Traceable API Security Platform

Traceable is an application and API security platform built on distributed tracing, capturing and correlating every application and API request over time to build a contextual model of normal behavior. Its OmniTrace engine links API activity, user activity, data flow, and code execution into a single data layer, which lets the platform surface shadow, rogue, and third-party APIs and distinguish business logic abuse from legitimate traffic without relying on signatures or pre-defined API specifications.

The platform discovers APIs continuously through eBPF workload instrumentation, network traffic analysis, in-code components, and integrations with API gateways, then maps sensitive data flows from edge to data store. Contextual security testing runs against live and replayed traffic to find vulnerabilities such as Broken Object Level Authorization (BOLA) before code reaches production. At runtime, machine-learning baselines flag anomalous activity and the platform blocks OWASP API Top 10 attacks, bot abuse, DDoS, and data exfiltration by threat actor, IP range, geolocation, or attack type. Named customers include Informatica, Jobvite, and Axos Bank.

SOC 2 Type 1 and SOC 2 Type 2 certified, with controls verified by an independent third-party auditor. Traceable was founded in 2018 by the team behind AppDynamics, and in February 2025 merged with Harness to fold API security into a broader software delivery and DevSecOps workflow. The platform targets enterprises securing large, distributed API estates across cloud-native and microservices architectures, anywhere their APIs are deployed.