2% of respondents identified 'Other' as their biggest concern about their company’s overall API program.

15% of organizations were not very confident in their ability to detect and respond to attacks leveraging Generative AI.

80% of security leaders lack continuous, real-time API monitoring.

96% of attack attempts originate from authenticated entities (compromised users, insiders, or rogue agents).

98% of attack attempts target external-facing APIs.

10% of dominant attack vectors map to OWASP API1 Broken Object Level Authorization (BOLA).

78% of dominant attack vectors map to OWASP API8 Security Misconfiguration.

28% of organizations identify partner enablement as a main driver behind the use of APIs.

48% of organizations identify platform or system integrations as a main driver behind the use of APIs.

25% of organizations identify monetization of functionality or data as a main driver behind the use of APIs.

A small but notable 6% of organizations indicated their API volume more than tripled (301%+) in just 12 months.

41% of organizations cited vulnerabilities as the most common API security problem.

6% of organizations do not know by how much the number of APIs has increased over the past 12 months.

34% of organizations reported sensitive data exposure and privacy incidents as the most common API security problem.

18% of organizations cited brute forcing or credential stuffing as the most common API security problem.

13% of organizations cited enumeration and scraping as the most common API security problem.

9% of organizations have no formal API security strategy in place.

31% of organizations adhere to GDPR for API development and deployment.

3% of organizations do not know if Generative AI is perceived as a growing API security concern/risk within their organization.

49% of developers are concerned about AI systems accessing sensitive data they shouldn't see.