Considering How Machine Learning APIs Might Violate Privacy and Security - DZone Security

I was reading about how Carbon Black, an endpoint detection and response (EDR) service, was exposing customer data via a 3rd party API service they were using. The endpoint detection and response provider allows customers to optionally scan system and program files using the VirusTotal service. Carbon Black did not realize that premium subscribers of the VirusTotal service get access to the submitted files, allowing a company or government agency with premium access to VirusTotal's application programming interface (API) to mine those files for sensitive data. It provides a pretty scary glimpse at the future of privacy and security in a world of 3rd party APIs if we don't think deeply about the solutions we bake into our applications and services. Each API we bake into our applications should always be scrutinized for privacy and security concerns, making sure end-users aren't being subjected to unnecessary situations.