R!CO

RICO: Adaptive API Security

Problem

• APIs rely on security scanners that are context-blind
  
• Static testing creates noise instead of useful insights
  
• No learning loop, payloads repeat across scans
  
• Vulnerabilities detected late, increasing cost and risk
  

Solution

• OpenAPI-driven, context-aware scanning
  
• AI-guided attack planning for relevant strategies
  
• Persistent exploit intelligence using Snowflake
  
• CI/CD enforcement blocks risky merges
  

Architecture

• Hybrid model: heuristics + optional AI
  
• Fast deterministic core logic
  
• AI layer for reasoning and explainability
  
• Fallback system for reliability
  
• Pluggable providers (Gemini, future Snowflake Cortex)
  

Challenges & Fixes

• AI Overuse → Reduced latency with hybrid approach
  
• Platform Limits → Modular design for future upgrades
  
• Inconsistent Scoring → Deterministic severity mapping
  

Impact

• Proactive security instead of reactive
  
• Faster and reliable scans
  
• Consistent and auditable enforcement
  
• Scalable beyond prototype stage
  

Principles

• Balance of speed and intelligence
  
• Determinism with adaptability
  
• Innovation with operational safety
  

Built With

• css3
• geminiapi
• html5
• javascript
• python
• snowflake