As businesses increasingly rely on digital transformation, the integration of Application Programming Interfaces (APIs) has become vital in establishing connections between software, data, and user experiences. However, industry experts denote a looming threat as we approach 2025, predicting that the next wave of agentic AI innovations could pose significant risks to API security within enterprises.
Gartner, a prominent research and advisory company, forecasts that by 2026, more than 30 percent of the growth in demand for APIs will stem from AI-based tools utilising Large Language Models (LLMs). These models are anticipated to revolutionise business operations by enabling applications to operate autonomously after initial user prompts, thereby enhancing decision-making processes and operational efficiencies. However, without a robust API security posture, companies risk becoming targets for potential breaches linked to LLM applications.
The growing reliance on APIs is underscored by staggering statistics: they accounted for 71 percent of all web traffic in 2023, with enterprises processing approximately 1.5 billion API calls per year. While APIs serve as powerful tools to enhance customer experiences and facilitate data-driven decision-making, they concurrently widen the attack surface, making organisations more susceptible to cyber threats. Research indicates that API-related security incidents rose by 40 percent in 2022 and increased by a further 9 percent in 2023, with sectors like Financial Services, Business, and Travel experiencing the highest volumes of attacks.
Tim Ayling, Vice President for EMEA at Imperva, highlighted the proactive nature of the threats, reporting a shift towards business logic abuse and automated attacks. He noted that malicious actors often exploit vulnerabilities such as Server-Side Request Forgery (SSRF) and broken authentication, with automation allowing a broader range of cybercriminals to launch attacks. “The most common vulnerabilities range from Server-Side Request Forgery flaws and broken authentication to security misconfiguration,” he stated.
Looking ahead, the integration of agentic AI into enterprise software raises further concerns regarding security vulnerabilities. By 2028, Gartner predicts that one-third of enterprise software applications will feature agentic AI capabilities, which will significantly enhance their decision-making autonomy but increase the complexity of their API interactions.
As the agentic AI landscape evolves, the repercussions of API-related threats are expected to escalate, potentially resulting in operational disruptions and data breaches. Estimates suggest that the average global cost linked to API insecurity could soar to $100 billion or more as reliance on these technologies intensifies—an alarming prospect considering that API-related incidents already constitute a significant portion of all cyber incidents within large enterprises.
In response to these emerging challenges, organisations are urged to enhance their API visibility and security measures. Companies are recommended to conduct continuous discovery and classification of APIs, as it is estimated that each enterprise might have around 29 “shadow APIs”—hidden endpoints that are not adequately monitored or protected. Additionally, organisations should prioritise risk assessments targeting high-risk APIs and deploy comprehensive monitoring systems to detect suspicious activities early on.
Implementing layered security defenses, including web application firewalls, API protection mechanisms, distributed denial-of-service (DDoS) prevention, and protection against malicious bots, is essential in mitigating risks. Such measures not only aim to minimise potential breaches but also ensure that organisations can exploit the remarkable capabilities of agentic AI while safeguarding against the vulnerabilities associated with this technological advancement.
With digital transformation projects becoming increasingly prevalent, companies must navigate the complexities of API security effectively to harness the full potential of emerging technologies while managing the associated risks.
Source: Noah Wire Services