The latest State of API Security Report by Salt Security has highlighted the ongoing challenges faced by organisations in securing their application programming interfaces (APIs). The Salt Labs State of API Security Report Q1 2025 draws on survey responses from over 200 IT and security professionals, alongside anonymised data from Salt Security’s customer base, to provide a detailed overview of the current API security landscape.
The report reveals that API security remains a significant concern, with 99% of respondents reporting encountering security issues within the past year. Furthermore, 55% of organisations have experienced delays in application rollouts due to API security worries. Analysis of prevalent security challenges in live APIs identified vulnerabilities, such as injection attacks and Broken Object-Level Authorization (BOLA), as the leading issue (37%), followed by sensitive data exposure (34%) and authentication weaknesses (29%).
The increasing use of generative AI (GenAI) has compounded these challenges. 47% of respondents expressed concerns about securing AI-generated code, while 40% cited potential vulnerabilities introduced by such code as a key risk. Notably, only 11% of respondents dismissed GenAI applications as a growing security concern within their organisations.
Salt Labs’ analysis of customer API traffic indicated that 95% of API attacks originated from authenticated sources, suggesting that traditional authentication-centric security measures are no longer sufficient. Additionally, 98% of attack attempts targeted external-facing APIs, confirming that publicly accessible APIs remain the primary target for malicious actors.
The report emphasises the importance of API posture governance strategies, which involve establishing and deploying consistent security standards across an organisation’s API ecosystem. However, only 10% of organisations currently have such a strategy in place. Encouragingly, 43% plan to implement one within the next 12 months, reflecting a growing awareness of the need for proactive securi ..
Support the originator by clicking the read the rest link below.