Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attacks, and Generative AI Increase Risks
57% of Organizations Suffer API-related Breaches; Fraud, Bot Attacks, and Generative AI Applications Exploit API Vulnerabilities as Traditional Defenses Fail
Traceable AI, the industry's leading API security company, today released its second annual research report—the 2025 Global State of API Security. The findings demonstrate that organizations are failing to protect their APIs despite persistent breaches and increased awareness of security risks. This comprehensive study, incorporating insights from over 1,500 IT and cybersecurity experts across the US, UK, and EMEA, reveals fundamental weaknesses in API security strategies and tracks how these issues have shifted since our inaugural report.
Key findings examine the most pressing API security issues organizations face today: increasing bot attacks and fraud, risks from third-party APIs, and the new security implications of generative AI applications.
Download the full report for in-depth analysis.
Key Findings Include:
- API-Related Data Breaches Continue to Wreak Havoc: 57% of organizations suffered an API-related data breach in the past two years, with a staggering 73% of these experiencing three or more incidents. Even more concerning, 41% endured five or more breaches, revealing a systemic failure in API defenses and a clear need for investment in purpose-built API security solutions.
- Traditional Security Solutions Fail to Deliver API Protection: Despite deploying an array of security tools—from legacy WAFs to CDNs and Gateways—only 19% of organizations rate their defenses as highly effective. Moreover, 53% admit that traditional solutions like WAFs and WAAPs are ineffective at identifying or preventing fraud at the API layer.
- Generative AI Applications Create New Risks: 65% of organizations state that generative AI applications pose a serious to extreme risk to APIs. 60% state that the additional API integrations required for generative AI applications expand their organization’s attack surface; the same percentage cite concerns about sensitive data exposure and unauthorized access.
- Bot Attacks and Fraud are Rampant: 53% of organizations have experienced one or more bot attacks involving their APIs, and 44% say that bot mitigation is a top challenge. Fraud is equally concerning, emerging as the second most prevalent cause of API-related data breaches among survey respondents.
- Third-Party APIs Are a Hidden Danger: Organizations now use an average of 131 third-party APIs, up slightly from last year's 127. Yet, only 16% have a “high ability” to mitigate these external risks, leaving a vast attack surface greatly exposed.
"API breaches are rampant, and the industry is in denial,” said Richard Bird, Chief Security Officer of Traceable. “Organizations keep deploying the same solutions—Web Application Firewalls, API gateways, and lifecycle tools—yet only a small percentage report any real success. This cognitive dissonance is a ticking time bomb. The truth is, these traditional defenses are failing, and the more companies rely on them, the more they expose themselves to devastating attacks. We’re also seeing a surge in bot attacks, increasing instances of API fraud, and new vulnerabilities emerging from the rapid adoption of generative AI applications. Companies must confront the uncomfortable truth: their current strategies are inadequate. Without a fundamental shift in how they secure APIs, breaches and their consequences will continue to escalate.”
Traceable conducts this annual research to provide organizations with an objective assessment of API security risks and trends. By tracking these patterns and emerging threats, we aim to offer security leaders the knowledge needed to make informed decisions and prioritize the most important security challenges. Our commitment is to ensure that as APIs continue to be central to business operations, organizations have the insights they need to protect their critical assets.
Download the full 2025 State of API Security report today.
About Traceable
Traceable’s intelligent and context-aware solution powers complete API security, API discovery and posture management, API security testing, attack detection and threat hunting, and attack protection anywhere your APIs live. Traceable enables organizations to minimize risk and maximize the value that APIs bring their customers. To learn more about how API security can help your business, book a demo with a security expert.
