API security climbs up

Salt Labs’ Q1 2025 State of API Security found 99% of surveyed IT and security pros experienced API security issues in the prior 12 months and 55% reported they slowed new application rollouts because of API concerns. (salt.security) The same Salt analysis shows 95% of API attacks observed over the past year originated from authenticated sources and 98% of attack attempts targeted external‑facing APIs, undercutting reliance on simple authentication controls. (salt.security) Traceable’s 2025 Global State of API Security — based on 1,548 respondents — reports 57% of organizations suffered an API‑related data breach in the past two years while organizations test only about 38% of their APIs for vulnerabilities on average. (cdn.prod.website-files.com) Cloudflare’s 2024 API Security & Management data, drawn from traffic between Oct. 1, 2022 and Aug. 31, 2023, estimates APIs make up roughly 57% of Internet traffic, found machine‑learning discovery surfaces about one‑third more endpoints than customers self‑reported, and reported nearly 60% of orgs permit write access to at least half of their APIs. (cloudflare.com) Gartner’s 2024 Market Guide for API Protection frames the market shift: it recommends specialized API protection products that combine discovery, posture governance and runtime protection because basic controls like rate limiting and token validation no longer suffice. (gartner.com) Wallarm’s 2024 ThreatStats analysis reviewed roughly 1.2 billion malicious requests and flagged a roughly 30% year‑over‑year rise in API‑related CVEs, with its Q3 2024 update noting a 21% quarter‑over‑quarter increase in API vulnerabilities and high average CVSS scores around 7. (businesswire.com)