Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attacks, and Generative AI Increase Risks
57% of Organizations Suffer API-related Breaches; Fraud, Bot Attacks, and Generative AI Applications Exploit API Vulnerabilities as Traditional Defenses Fail
Traceable AI, the industry's leading API security company, today released its second annual research report—the 2025 Global State of API Security. The findings demonstrate that organizations are failing to protect their APIs despite persistent breaches and increased awareness of security risks. This comprehensive study, incorporating insights from over 1,500 IT and cybersecurity experts across the US, UK, and EMEA, reveals fundamental weaknesses in API security strategies and tracks how these issues have shifted since our inaugural report.
Key findings examine the most pressing API security issues organizations face today: increasing bot attacks and fraud, risks from third-party APIs, and the new security implications of generative AI applications.
Download the full report for in-depth analysis.
Key Findings Include:
- API-Related Data Breaches Continue to Wreak Havoc: 57% of organizations suffered an API-related data breach in the past two years, with a staggering 73% of these experiencing three or more incidents. Even more concerning, 41% endured five or more breaches, revealing a systemic failure in API defenses and a clear need for investment in purpose-built API security solutions.
- Traditional Security Solutions Fail to Deliver API Protection: Despite deploying an array of security tools—from legacy WAFs to CDNs and Gateways—only 19% of organizations rate their defenses as highly effective. Moreover, 53% admit that traditional solutions like WAFs and WAAPs are ineffective at identifying or preventing fraud at the API layer.
- Generative AI Applications Create New Risks: 65% of organizations state that generative AI applications pose a serious to extreme risk to APIs. 60% state that the additional API integrations required for generative AI applications expand their organization’s attack surface; the same percentage cite concerns about sensitive data exposure and unauthorized access.
- Bot Attacks and Fraud are Rampant: 53% of organizations have experienced one or more bot attacks involving their APIs, and 44% say that bot mitigation is a top challenge. Fraud is equally concerning, emerging as the second most prevalent cause of API-related data breaches among survey respondents.
- Third-Party APIs Are a Hidden Danger: Organizations now use an average of 131 third-party APIs, up slightly from last year's 127. Yet, only 16% have a “high ability” to mitigate these external risks, leaving a vast attack surface greatly exposed.
"API breaches are rampant, and the industry is in denial,” said Richard Bird, Chief Security Officer of Traceable. “Organizations keep deploying the same solutions—Web Application Firewalls, API gateways, and lifecycle tools—yet only a small percentage report any real success. This cognitive dissonance is a ticking time bomb. The truth is, these traditional defenses are failing, and the more companies rely on them, the more they expose themselves to devastating attacks. We’re also seeing a surge in bot attacks, increasing instances of API fraud, and new vulnerabilities emerging from the rapid adoption of generative AI applications. Companies must confront the uncomfortable truth: their current strategies are inadequate. Without a fundamental shift in how they secure APIs, breaches and their consequences will continue to escalate.”
Traceable conducts this annual research to provide organizations with an objective assessment of API security risks and trends. By tracking these patterns and emerging threats, we aim to offer security leaders the knowledge needed to make informed decisions and prioritize the most important security challenges. Our commitment is to ensure that as APIs continue to be central to business operations, organizations have the insights they need to protect their critical assets.
Download the full 2025 State of API Security report today.
About Traceable
Traceable’s intelligent and context-aware solution powers complete API security, API discovery and posture management, API security testing, attack detection and threat hunting, and attack protection anywhere your APIs live. Traceable enables organizations to minimize risk and maximize the value that APIs bring their customers. To learn more about how API security can help your business, book a demo with a security expert.
