API Security in the Age of AI: A Growing Concern

Introduction

Kong Inc., a leading developer of cloud API technologies, has released a report on API Security Perspectives 2025: AI-Enhanced Threats and API Security, which highlights the current state of API security and the impact of new developments in AI on it.

Key Findings

According to the report, 25% of respondents have already experienced an AI-enhanced security incident, while 75% of respondents expressed serious concern about AI-enhanced attacks in the future. Additionally, 55% of respondents have experienced an API security incident in the past year, highlighting a notable disconnect.

The Importance of Strong Security Strategy

One in five respondents cited their organization has experienced an API security incident costing more than $500,000 in the past 12 months. This underscores the importance of having a strong security strategy in place.

Security Measures Taken

While 92% of respondents are taking measures to counter AI-enhanced attacks, 88% of respondents cite API security as a top priority. However, it is clear that many organizations lack the comprehensive security measures needed to protect their API infrastructure in the AI era.

Expert Insights

“Organizations cannot afford to underestimate their own security risks — especially in the age of AI,” said Marco Palladino, CTO and Co-Founder of Kong, Inc. “The report showcases that API security is being taken seriously as part of overall cybersecurity strategy, but there are still some blind spots that can open an organization up to threats.”

Organizational Preparedness

As expected, 84% of respondents feel AI and LLMs will make securing APIs more difficult. However, the research finds many basic API security tactics being left out of overall strategy.

Zero-Trust Architecture and Shadow APIs

Only 35% of organizations are adopting zero-trust architecture to mitigate API security risks, and only 3% of respondents cite shadow APIs as a significant security threat to their organization.

Additional Key Statistics

• The top three measures organizations are taking to secure APIs against AI-enhanced threats include increased monitoring and traffic analysis (66%), educating staff on AI-related threats (60%), and AI-driven threat detection systems (51%).
• The top three steps being taken to mitigate API security risks are API monitoring and anomaly detection tools (63%), API gateway solutions (61%), and API encryption and tokenization (58%).
• 45% of organizations have dedicated at least 20% of their cybersecurity budgets to API security.
• 41% are unsure or doubtful that their organization’s investment is enough to cover API security risks.
• 66% of organizations are implementing API governance frameworks to ensure compliance with internal policies and external regulations (e.g., GDPR, HIPAA).

Conclusion

The report highlights the growing concern of API security in the age of AI and the need for organizations to prioritize this issue. As AI continues to advance, it is crucial for organizations to understand the full threat landscape and maintain a strong API security posture.

FAQs

Q: What is the primary concern for API security in the age of AI?
A: According to the report, 75% of respondents expressed serious concern about AI-enhanced attacks in the future.

Q: What percentage of organizations have experienced an API security incident in the past year?
A: 55% of respondents have experienced an API security incident in the past year.

Q: What is the average cost of an API security incident?
A: 1 in 5 respondents cited their organization has experienced an API security incident costing more than $500,000 in the past 12 months.

Q: What is the most effective measure taken to counter AI-enhanced attacks?
A: 92% of respondents are taking measures to counter AI-enhanced attacks.

Q: How many organizations are adopting zero-trust architecture to mitigate API security risks?
A: 35% of organizations are adopting zero-trust architecture to mitigate API security risks.

Q: How many organizations are implementing API governance frameworks to ensure compliance with internal policies and external regulations?
A: 66% of organizations are implementing API governance frameworks to ensure compliance with internal policies and external regulations.