Kong Inc. recently released
findings from their API Security Perspectives 2025: AI-Enhanced Threats
and API Security Report which highlights today's API security landscape
and how new developments in AI will impact it. Most notably, 25% of
respondents have encountered AI-enhanced security threats related to
APIs or LLMs, with 75% of respondents expressing serious concern about
AI-enhanced attacks in the future. And while 85% say they're confident
in their organization's security capabilities, 55% of respondents cited
they've experienced an API security incident in the past year,
highlighting a notable disconnect.
The findings also put into
perspective the importance of having a strong security strategy noting
that 1 in 5 respondents cited their organization has experienced an API
security incident costing more than $500,000 in the past 12 months.
While
92% of respondents say they are taking measures to counter AI-enhanced
attacks and 88% of respondents citing API security as a top priority, it
is clear that many organizations lack the comprehensive security
measures needed to protect their API infrastructure in the AI era.
"Organizations
cannot afford to underestimate their own security risks - especially in
the age of AI," said Marco Palladino, CTO and Co-Founder of Kong, Inc.
"The report showcases that API security is being taken seriously as part
of overall cybersecurity strategy, but there are still some blind spots
that can open an organization up to threats. As AI continues to
advance, not only will companies create more vulnerabilities within
their own organizations, but attacks will become more sophisticated.
Understanding the full threat landscape is crucial to maintaining a
strong API security posture."
As might be expected 84% of
respondents feel AI and LLMs will make securing APIs more difficult, but
surprisingly, the research finds many basic API security tactics being
left out of overall strategy.
Only 35% of organizations are
adopting zero-trust architecture in order to mitigate API security risks
and only 3% of respondents cite shadow APIs as a significant security
threat to their organization. With the convergence of APIs and AI, it is
more important than ever to have a strong API security posture.
Additional key stats from the report include:
-
The
top three measures organizations are taking to secure APIs against
AI-enhanced threats include increased monitoring and traffic analysis
(66%), educating staff on AI related threats (60%), and AI-driven threat
detection systems (51%)
-
The top three steps being taken
to mitigate API security risks are API monitoring and anomaly detection
tools (63%), API gateway solutions (61%), and API encryption and
tokenization (58%)
-
45% of organizations have dedicated at least 20% of their cybersecurity budgets to API security
-
41% are unsure or doubtful that their organization's investment is enough to cover API security risks
-
66%
of organizations are implementing API governance frameworks to ensure
compliance with internal policies and external regulations (e.g., GDPR,
HIPAA)
This report examines the evolving landscape of
API security by analyzing expert opinions on current trends and
dynamics. To gather these insights, a comprehensive survey was
commissioned with a professional polling firm in October and November
2024. The survey included 700 IT professionals and business leaders
across two key markets: the United States and the United Kingdom.
You can view the full report from Kong here.