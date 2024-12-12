AI-enhanced attacks a rising cyberthreat

A new report from API (application programming interface) technology developer Kong, Security Perspectives 2025: AI-Enhanced Threats and API Security Report, highlights how new developments in AI will impact today’s API security landscape.

A massive 25% of respondents have encountered AI-enhanced security threats related to APIs or LLMs (large language models), with 75% of respondents expressing serious concern about AI-enhanced attacks in the future.

And, while 85% say they’re confident in their organization’s security capabilities, 55% of respondents cited they’ve experienced an API security incident in the past year, highlighting a notable disconnect.

The findings also put into perspective the importance of having a strong security strategy noting that one in five respondents cited their organisation has experienced an API security incident costing more than $500 000 in the past 12 months.

While 92% of respondents say they are taking measures to counter AI-enhanced attacks and 88% of respondents citing API security as a top priority, it is clear that many organizations lack the comprehensive security measures needed to protect their API infrastructure in the AI era.

“Organizations cannot afford to underestimate their own security risks – especially in the age of AI,” says Marco Palladino, chief technology officer and co-founder of Kong. “The report showcases that API security is being taken seriously as part of overall cybersecurity strategy, but there are still some blind spots that can open an organization up to threats.

“As AI continues to advance, not only will companies create more vulnerabilities within their own organisations, but attacks will become more sophisticated. Understanding the full threat landscape is crucial to maintaining a strong API security posture.”

As might be expected, 84% of respondents feel AI and LLMs will make securing APIs more difficult but, surprisingly, the research finds many basic API security tactics being left out of overall strategy.

Only 35% of organisations are adopting zero-trust architecture in order to mitigate API security risks and only 3% of respondents cite shadow APIs as a significant security threat to their organization. With the convergence of APIs and AI, it is more important than ever to have a strong API security posture.

Additional key stats from the report include: