1. API security is crucial for businesses as APIs are increasingly exposed online. 2. Common threats include L7 DDoS attacks, injection vulnerabilities, and broken authentication/authorization controls. 3. Cloudflare's API Gateway uses machine learning to detect anomalies and make security policy recommendations. 4. To improve API security, use a combination of positive and negative security models and measure your organization's API maturity level over time.