Ryt Bank Fortified Application and API Security

As the world’s first AI-powered bank, Ryt Bank set out to deliver fast, intelligent, and secure banking experiences for millions of Malaysians. But with APIs powering data flow across the bank, limited API transparency and compliance challenges on its previous cloud platform created visibility gaps that threatened governance, operational efficiency, and customer trust. By adopting Akamai solutions, Ryt Bank gained full API inventory, strengthened its security posture, and aligned its digital ecosystem with RMiT (Risk Management in Technology) requirements.

From day one, Ryt Bank has operated with a start-up mindset: fast, fearless, and engineered for scale. AI powers everything from intelligent payment transfers to spending insights and conversational support. 

As it shapes the future of banking in Malaysia, Ryt Bank is setting new benchmarks for speed, intelligence, and user experience. But success depended on something deeper: a secure, API-driven foundation that could support a new age in digital banking.

APIs are the backbone of Ryt Bank’s AI-powered experience, connecting core banking systems, microservices, vendor integrations, AI models, and our mobile app. Because APIs connect critical systems, the bank needs full visibility into every API across its network and the risks they pose. “APIs allow us to deliver a fast, secure, and innovative digital banking ecosystem. But without complete visibility into them, we risked compliance issues and operational blind spots,” explained Nic Ngoo, CTO for Ryt Bank.

Malaysia’s open banking movement accelerated the bank’s need for a more connected yet governed ecosystem. “Open banking aligns with how we built our experiences,” Ngoo said. “But it demanded technology that was resilient, secure, and thoughtfully governed. Trust and protection had to be built into every integration.”

To support this, Ryt Bank required a security platform capable of handling dynamic API growth, AI-driven workloads, and continuous compliance verification.

A lack of automated API discovery and full API inventory — both essential for demonstrating compliance — led to operational overhead. “My team spent significant time manually monitoring and compensating for missing API visibility and threat detection,” Ngoo explained.

More importantly, this limitation introduced security risk. “APIs are critical to our services. Insufficient protection could expose sensitive data or disrupt availability, which threatened customer trust and regulatory compliance,” he continued.

Following a rigorous evaluation process, Ryt Bank selected Akamai for its complete, adaptive security stack, and strong alignment with banking requirements and evolving security needs. “Akamai provided comprehensive geo coverage with its dedicated network of edge locations and direct relationships with telcos,” said Ngoo. “Automated discovery, behavioral anomaly detection, WAF and bot protection capabilities — including an adaptive WAF engine — aligned better with our security posture and evolving needs. It also offered a 100% uptime SLA.”

The bank adopted two Akamai solutions:

• App & API Protector: Provides adaptive WAF, bot mitigation, and consistent protection for web and API traffic
• API Security: Enables automated API discovery, inventory, behavioral analysis, and anomaly detection

Together, these solutions provide Ryt Bank with unified protection across web, mobile, and AI-driven environments, along with complete visibility into both managed and unmanaged APIs. They also enable an adaptive, automated defense powered by shared intelligence between WAF and API runtime protection.

Onboarding was structured and phased to minimize risk. Systems integrator Nutworkz played a central role in execution. “We began by mapping all security controls — WAF rules, bot settings, and DDoS policies — so they could be replicated and optimized in Akamai,” Ngoo said.

Nutworkz also managed domain migration, and ensured SSL/TLS validation and traffic routing transitioned seamlessly. The process provided the bank immediate visibility into traffic patterns and potential API risks.

With a comprehensive and adaptive API security framework, Ryt Bank reduced operational overhead and strengthened its resilience against evolving threats. “With full transparency across both north-south and east-west traffic, we now have a complete, dynamic inventory of every API in use, without needing inputs from the development team,” said Ngoo.

In addition, the bank quickly surfaced and eliminated shadow APIs, one of the biggest compliance risks. “Akamai provides contextual scoring and alerts for suspicious behavior such as abnormal usage patterns or potential abuse. This strengthened governance and improved our confidence in meeting RMiT.”

Ngoo also underscored the bank’s newfound confidence in its security posture. “We trust that our API foundation and applications are protected end to end from all types of attacks.”

Akamai helped Ryt Bank establish security engineered for scale. “As threats evolve and our footprint grows, Akamai gives us confidence,” said Ngoo. He emphasized the impact of adaptive WAF protection, robust DDoS mitigation, and API security designed for financial services. “Akamai delivers 100% uptime and strengthens our security posture.”

Looking ahead, Akamai remains one of the core enablers for the bank’s AI and digital banking roadmap. “Akamai ensures we can innovate securely, maintain compliance, and deliver uninterrupted services as we scale,” concluded Ngoo.