A rising reliance on APIs has fueled safety issues, with almost all organizations (99%) reporting API-related safety points previously 12 months.
In keeping with the Q1 2025 State of API Safety Report by Salt Safety, the speedy growth of API ecosystems—pushed by cloud migration, platform integration and information monetization—is outpacing safety measures and exposing organizations to elevated danger.
API Development and Safety Gaps
The report, printed on Febrary 26, highlights important API development, with 30% of organizations experiencing a 51-100% enhance in APIs over the previous 12 months and 25% reporting development exceeding 100%.
This growth has created challenges in sustaining correct API inventories, as 58% of organizations monitor their APIs lower than every day and lack confidence in stock accuracy. Solely 20% have achieved real-time monitoring, leaving most weak to safety threats.
Key API safety challenges embrace:
-
37% of safety points stem from vulnerabilities corresponding to misconfigurations and damaged object-level authorization
-
34% contain delicate information publicity
-
29% relate to authentication failures, highlighting weak entry controls
“Organizations are going through the problem of correctly cataloging all their APIs to allow them to be positioned into the correct safety testing and consciousness program,” mentioned Thomas Richards, principal advisor at Black Duck. “The know-how can enhance workflows and profit organizations, however we will’t overlook the fundamentals of cybersecurity to doc, check, and confirm greatest practices as a way to innovate securely and handle software program danger.”
Regardless of growing investments, safety gaps persist. Over half of organizations have boosted API safety budgets, but 30% cite restricted funds as a key problem.
Moreover, 22% battle with personnel shortages and 10% lack correct safety instruments.
Many organizations (55%) have delayed software rollouts because of API safety issues, whereas 14% discover their API applications tough to handle.
“As a result of API assaults most frequently end result from unauthorized or inappropriate entry credential use, fashionable safety requires entry management that goes nicely past conventional perimeter-based id entry and authentication methods,” defined Piyush Pandey, CEO at Pathlock. “Dynamic, agile entry controls that begin with compliant provisioning, proceed with high-risk entry monitoring and end with important software infrastructure well being upkeep [are essential].”
Learn extra on API safety tendencies and greatest practices: How one can Tackle Shortcomings in API Safety
Assault Developments and Rising Dangers
An evaluation of API assault patterns reveals that 95% of assaults originate from authenticated customers, underscoring the chance of compromised accounts. Exterior-facing APIs stay a main assault vector, with 98% of assault makes an attempt focusing on these interfaces. Among the many most exploited vulnerabilities:
-
Safety misconfigurations (54%)
-
Damaged object-level authorization (27%)
-
API authentication failures (1%)
Generative AI (GenAI) can also be reshaping the safety panorama, introducing new threats and issues. One-third of respondents report a insecurity in detecting AI-driven assaults, whereas 31% fear in regards to the safety of AI-generated code. Organizations are responding by implementing governance frameworks (26%) and AI-specific safety instruments (37%).
Strengthening API Safety
The report urges organizations to undertake a proactive safety technique, emphasizing real-time monitoring, strong posture governance, and adherence to frameworks such because the OWASP API Safety Prime Ten. Stronger API stock administration and funding in AI-driven safety instruments are additionally important to mitigating rising dangers.
“The principle driver of API adoption is the necessity for unfastened coupling between complicated programs,” explains Jason Soroko, senior fellow at Sectigo. “APIs are abstraction layers that decouple underlying complexities, enabling speedy integration and improvement, which fuels digital transformation. [However], as organizations more and more depend on APIs, the speedy growth usually outpaces safety measures.”
To remain forward, Soroko recommends that “cloud platforms and different purveyors of APIs want to supply safety diagnostics to make it simpler to quickly deploy and preserve APIs with safe configurations.”
With API utilization persevering with to surge, organizations should prioritize safety methods that evolve alongside their increasing ecosystems to safeguard delicate information and infrastructure in opposition to rising threats.
