Amplified by AI Tools, API Attacks Hit 55% of IT Teams – BankInfoSecurity.com

API Security

Kong’s API Security Perspectives Report Says Many Teams Unprepared for AI Threats

Sandhya Michu •
January 14, 2025    

The digital world relies heavily on application programming interfaces to enable seamless interactions between applications, services and devices. But these APIs, while essential for connectivity, have emerged as the most vulnerable entry point for cyberattacks.

See Also: OnDemand| Utilizing Zero Trust Data Protection and Machine Learning to Mitigate Ransomware Attacks

As the adoption of artificial intelligence and large language models accelerates, the API security landscape is becoming increasingly complex. Kong’s API Security Perspectives 2025 report projected a staggering 548% increase in API attacks and security issues by 2030. APIs serve as the critical connections that power digital business operations worldwide. (See Image 1)

Organizations now rely on more than 15,000 APIs on average to perform transactions and access data. But these interfaces present substantial security challenges. A notable example emerged in July 2024 when Twilio’s Authy service fell victim to a data breach. Threat actors exploited an unsecured API endpoint, compromising 33 million phone numbers linked to Authy multifactor authentication users.

The AI cybersecurity market reflects these mounting concerns. Market research platform MarketsandMarkets projects the sector will grow from $22.4 billion in 2023 to $60.6 billion by 2028. In a survey of 700 IT leaders in the United States and United Kingdom, 74% of respondents expressed extreme or significant concern about AI-enhanced attacks, with 32% identifying them as the single most significant threat to API security today.

“Organizations cannot afford to underestimate their security risks – especially in the age of AI,” said Marco Palladino, CTO and co-founder of Kong. “The report showcases that API security is being taken seriously as part of overall cybersecurity strategy, but there are still some blind spots that can open an organization up to threats. As AI continues to advance, not only will companies create more vulnerabilities within their organizations, but attacks will become more sophisticated. Understanding the full threat landscape is crucial to maintaining a strong API security posture.” (See Image 2)

The Financial Implications of API Security Breaches

The financial implications of API breaches are substantial. According to Kong’s report, 55% of organizations experienced an API security incident in the past year. Among those affected, 47% reported remediation costs exceeding $100,000, while 20% faced expenses surpassing $500,000. Gartner’s research underscores this urgency, highlighting that API breaches typically result in 10 times more leaked data than other types of security incidents.

AI: A Double-Edged Sword in API Security

While AI technologies, particularly LLMs, drive unprecedented innovation, they introduce new vulnerabilities. These advanced tools enable attackers to exploit shadow APIs, bypass traditional defenses and manipulate API traffic in unexpected ways. The survey indicates that 84% of leaders predict AI and LLMs will increase the complexity of securing APIs over the next two to three years, emphasizing the need for immediate action.

Despite 92% of organizations implementing measures to secure their APIs, 40% of leaders remain skeptical about whether their investments will adequately counter AI-driven risks. The regional disparity in preparedness stands out: 13% of U.S. organizations acknowledge taking no specific measures against AI threats, compared to 4% in the U.K.

Mitigation Strategies: Building Resilience

Enhanced monitoring and traffic analysis rank among the most commonly reported strategies to mitigate API security risks. Many organizations are implementing API gateways, centralized solutions designed to manage API traffic and strengthen security. The adoption rates reveal a significant regional difference: 71% of U.K. organizations use an API gateway, compared to 50% in the U.S., reflecting stricter regulatory requirements in the U.K.

Zero trust architecture – widely recognized as a security best practice – remains underutilized, with only 35% of organizations embracing this approach. Shadow APIs persist as a critical vulnerability for many organizations, creating significant risks when left unmonitored and unmanaged.