View source version on businesswire.com: https://www.businesswire.com/news/home/20241030645718/en/
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Medidata Launches Bundled Solutions to Support Oncology and Vaccine Trials, Accelerating Study Design and Execution31.10.2024 13:00:00 CET | Press release
New offerings combine a variety of Medidata technologies and learnings from thousands of previous trials to streamline study management for Phase II and Phase III studies in specified therapeutic areas, reinforcing FDA guidance for patient-centered study design and execution Medidata, a Dassault Systèmes brand and leading provider of clinical trial solutions to the life sciences industry, has introduced two new bundled offerings to meet the growing demands of oncology and vaccine research. Medidata Oncology Solutions and Medidata Vaccine Solutions reinforce the FDA guidance for patient-centered endpoints, adaptive trial designs, and trial diversity. By unifying key trial components such as real-time patient-reported outcomes and imaging management, these bundled solutions will aid sponsors by reducing trial complexity, accelerating decision-making, and improving assessments of treatment efficacy and safety. "Oncology and vaccine trials face significant challenges in recruiting diverse
Hassana Investment Company and EIG Sign MoU for Strategic Collaboration on Middle East Infrastructure and Energy Transition Projects31.10.2024 13:00:00 CET | Press release
Collaboration advances shared objectives for investment in the Kingdom of Saudi Arabia and the rest of the region with EIG’s targeted US$1 billion dedicated regional fund Hassana Investment Company (Hassana) and EIG, a leading institutional investor to the global energy and infrastructure sectors, have signed a memorandum of understanding (MoU) to collaborate on infrastructure and energy transition projects in the Middle East through EIG’s targeted US$1 billion dedicated regional fund in which Hassana is considering becoming an anchor investor with an allocation of up to US$250 million. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20241029142798/en/ (Photo: Business Wire) The MoU underscores EIG’s and Hassana’s shared commitment to expand their local and regional infrastructure and energy transition investment portfolios. By fostering participation from international investors and boosting foreign direct investment, this par
Kinaxis Announces Normal Course Issuer Bid31.10.2024 12:00:00 CET | Press release
Kinaxis® Inc. (“Kinaxis” or the “Company”) (TSX: KXS) is pleased to announce that the Toronto Stock Exchange (the “Exchange” or “TSX”) has accepted a notice (the “Notice”) filed by the Company of its intention to make a normal course issuer bid (the “NCIB”). In connection with the NCIB, the Company has entered into an automatic share purchase plan (an “ASPP”) with its designated broker to allow for purchases of its common shares (the “Shares”). The Notice provides that the Company may, during the 12-month period commencing November 6, 2024 and ending November 5, 2025, or on such earlier date as Kinaxis completes its purchases or provides notice of termination, purchase up to 1,404,639 Shares in total, representing approximately 5% of the issued and outstanding Shares as at October 23, 2024. As of the close of business on October 23, 2024, the Company had 28,092,786 Shares issued and outstanding. Except for block purchases permitted under the rules of the TSX, the number of Shares to be
Compass Pathways Announces Third Quarter 2024 Financial Results and Business Updates31.10.2024 11:30:00 CET | Press release
Top-line COMP005 data for COMP360 phase 3 pivotal program in treatment-resistant depression now expected in second quarter 2025COMP006 data will now be announced after 26-week time point, expected in the second half of 2026Strategic reorganization to focus all efforts on COMP360 program resulting in reduction of workforce of approximately 30%Cash position of $207 millionConference call October 31 at 8:00 am ET (12:00 pm UK) Compass Pathways plc (Nasdaq: CMPS) (“Compass”), a biotechnology company dedicated to accelerating access to evidence-based innovation in mental health, today reported its financial results for the third quarter 2024 and an update on recent business progress. “Ensuring the success of our lead COMP360 program is our absolute priority. We remain confident that COMP360 can be an effective therapy for patients with serious mental illness and our focus on delivering new treatment options for patients living with treatment-resistant depression remains paramount,” said Kab
DriveWealth Advances Global Expansion Plans with European Brokerage License from Bank of Lithuania31.10.2024 11:00:00 CET | Press release
Lithuania will become DriveWealth’s base of operations for its European brokerage partners with plans to expand the team based in Lithuania DriveWealth, a leading financial technology platform providing Brokerage-as-a-Service, today announced that the Bank of Lithuania, the central bank of the Republic of Lithuania, granted it a brokerage license in Europe. This license accelerates DriveWealth’s international expansion and marks its third region with regulatory status, including the United States, Singapore, and now the European Economic Area. DriveWealth powers modern investing experiences, including 24-hour trading and fractional share ownership, for a community of global B2B partners. Securing this license supports DriveWealth’s ability to expand its platform to offer European securities as well as provide a “follow-the-sun” 24/7 service model continuously across time zones. The new entity in Lithuania, named DriveWealth Europe, will be an integral component of DriveWealth’s interna
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom