Cequence Security has traditionally relied on the channel to help drive its API security business, with 74% of net-new revenue coming via the partners.
Now the Santa Clara, California-based vendor is
expanding its channel program to drive revenue growth and profitability in a highly competitive sector that only promises to increase in importance.
Cequence executives this week announced it is growing and formalizing its partner program as it pushes towards a channel-only business model and becomes what they say is one of the few 100% channel-driven companies in the API security and bot management businesses.
The goal is to build off of what the company already sees as a key strength, according to
Sydney Weber, Cequence’s director of channel sales.
“That 74% number shows that we’ve already got strong momentum via partners. With the upgraded program – better enablement, better economics, clearer structure – we’re removing friction that might have held partners back,” Weber told ChannelE2E, adding that “more of our growth will come through the partner ecosystem, and that means the partner-sourced revenue share is likely to increase.”
Cequence’s API security portfolio is part of its larger, AI-driven Unified Application Protection platform that brings together discovery, compliance, and protection to protect applications and APIs against cyberattacks, fraud, and other threats.
Attacks on APIs are Growing
APIs are becoming key targets of bad actors attacking enterprises, and the number of attacks is accelerating, Weber said.
“As companies build more digital experiences with mobile apps, cloud services, and microservices, APIs become the plumbing those apps run on, and too often they’re less guarded than front-end layers,” she said. “Because of that, attackers view APIs as low-hanging fruit: they can exploit them for things like credential stuffing, content scraping, business logic abuse, or account takeover.”
As with almost everything these days, AI also plays a role.
“AI, especially agentic AI, relies heavily on API access to perform its tasks, resulting in both high-volume access and relatively unpredictable use of APIs due to the autonomous nature of agentic AI,” Weber said. “APIs enable direct access to business data and systems, often without the same visibility or protections as traditional web applications, which makes them an attractive target for bad actors, both human and synthetic.”
An Expanding Threat
The risks include the exposure or loss of sensitive customer information and proprietary IP and data manipulation,
Jeff Harrell, director of product marketing at Cequence,
wrote in a blog post earlier this month.
“APIs have become the backbone of modern digital ecosystems and one of the fastest-growing sources of data breaches,” Harrell wrote. “The implications of API breaches are vast and can affect many facets of an organization, from engineering to marketing to finance to legal.”
Cybersecurity firm
Salt Security in its recent
API Security Trends 2025 (H2) report, found that 37% of organizations have had vulnerability problems with their APIs over a 12-month period, while 34% said sensitive data was exposed or they had a privacy incident. At the same time, 10% said their API security development programs were advanced, while 30% said they were in the intermediate stage, and another 30% said their programs were still in the planning stages.
All of this makes for a crowded market that includes Salt Security and other vendors like
Wallarm,
Cloudflare,
Orca Security,
Akamai, and
Beagle Security.
Understanding the Risks
Weber said Cequence’s platform “is built to help customers see their full API footprint, understand where the risk is, and then protect applications and APIs from active attacks,” and includes such capabilities as identifying all internal, external, and third-party APIs, assessing APIs for vulnerabilities, misconfigurations, or business logic exposure, and detecting and blocking abuses in real time.
For enterprises and SMBs who use a MSSP or MSP, the enhanced partner program means that they will have access to highly capable partners that are trained and incentivized to provide Cequence’s application, API, and AI security solutions as part of a full-service offering, according to Weber.
“We’ve taken what was already a solid partner program and made it even stronger, designed to fully embrace a channel-first [and] channel-only model,” she said. “Previously, we had channel partners, systems integrators, technologies doing referrals ... but with the expanded program, we’ve added clearer structure, better enablement, and improved economics for the partners.”
Cequence already has 20 authorized partners – including GuidePoint Security and Defy Security – and to more strategic partnerships that are onboarding.
A Tiered Structure, More Training
The new program includes a tiered structure – strategic vs. authorized – so partners are clear about expectations and support, more access to training, marketing tools, and partner-portal resources, and stronger deal registration and protection, better margin incentives, and co-marketing support.
“In essence, the new program gives our partners more confidence, more tools, and more incentive to grow with us,” Weber said. “For enterprises and SMBs, the up-leveled partner program means they’ll get access to highly capable partners who are enabled, trained, and incentivized to deliver our application, API, and AI security solutions. Not just the product, but the full service.”
That includes faster deployments and more predictable outcomes with certified and enabled partners that bring more local and regional expertise and better economics through more competitive pricing and options, which she said will especially help SMBs.
