New research indicates that 1 in 5 IT leaders have experienced an API security incident costing more than $500,000 in the past 12 months. This comes from the new AI-Enhanced Threats and API Security Report from the company KONG. This survey discovered that 25 percent of firms have encountered AI-enhanced security threats related to Application Programming Interfaces (APIs) or large language models (LLMs), with 75 percent expressing serious concern about AI-enhanced attacks in the future.
The study further found 55 percent of organizations have experienced an API security incident in the past year, highlighting a disconnect to the majority confident in their security capabilities.
Additionally, only 35 percent of organizations have adopted zero-trust architecture to mitigate API security risks. Only 35 percent of organizations are adopting zero-trust architecture in order to mitigate API security risks and only 3 percent of respondents cite shadow APIs as a significant security threat to their organization. With the convergence of APIs and AI, it is more important than ever to have a strong API security posture.
Hence, the findings appear to put into perspective the importance of having a strong security strategy noting that 1 in 5 respondents cited their organization has experienced an API security incident costing more than $500,000 in the past 12 months.
Many firms are concerned about the gaps with their security processes. Here 92 percent of respondents said they are taking measures to counter AI-enhanced attacks and 88 percent of respondents have cited API security as a top priority.
Yet despite these ‘good intentions’, many organizations lack the comprehensive security measures needed to protect their API infrastructure in the AI era.
Marco Palladino, CTO and Co-Founder of Kong has told Digital Journal: “Organizations cannot afford to underestimate their own security risks — especially in the age of AI. The report showcases that API security is being taken seriously as part of overall cybersecurity strategy, but there are still some blind spots that can open an organization up to threats.”
Going forwards, Palladino warns: “As AI continues to advance, not only will companies create more vulnerabilities within their own organizations, but attacks will become more sophisticated. Understanding the full threat landscape is crucial to maintaining a strong API security posture.”
Companies are responding to these concerns through increased monitoring and traffic analysis and by educating staff on AI-related threats. Other measures include AI-driven threat detection systems, together with API monitoring and anomaly detection tools, API gateway solutions, and API encryption and tokenization.
