Salt Security, the leading API security company, released the Salt Labs State of API Security Report Q1 2025, based on a combination of survey responses from more than 200 IT and security professionals, and anonymized empirical data from Salt Security customers. The research highlights the ongoing API security challenges and threats impacting organizations, and illustrates the need for stronger API governance to mitigate such complexities.
Cyber Technology Insights: Mavenir & O2 Telefónica Germany Extend Cloud-IMS Deal
The latest edition of the report found that nearly all respondents (99%) encountered API security issues within the past 12 months and more than half (55%) slowed the rollout of a new application due to API security concerns. Analysis of the most frequently reported security challenges in production APIs revealed that vulnerabilities, exposing APIs to exploits such as injection attacks and Broken Object-Level Authorization (BOLA), accounted for more than one-third of issues (37%), closely followed by sensitive data exposure (34%) and API authentication weaknesses (29%).
Generative AI (GenAI) has also advanced API security challenges, with 47% of respondents expressing concerns about securing AI-generated code and 40% citing potential vulnerabilities introduced by AI-generated code as a top risk. Only 11% of respondents do not perceive the use of GenAI applications as a growing security concern within their organization.
Salt Labs analysis of customer API traffic also revealed that 95% of API attacks over the past 12 months originated from authenticated sources. This signals that traditional API security methods that rely heavily on authentication as a primary defense are no longer sufficient. In addition, 98% of attack attempts targeted external-facing APIs, reinforcing that public APIs are the primary attack vector for malicious actors.
API posture governance strategies are essential for protecting against rampant API attacks, whereby organizations establish and deploy consistent security standards and frameworks across their entire API ecosystem to proactively remediate security gaps and eliminate blind spots. Similar to last year’s report, only 10% of organizations currently have an API posture governance strategy in place. However, 43% plan to implement such a strategy within the next 12 months, recognizing the importance of posture governance for securing APIs.
“In a digital-first society, whereby APIs enable innovation and seamless interconnectivity, the pace at which organizations are deploying APIs has increased exponentially,” said Roey Eliyahu, co-founder and CEO, Salt Security. “The insights provided by survey respondents and the data from Salt’s customer base, highlights how bad actors continue to exploit APIs through known security weaknesses and leverage legitimate means to remain undetected. This underscores the necessity of implementing a robust, proactive API security strategy – a strategy that should not only encompass timely threat detection and incident responses but also API governance. By implementing frameworks that ensure security policies are clearly defined, continuously enforced, and regularly assessed, organizations can mitigate API risks before they can be exploited.”
Cyber Technology Insights: Toobit Enhances Security with AI, MFA & Cold Wallet Upgrades
To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com
Source – Prnewswire
