Really interesting. So many tools say they do API security but barely scratch the surface. Offensive-style testing on live traffic feels like the right approach.