#API security vulnerability

1. SOC II Audit Exposes Zero Rate Limiting Across Entire API, Exposing Critical Attack Surface

A fresh SOC II audit completed on April 26, 2026, has uncovered a critical security deficiency: zero routes across the entire codebase implement rate limiting. The finding, classified as CRITICAL severity under API Security and Availability, identified that no per-endpoint, per-user, per-IP, or distributed rate limitin...