Case Study: Navan achieves scalable API vulnerability detection and remediation with Traceable AI

Navan Identifies and Remediates Vulnerabilities at Scale With Traceable’s API Security Testing

Navan is a technology-first corporate travel and expense management platform whose architecture is powered by APIs. After a bug-bounty report and manual testing uncovered a cross-tenant API vulnerability, Navan’s AppSec team—led by Tarik Ghbeish—found their previous API security tool lacked automated/custom testing and the historical API telemetry needed for scalable investigations. Navan selected Traceable AI for comprehensive API discovery, automated and custom API testing, and end-to-end API protection.

Traceable AI deployed its API Security Platform (testing, discovery, protection, and an API data lake), enabling Navan to write custom tests, automatically test APIs pre- and post-release, and gain rich observability for investigations. As a result, Navan discovered vulnerabilities in 50+ APIs (up from 4 known), eliminated the need for a separate DAST tool, replaced manual testing previously done by three engineers, and sped up incident response and fraud analysis through Traceable AI’s data-driven telemetry.

Navan

Tarik Ghbeish

Staff Security Engineer