{"id":"https://openalex.org/W4414420329","doi":"https://doi.org/10.1145/3731806.3731831","title":"Bridging the Security Gap: An Empirical Analysis of LLM-API Integration Vulnerabilities and Mitigation Strategies","display_name":"Bridging the Security Gap: An Empirical Analysis of LLM-API Integration Vulnerabilities and Mitigation Strategies","publication_year":2025,"publication_date":"2025-02-20","ids":{"openalex":"https://openalex.org/W4414420329","doi":"https://doi.org/10.1145/3731806.3731831"},"language":"en","primary_location":{"id":"doi:10.1145/3731806.3731831","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3731806.3731831","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3731806.3731831","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 14th International Conference on Software and Computer Applications","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3731806.3731831","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5020274712","display_name":"Sandro Hartenstein","orcid":null},"institutions":[{"id":"https://openalex.org/I122228004","display_name":"HTW Berlin - University of Applied Sciences","ror":"https://ror.org/01xzwj424","country_code":"DE","type":"education","lineage":["https://openalex.org/I122228004"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Sandro Hartenstein","raw_affiliation_strings":["FB2, HWR Berlin, Berlin, Berlin, Germany"],"raw_orcid":"https://orcid.org/0009-0008-8952-9782","affiliations":[{"raw_affiliation_string":"FB2, HWR Berlin, Berlin, Berlin, Germany","institution_ids":["https://openalex.org/I122228004"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5020274712"],"corresponding_institution_ids":["https://openalex.org/I122228004"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.36587301,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"90","last_page":"95"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.8666999936103821,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.8666999936103821,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.843999981880188,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.828499972820282,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/security-engineering","display_name":"Security engineering","score":0.47839999198913574},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.47269999980926514},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.46399998664855957},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.45719999074935913},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.45570001006126404},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.44510000944137573},{"id":"https://openalex.org/keywords/bridging","display_name":"Bridging (networking)","score":0.4339999854564667},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.4115000069141388},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.4074999988079071},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.3644999861717224}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.683899998664856},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5803999900817871},{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.47839999198913574},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.47269999980926514},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.46399998664855957},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.45719999074935913},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.45570001006126404},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.44510000944137573},{"id":"https://openalex.org/C174348530","wikidata":"https://www.wikidata.org/wiki/Q188635","display_name":"Bridging (networking)","level":2,"score":0.4339999854564667},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.4115000069141388},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.4074999988079071},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.3644999861717224},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.36010000109672546},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.3564000129699707},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.3531000018119812},{"id":"https://openalex.org/C52420254","wikidata":"https://www.wikidata.org/wiki/Q7445028","display_name":"Security convergence","level":5,"score":0.3391000032424927},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.3301999866962433},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.3246999979019165},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.32330000400543213},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.3109999895095825},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.3003000020980835},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.29829999804496765},{"id":"https://openalex.org/C188087704","wikidata":"https://www.wikidata.org/wiki/Q369577","display_name":"Standardization","level":2,"score":0.2865999937057495},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.2833999991416931},{"id":"https://openalex.org/C10511746","wikidata":"https://www.wikidata.org/wiki/Q899388","display_name":"Data security","level":3,"score":0.27900001406669617},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.27250000834465027},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.27079999446868896},{"id":"https://openalex.org/C176217482","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Metric (unit)","level":2,"score":0.2696000039577484},{"id":"https://openalex.org/C64543145","wikidata":"https://www.wikidata.org/wiki/Q162942","display_name":"Intersection (aeronautics)","level":2,"score":0.25459998846054077},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.25440001487731934},{"id":"https://openalex.org/C189708586","wikidata":"https://www.wikidata.org/wiki/Q1504425","display_name":"Systematic review","level":3,"score":0.2529999911785126},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.25040000677108765}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3731806.3731831","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3731806.3731831","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3731806.3731831","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 14th International Conference on Software and Computer Applications","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3731806.3731831","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3731806.3731831","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3731806.3731831","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 14th International Conference on Software and Computer Applications","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4414420329.pdf","grobid_xml":"https://content.openalex.org/works/W4414420329.grobid-xml"},"referenced_works_count":7,"referenced_works":["https://openalex.org/W4378530876","https://openalex.org/W4388886073","https://openalex.org/W4393062808","https://openalex.org/W4396243491","https://openalex.org/W4398198266","https://openalex.org/W4400121384","https://openalex.org/W4401066072"],"related_works":[],"abstract_inverted_index":{"The":[0,137],"integration":[1,150],"of":[2,30,41,60,102,111,185],"Large":[3],"Language":[4],"Models":[5],"(LLMs)":[6],"through":[7],"Web":[8],"APIs":[9],"into":[10],"modern":[11],"software":[12],"systems":[13],"presents":[14],"unique":[15,182],"security":[16,23,33,77,93,97,117,146,159,183],"challenges":[17,147],"that":[18],"extend":[19],"beyond":[20],"traditional":[21,91],"API":[22,32,92],"concerns.":[24],"This":[25],"paper":[26],"examines":[27],"the":[28,39,141,162,181],"intersection":[29],"conventional":[31],"and":[34,44,70,79,95,107,151,176],"LLM-specific":[35,96],"vulnerabilities,":[36],"focusing":[37],"on":[38],"implications":[40],"non-deterministic":[42],"behavior":[43],"emergent":[45],"computational":[46],"capabilities":[47],"in":[48,82,100,148],"LLM-powered":[49],"services.":[50],"Through":[51],"a":[52],"comprehensive":[53],"triangulation":[54],"methodology":[55],"combining":[56],"OpenAPI":[57],"specification":[58],"analysis":[59],"4289":[61],"public":[62],"APIs,":[63],"expert":[64],"validation":[65],"from":[66],"ten":[67],"domain":[68],"specialists,":[69],"systematic":[71],"adversarial":[72],"testing,":[73],"we":[74,168],"investigate":[75],"current":[76],"practices":[78],"their":[80],"effectiveness":[81],"LLM-API":[83,149],"integrations.":[84],"Our":[85],"findings":[86],"reveal":[87],"significant":[88],"gaps":[89],"between":[90],"mechanisms":[94],"requirements,":[98],"particularly":[99],"areas":[101],"authentication,":[103],"transport":[104],"layer":[105],"security,":[106],"fairness":[108,131],"implementations.":[109],"Analysis":[110],"major":[112],"LLM":[113],"providers":[114],"demonstrates":[115],"varied":[116],"attribute":[118],"implementation,":[119],"with":[120],"privacy":[121],"protection":[122],"showing":[123],"consistent":[124],"high":[125],"performance":[126],"(>89%)":[127],"across":[128],"providers,":[129],"while":[130],"metrics":[132],"exhibit":[133],"substantial":[134],"variation":[135],"(40.8-73.5%).":[136],"research":[138],"contributes":[139],"to":[140,179],"field":[142],"by":[143],"identifying":[144],"critical":[145],"proposing":[152],"structured":[153],"approaches":[154],"for":[155,172],"developing":[156],"more":[157],"robust":[158],"measures.":[160],"Using":[161],"Goal":[163],"Question":[164],"Metric":[165],"(GQM)":[166],"approach,":[167],"outline":[169],"future":[170],"directions":[171],"practical":[173],"implementation":[174],"guidelines":[175],"standardization":[177],"efforts":[178],"address":[180],"requirements":[184],"LLM-integrated":[186],"systems.":[187]},"counts_by_year":[],"updated_date":"2026-03-13T14:20:09.374765","created_date":"2025-10-10T00:00:00"}