Spherical Defense is an API security solution that uses deep unsupervised learning to protect your APIs. Spherical Defense Express is deployed on AWS, takes just a minute to download and will be protecting your assets within two hours at the cost of $1 per hour.

Three-stage Lifecycle


Once you have deployed your Spherical instance, it will immediately start listening for API traffic. It will stay in this mode for only as long as there is insufficient data to train the first security model. After receiving roughly 16,000 requests, it will move to the next stage.


After sufficient data has been received, the system moves into training mode. This mode will result in a trained security model after roughly 6 hours, which will then be mounted for evaluation. As new data is received, the Spherical instance will train more models to account for natural changes in your API traffic over time.


Once the first security model has been trained, it is mounted for evaluation. This means that every subsequent API request that is received by the system is given a classification (either benign or anomalous), and a score. If you have integrated with an outbound service, these events will be filtered back.

What can Spherical detect?

Spherical Defense can protect your APIs from malicious injection, misconfiguration, and misuse. Some examples of attacks that we can detect are as follows:

Excessive Data Exposure

Exposing more object-level data than necessary over API endpoints

Malicious Injection

Passing malicious instructions to databases and other services via the API. These include things like SQL injection.

Improper Assets Management

Exposing debug, administration and obsolete API endpoints.

Sensitive Information Transmission

Users passing personally identifiable information into the wrong field, resulting in a GDPR breach.

Authorized Stateful Attacks

Authorized users attempting to subvert application state. These include things like Replay Attacks.

Mass Assignment

Accepting an unauthorized object update request.

ML Attack Tools

Adversarial API fuzzing can be trained to subvert existing security systems.

What can Spherical integrate with?


Integrations with these API Gateways are implemented using AWS Lambda functions, in which an inbound HTTP method request from a client is mapped to a Lambda function invocation. By using a Lambda Proxy Integration, the entire request is passed wholesale into the Spherical instance.


Getting events out of a running Spherical instance is also a straightforward process. This is done asynchronously using AWS Lambda functions in a deployed CloudFormation stack. Currently, there are only two outbound integrations, but it is very simple to implement your own Lambda functions.