Orca API Security is a component of the Orca Security cloud-native application protection platform (CNAPP) that focuses on discovering, inventorying, and securing APIs across cloud environments. Core functionality: - Automatically discovers APIs across cloud infrastructure without requiring agents or code instrumentation - Provides API security posture management to identify misconfigurations, vulnerabilities, and risks in API endpoints - Detects API drift by identifying changes or deviations from expected API behavior and inventory - Operates agentlessly using Orca's SideScanning technology to read cloud workload data out-of-band The tool is designed to give security teams visibility into all APIs present in their cloud environment, including shadow or undocumented APIs that may not be tracked through traditional means. It assesses the security posture of discovered APIs and flags issues such as exposed sensitive data, authentication weaknesses, and compliance gaps. Orca API Security is part of the broader Orca platform, which also includes CSPM, CWPP, CIEM, DSPM, container security, vulnerability management, and cloud detection and response (CDR). The API security module shares the same agentless data collection foundation as the rest of the platform, meaning no additional sensors or agents are required for deployment. The product targets cloud security teams and DevSecOps practitioners who need continuous API visibility and risk assessment across multi-cloud environments including AWS, Azure, Google Cloud, Alibaba Cloud, Oracle Cloud, and Tencent Cloud.