API Security Trends 2025 (H2)
The H2 2025 State of API Security report examines how companies are securing APIs, the challenges they face, and how their API security strategies are evolving.
Download the reportHow confident are you in your organization’s ability to detect and respond to attacks leveraging Generative AI?
The uprising threat of Gen AI attacks is a concern for many organizations
Generative AI (GenAI) is becoming a growing concern for cause of risk in many organizations. With over half (56%) of organizations directly concerned while 36% are somewhat concerned about GenAI as a growing security concern/risk within their organization.
Only 15% of respondents are highly confident in their organization's ability to detect and respond to attacks leveraging GenAI, while 25% are not very or not at all confident.
In the past 12 months, what security problems have you found in production APIs?
The stark reality of API risks
To highlight the need for improved security measures, 28% of organizations have experienced a breach — which means that their sensitive data and critical systems have been compromised.
In our ever-increasing threat landscape, it is essential for organizations to prioritize specialized API security measures to safeguard their sensitive data and ensure business continuity. By doing so, they can mitigate the risk of breaches, protect their reputation, and maintain a competitive edge.
How do you compare?
Check out our H2 2025 State of API Security Report to find out.
Do you currently have plans in place for an API Posture Governance strategy?
Get ahead
of the curve: master API posture governance
To effectively mitigate risks throughout an API lifecycle, organizations need to adopt an API posture governance strategy, which would provide a structured framework for managing and securing the entire API ecosystem — from design and development to deployment and ongoing maintenance. Our survey revealed that only 14% of organizations currently have an API posture governance strategy in place.
Attack attempts leveraging the OWASP API Security Top 10 vs other attack types
Attackers are following the OWASP Top 10. Are you?
The OWASP API Security Top 10 is a crucial resource for professionals working in API security, and it highlights the most common and high-risk vulnerabilities that attackers exploit. A large percentage of API attacks target these well-known weaknesses. 88% of attack attempts leverage one of more of OWASP API Top 10 methods, but only about 67% of respondents focus on this industry list.
How would you describe the security strategy for your API development program?
Is your API security playing catch-up?
An alarmingly low number (10%) of organizations consider their API security programs advanced, leaving the vast majority with significant room for improvement. Traditional methods are insufficient against modern API threats, highlighting the urgent need for organizations to enhance their API security to prevent breaches.
How confident are you that your API inventory provides enough detail about your APIs, including exposure of sensitive data or PII?
Don't let PII exposure become a costly compliance nightmare
Only 19% of respondents are highly confidence in their ability to identify which APIs expose Personally Identifiable Information (PII) data. The survey found that around 55% of organizations are only somewhat confident in their understanding of PII exposure through APIs, while 25% are unsure or lack confidence altogether. This presents a serious challenge for organizations, leaving them vulnerable to security incidents involving the exposure of sensitive data.
Download the full report now
Get an in-depth analysis on the concerns, risks, and trends around API security.