View source version on businesswire.com: https://www.businesswire.com/news/home/20241030645718/en/
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
DriveWealth Advances Global Expansion Plans with European Brokerage License from Bank of Lithuania31.10.2024 11:00:00 CET | Press release
Lithuania will become DriveWealth’s base of operations for its European brokerage partners with plans to expand the team based in Lithuania DriveWealth, a leading financial technology platform providing Brokerage-as-a-Service, today announced that the Bank of Lithuania, the central bank of the Republic of Lithuania, granted it a brokerage license in Europe. This license accelerates DriveWealth’s international expansion and marks its third region with regulatory status, including the United States, Singapore, and now the European Economic Area. DriveWealth powers modern investing experiences, including 24-hour trading and fractional share ownership, for a community of global B2B partners. Securing this license supports DriveWealth’s ability to expand its platform to offer European securities as well as provide a “follow-the-sun” 24/7 service model continuously across time zones. The new entity in Lithuania, named DriveWealth Europe, will be an integral component of DriveWealth’s interna
PUMA’s ‘Stitch + Spice’ Running for Top Prize at the World's Biggest Sustainability Film Festival31.10.2024 10:53:00 CET | Press release
Luke Jaque-Rodney, one of PUMA’s Voices of a RE:GENERATION calls for positive changes to our community, planet and future with short film ‘Stitch + Spice’, showcased at the 6th Big Syn International Film Festival in London Stitch + Spice, a short film by Luke Jaque-Rodney, one of PUMA’s Voices of a RE:GENERATION has been officially selected for Documentary Short at the 6th Big Syn International Film Festival in London. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20241031452917/en/ Stitch + Spice, a short film by Luke Jaque-Rodney, one of PUMA's Voices of a RE:GENERATION has been officially selected for Documentary Short at the 6th Big Syn International Film Festival in London. (Graphic: Business Wire) Voices of a RE:GENERATION is a PUMA initiative highlighting young changemakers driving positive change in their communities. Through this platform, PUMA aims to inspire the next generation to support a more sustainable future
euNetworks Delivers Its Next Super Highway - a Shorter and More Direct Long Haul Fibre Route From Frankfurt to Paris31.10.2024 10:00:00 CET | Press release
Enhancing network diversity and fibre capacity availability between data centres in the region The latest route in a system of state-of-the art fibre infrastructure across the critical FLAP-D region (Frankfurt, London, Amsterdam, Paris, and Dublin) — Europe’s largest data centre markets euNetworks Group Limited (“euNetworks”), a European critical bandwidth infrastructure company, today announced that it has delivered its next Super Highway to market - a shorter and more direct long haul fibre route from Frankfurt to Paris. This follows the delivery of euNetworks’ new Super Highway from Amsterdam to Frankfurt earlier this month. With this new critical infrastructure route, euNetworks is continuing its commitment to deliver the regions’ next generation of critical bandwidth, vital to supporting the bandwidth demands from customers today and the exponential bandwidth demand that technology will drive in the future. euNetworks’ new Super Highway system of long haul networks is the only new
Burger King® Japan Announces the Japan-exclusive Release of the World-shocking Burger, the "Kyoto Whopper®"!31.10.2024 09:34:00 CET | Press release
Enjoy the premium flavors of rice and beef with this burger, co-developed with Hachidaime Gihey, featuring a special rice patty and Burger King's signature flame-grilled beef patty.Available in stores starting Friday, November 1 BK Japan Holdings Co., Ltd. (Headquarters: Chiyoda-ku, Tokyo; President: Kazuhiro Nomura) will release a limited-time Japan-exclusive burger, the "KYOTO Whopper®," starting Friday, November 1, 2024. This unique burger was co-developed with Kyoto’s renowned rice vendor, Hachidaime Gihey Co., Ltd. (Headquarters: Shimogyo-ku, Kyoto; President: Gihey Hashimoto). The burger features a specially crafted rice patty and 100% flame-grilled beef patty, topped with a “special Japanese-style ginger sauce” consisting of “dashi soy sauce” infused with the umami of four types of dashi, and enhanced with four Japanese spices. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20241030411532/en/ KYOTO Whopper (Graphic: Bus
SCIVAX and Shin-Etsu Chemical Have Jointly Developed Amtelus®, the World’s Smallest Light Source Device for 3D Sensors31.10.2024 08:59:00 CET | Press release
SCIVAX Corporation (Head Office: Kawasaki, Japan; President: Satoru Tanaka; hereinafter, “SCIVAX”) and Shin-Etsu Chemical Co., Ltd. (Head Office: Tokyo; President: Yasuhiko Saitoh; hereinafter, “Shin-Etsu Chemical”) have jointly developed Amtelus®, a light source device for 3D sensors and technology for its mass-production. The delivery of evaluation samples of Amtelus® will start in November 2024, and the sales of the products will be conducted by Shin-Etsu Chemical. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20241030531343/en/ World’s smallest light source module Amtelus® (Photo: Business Wire) SCIVAX has so far sold Platanus®, an optical lens that diffuses and radiates light uniformly, as the 3D sensor light sources that are used in automotive and other various applications, contributing to improving sensor performance. Meanwhile, in recent years, the areas in which 3D sensing technology is utilized have grown wider, ca
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom