, or learned from observed production traffic. Reject everything that does not conform. The model doesn't need to anticipate attacks; it only needs to know what is legitimate.
Mechanics¶
- Import or discover API schema (manual upload or traffic-learning)
- At the edge, validate every request against the schema for that endpoint
- Non-conforming requests are dropped before reaching origin
- Schema is continuously updated as the API evolves
Trade-offs¶
- Pro: fundamentally resilient to novel attacks — attacker must produce a valid request, not merely an unknown one
- Pro: works regardless of attacker volume (thousands of variants all fail)
- Con: requires accurate schema maintenance (stale schemas block valid traffic)
- Con: doesn't protect against abuse within valid schemas (needs additional business-logic checks)
Production example¶
Cloudflare API Shield: defines valid request shape per endpoint (from API definition or learned from real traffic). Traffic that doesn't fit is dropped.
(Source: sources/2026-06-09-cloudflare-defend-against-frontier-cyber-models)