Kong Inc. has released its API Security Perspectives 2025 report, presenting critical findings on the current and future landscape of API security within businesses and the influence of artificial intelligence (AI) on emerging threats. Conducted through a survey of 700 IT professionals and business leaders in the United States and the United Kingdom during October and November 2024, the report sheds light on the increasing vulnerabilities associated with AI-driven security incidents.
The report reveals that a significant 25% of IT leaders reported having encountered AI-enhanced security threats related to application programming interfaces (APIs) or large language models (LLMs) in the past year. Furthermore, 75% of survey participants expressed grave concerns regarding potential AI-related attacks in the future, signalling a growing anxiety about the evolving threat landscape. Despite these fears, 85% of respondents claimed confidence in their organisation’s security capabilities, which is juxtaposed with the concerning statistic that 55% have experienced an API security incident within the same timeframe. This discrepancy underscores a critical gap between perceived and actual security effectiveness.
Marco Palladino, the Chief Technology Officer and Co-Founder of Kong, Inc., highlighted this disconnect, stating, "Organizations cannot afford to underestimate their own security risks — especially in the age of AI. The report showcases that API security is being taken seriously as part of the overall cybersecurity strategy, but there are still some blind spots that can open an organisation up to threats." He further elaborated on the implications of advancing AI technologies, noting that companies could inadvertently create more vulnerabilities, while simultaneous attacks may grow in sophistication.
The report discusses the importance of having robust security strategies in place, emphasizing the financial implications of API security failures, with one in five respondents revealing that their organisation incurred an incident costing over $500,000 in the past year. A majority of respondents (84%) acknowledged that AI and LLMs complicate the security of APIs. However, surprising gaps exist in fundamental API security practices; only 35% of organisations have adopted a zero-trust architecture to mitigate risks, and a mere 3% identified shadow APIs as a substantial security concern.
Kong Inc.'s findings also highlight the prevalence of various security measures currently being implemented by organisations. The most common strategies include increased monitoring and traffic analysis (66%), educating staff about AI-related threats (60%), and employing AI-driven threat detection systems (51%). Additionally, to mitigate their API security risks, organisations are focusing on tools such as API monitoring and anomaly detection systems (63%), API gateway solutions (61%), and API encryption and tokenisation (58%).
Notably, 45% of organisations have allocated at least 20% of their cybersecurity budgets specifically to API security, yet 41% remain uncertain or doubtful regarding whether this investment is sufficient to address their API-related security risks. Compliance with both internal policies and external regulations, such as GDPR and HIPAA, is also a priority, with 66% of businesses undertaking the implementation of API governance frameworks.
As highlighted in the report, the intersection of APIs and AI presents a complex challenge that requires businesses to enhance their security postures continually. The findings serve to illustrate the necessity for organisations to adapt their strategies in response to emerging threats in an increasingly automated and AI-driven landscape.
Source: Noah Wire Services