Business Wire

Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attacks, and Generative AI Increase Risks

30.10.2024 13:25:00 CET | Business Wire | Press release

Share

Traceable AI, the industry's leading API security company, today released its second annual research report—the 2025 Global State of API Security. The findings demonstrate that organizations are failing to protect their APIs despite persistent breaches and increased awareness of security risks. This comprehensive study, incorporating insights from over 1,500 IT and cybersecurity experts across the US, UK, and EMEA, reveals fundamental weaknesses in API security strategies and tracks how these issues have shifted since our inaugural report.

Key findings examine the most pressing API security issues organizations face today: increasing bot attacks and fraud, risks from third-party APIs, and the new security implications of generative AI applications.

Download the full report for in-depth analysis.

Key Findings Include:

  1. API-Related Data Breaches Continue to Wreak Havoc: 57% of organizations suffered an API-related data breach in the past two years, with a staggering 73% of these experiencing three or more incidents. Even more concerning, 41% endured five or more breaches, revealing a systemic failure in API defenses and a clear need for investment in purpose-built API security solutions.
  2. Traditional Security Solutions Fail to Deliver API Protection: Despite deploying an array of security tools—from legacy WAFs to CDNs and Gateways—only 19% of organizations rate their defenses as highly effective. Moreover, 53% admit that traditional solutions like WAFs and WAAPs are ineffective at identifying or preventing fraud at the API layer.
  3. Generative AI Applications Create New Risks: 65% of organizations state that generative AI applications pose a serious to extreme risk to APIs. 60% state that the additional API integrations required for generative AI applications expand their organization’s attack surface; the same percentage cite concerns about sensitive data exposure and unauthorized access.
  4. Bot Attacks and Fraud are Rampant: 53% of organizations have experienced one or more bot attacks involving their APIs, and 44% say that bot mitigation is a top challenge. Fraud is equally concerning, emerging as the second most prevalent cause of API-related data breaches among survey respondents.
  5. Third-Party APIs Are a Hidden Danger: Organizations now use an average of 131 third-party APIs, up slightly from last year's 127. Yet, only 16% have a “high ability” to mitigate these external risks, leaving a vast attack surface greatly exposed.

"API breaches are rampant, and the industry is in denial,” said Richard Bird, Chief Security Officer of Traceable. “Organizations keep deploying the same solutions—Web Application Firewalls, API gateways, and lifecycle tools—yet only a small percentage report any real success. This cognitive dissonance is a ticking time bomb. The truth is, these traditional defenses are failing, and the more companies rely on them, the more they expose themselves to devastating attacks. We’re also seeing a surge in bot attacks, increasing instances of API fraud, and new vulnerabilities emerging from the rapid adoption of generative AI applications. Companies must confront the uncomfortable truth: their current strategies are inadequate. Without a fundamental shift in how they secure APIs, breaches and their consequences will continue to escalate.”

Traceable conducts this annual research to provide organizations with an objective assessment of API security risks and trends. By tracking these patterns and emerging threats, we aim to offer security leaders the knowledge needed to make informed decisions and prioritize the most important security challenges. Our commitment is to ensure that as APIs continue to be central to business operations, organizations have the insights they need to protect their critical assets.

Download the full 2025 State of API Security report today.

About Traceable

Traceable’s intelligent and context-aware solution powers complete API security, API discovery and posture management, API security testing, attack detection and threat hunting, and attack protection anywhere your APIs live. Traceable enables organizations to minimize risk and maximize the value that APIs bring their customers. To learn more about how API security can help your business, book a demo with a security expert.

View source version on businesswire.com: https://www.businesswire.com/news/home/20241030645718/en/

Contacts

Ryan Romana
Touchdown PR
traceable@touchdownpr.com

About Business Wire

Business Wire
24 Martin Lane
EC4R 0DR London

+44 20 7626 1982http://www.businesswire.co.uk

(c) 2018 Business Wire, Inc., All rights reserved.

Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

H.I.G. Capital Announces the Sale of DGS S.p.A.11.6.2024 12:00:00 CEST | Press release

H.I.G. Capital (“H.I.G.”), a leading global alternative investment firm with $62 billion of capital under management, is pleased to announce that an affiliate has signed a definitive agreement to sell its portfolio company, DGS S.p.A. (“DGS” or the “Group”), a leading firm in the Italian Information Technology market, to DGS Co-Founders and management team in partnership with ICG, a global alternative asset manager. Since its inception in 1997, DGShas supported blue-chip customers in the design, integration, and maintenance of complex IT systems, with a specialization in digital transformation and cybersecurity services. The Group currently has over 1,900 employees, revenues of approximately €300 million, and maintains a group of highly loyal clientele. During H.I.G.’s ownership, DGS has tripled in size and consolidated its position as a leading Italian firm in cybersecurity services and digital transformation. DGS offers its clients sophisticated and proprietary digital transformation

Evertas Names Nick Selby Head of European Underwriting11.6.2024 12:00:00 CEST | Press release

Evertas, the world’s first crypto insurance company, has named Nick Selby as its new Head of European Underwriting. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20240611141887/en/ Nick Selby, Executive Vice President and Head of European Underwriting at Evertas (Photo: Business Wire) Selby, an accomplished information and physical security professional, brings two decades of expertise in public and private sector information security, physical security, and complex incident handling, as well as seven years of experience leading teams securing billions of dollars in cryptoassets. Previously, his roles included VP of the Software Assurance Practice at Trail of Bits, Chief Security Officer at Paxos Trust Company, and Director of Cyber Intelligence and Investigations at the NYPD Intelligence Bureau. “Nick is an extremely valuable addition to our European team,” said Evertas CEO and Co-Founder J. Gdanski. “His public and private

Owlet utvider globalt fotavtrykk med lanseringen av medisinsk-sertifisert Dream Sock™ i Storbritannia og over hele Europa11.6.2024 11:00:00 CEST | Pressemelding

Owlet, Inc. («Owlet» or the «Company») (NYSE:OWLT), pioneren innen smart spedbarnsovervåking, kunngjør i dag den britiske og europeiske lanseringen av Dream Sock. Dette er en smart babymonitor med levende helseavlesninger og varsler for friske spedbarn mellom 0-18 måneder og 2,5-13,6 kg. Dette innovative medisinske utstyret gir foreldre helse og viktig informasjon i sanntid, noe som gir uovertruffen trygghet. Denne pressemeldingen inneholder multimedia. Se hele pressemeldingen her: https://www.businesswire.com/news/home/20240611820341/no/ (Photo: Business Wire) «Vi er svært stolte over å lansere Dream Sock til omsorgspersoner over hele Storbritannia og Europa og gi millioner av foreldre mer trygghet mens babyen sover,» sa Kurt Workman, Owlets administrerende direktør og medgründer. «Dream Sock er nå et globalt produkt som er anerkjent som medisinsk nøyaktig og trygt, etter å ha gjennomgått regulatoriske autorisasjoner og sertifiseringer innenfor flere geografier. I dag er misjonen vår

V-Nova Surpasses 1000 Patent Milestone in Media Technology Innovation11.6.2024 10:00:00 CEST | Press release

V-Nova, a leading provider of data compression solutions, video compression technology, XR technology, AI acceleration and parallel processing for a multitude of industries including media and entertainment, today announced its milestone achievement of 1000 active technology patents. This accomplishment underscores V-Nova’s dedication to research and development and its commitment to protecting its intellectual property globally. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20240611724561/en/ V-Nova’s patent portfolio spans more than 50 different jurisdictions. Including over 400 patents in Europe, over 200 in the Americas, over 100 in the United States specifically, and over 200 in Asia. V-Nova forged new directions in data processing to enhance digital experiences, maximize efficiency, reduce costs, and increase sustainability. The company leads the way with key international data compression standards for the video indust

Alipay+ Reveals Top Scorer Trophy Design for UEFA EURO 2024™11.6.2024 09:24:00 CEST | Press release

Alipay+, a suite of cross-border mobile payment and digitalization technology solutions operated by Ant International and an Official Partner of UEFA EURO 2024™, today revealed the trophy that will be awarded to the most prolific marksman at the UEFA EURO 2024™ finale on July 14 in Berlin, Germany. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20240610328619/en/ The UEFA Top Scorer Trophy presented by Alipay+ is unveiled for UEFA EURO 2024™ (Photo: Business Wire) Sculpted in the shape of the Chinese character “支” (pronounced zhi, and meaning payment as well as support), the trophy reflects Alipay+’s dedication to supporting consumers to enjoy seamless payment and a broad choice of deals using their preferred payment methods while traveling abroad. The character also resembles the fleeting moment of a barefooted striker poised to shoot, evoking the original beauty and power of football – a game that united people across the wo

World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye