Traceable AI: Traceable AI, an application programming interface (API) security company, in its second annual research report, the 2025 Global State of API Security found that organisations are failing to protect their APIs despite persistent breaches and increased awareness of security risks.
According to BERNAMA News Agency, key findings examine the most pressing API security issues organisations face today such as increasing bot attacks and fraud, risks from third-party APIs, and the new security implications of generative artificial intelligence (Gen AI) applications, according to a statement. This comprehensive study, incorporating insights from over 1,500 information technology and cybersecurity experts across the United States, the United Kingdom, and Europe, Middle East, and Africa (EMEA), reveals fundamental weaknesses in API security strategies and tracks how these issues have shifted since its inaugural report.
Its Chief Security Officer, Richard Bird, emphasized that organisations continue to d
eploy the same solutions, such as Web Application Firewalls, API gateways, and lifecycle tools, yet only a small percentage report any real success. “API breaches are rampant, and the industry is in denial. The truth is, these traditional defences are failing, and the more companies rely on them, the more they expose themselves to devastating attacks,” Bird stated. He further noted the surge in bot attacks, increasing instances of API fraud, and new vulnerabilities emerging from the rapid adoption of Gen AI applications. Without a fundamental shift in how they secure APIs, breaches and their consequences will continue to escalate.
The report also revealed that API-related data breaches continue to wreak havoc, with 57 per cent of organisations having suffered an API-related data breach in the past two years, and a staggering 73 per cent of these experiencing three or more incidents. Despite deploying an array of security tools, only 19 per cent of organisations rate their defences as highly effective, while
65 per cent of organisations state that Gen AI applications pose a serious to extreme risk to APIs. It also found that 53 per cent of organisations have experienced one or more bot attacks involving their APIs. Organisations now use an average of 131 third-party APIs, up slightly from last year’s 127.
Traceable conducts this annual research to provide organisations with an objective assessment of API security risks and trends to ensure that as APIs continue to be central to business operations, organisations have the insights they need to protect their critical assets.
