The latest study from Kong highlights today’s API security landscape and how new developments in AI are expected to impact it. 25% of respondents have reported encountering AI-enhanced security threats related to APIs or LLMs, and 75% of respondents have expressed serious concern about AI-enhanced attacks.
While 85% say they’re confident in their organisation’s security capabilities, 55% of respondents cited they’ve experienced an API security incident in the past year, highlighting a notable disconnect.
Findings from the report, ‘API Security Perspectives 2025: AI-Enhanced Threats and API Security Report’ stress the importance of having a strong security strategy. 1 in 5 respondents cited their organisation has experienced an API security incident costing more than $500,000 in the last 12 months.
92% of respondents say they are taking measures to counter AI-enhanced attacks and 88% of respondents citing API security as a top priority, it is clear that many organisations lack the comprehensive security measures needed to protect their API infrastructure in the AI era.
“Organisations cannot afford to underestimate their own security risks — especially in the age of AI,” said Marco Palladino, CTO and Co-Founder of Kong. “The report showcases that API security is being taken seriously as part of overall cybersecurity strategy, but there are still some blind spots that can open an organisation up to threats. As AI continues to advance, not only will companies create more vulnerabilities within their own organisations, but attacks will become more sophisticated. Understanding the full threat landscape is crucial to maintaining a strong API security posture.”
84% of respondents feel AI and LLMs will make securing APIs more difficult, but surprisingly, the research finds many basic API security tactics being left out of overall strategy.
Reportedly, only 35% of organisations are adopting zero-trust architecture in order to mitigate API security risks and only 3% of respondents cite shadow APIs as a significant security threat to their organisation. With the convergence of APIs and AI, it is more important than ever to have a strong API security posture.
Other key findings include:
- The top three measures organisations are taking to secure APIs against AI-enhanced threats include increased monitoring and traffic analysis (66%), educating staff on AI-related threats (60%), and AI-driven threat detection systems (51%)
- The top three steps being taken to mitigate API security risks are API monitoring and anomaly detection tools (63%), API gateway solutions (61%), and API encryption and tokenisation (58%)
- 45% of organisations have dedicated at least 20% of their cybersecurity budgets to API security
- 41% are unsure or doubtful that their organisation’s investment is enough to cover API security risks
- 66% of organisations are implementing API governance frameworks to ensure compliance with internal policies and external regulations (e.g., GDPR, HIPAA)
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.