The most recent State of API Safety Report by Salt Safety has highlighted the continuing challenges confronted by organisations in securing their software programming interfaces (APIs). The Salt Labs State of API Security Report Q1 2025 attracts on survey responses from over 200 IT and safety professionals, alongside anonymised knowledge from Salt Safety’s buyer base, to offer an in depth overview of the present API safety panorama.
The report reveals that API safety stays a major concern, with 99% of respondents reporting encountering safety points inside the previous 12 months. Moreover, 55% of organisations have skilled delays in software rollouts because of API safety worries. Evaluation of prevalent safety challenges in dwell APIs recognized vulnerabilities, comparable to injection assaults and Damaged Object-Degree Authorization (BOLA), because the main challenge (37%), adopted by delicate knowledge publicity (34%) and authentication weaknesses (29%).
The growing use of generative AI (GenAI) has compounded these challenges. 47% of respondents expressed issues about securing AI-generated code, whereas 40% cited potential vulnerabilities launched by such code as a key danger. Notably, solely 11% of respondents dismissed GenAI purposes as a rising safety concern inside their organisations.
Salt Labs’ evaluation of buyer API site visitors indicated that 95% of API assaults originated from authenticated sources, suggesting that conventional authentication-centric safety measures are not enough. Moreover, 98% of assault makes an attempt focused external-facing APIs, confirming that publicly accessible APIs stay the first goal for malicious actors.
The report emphasises the significance of API posture governance methods, which contain establishing and deploying constant safety requirements throughout an organisation’s API ecosystem. Nevertheless, solely 10% of organisations at the moment have such a method in place. Encouragingly, 43% plan to implement one inside the subsequent 12 months, reflecting a rising consciousness of the necessity for proactive safety measures.
Regardless of 69% of organisations growing their API safety budgets by over 5%, the general maturity of API safety methods stays low. 59% of respondents are nonetheless within the planning or fundamental levels, with solely 6% reporting superior programmes. Funds constraints, useful resource limitations, and insufficient tooling had been cited as key obstacles to progress.
Evaluation of assault methods revealed that 80% of assault makes an attempt align with the OWASP API Safety Prime 10 checklist. Particularly, safety misconfigurations (API8) accounted for 54% of assaults, whereas damaged object-level authorisation (API1) represented 27%.
The report additionally highlighted the fast development in API adoption, with 30% of organisations reporting a 51-100% enhance within the variety of APIs they handle over the previous 12 months, and 25% experiencing development exceeding 100%. 43% of organisations now handle as much as 100 APIs, whereas 34% oversee between 101 and 500 APIs every day.
To mitigate GenAI dangers, organisations are implementing numerous methods, together with developer coaching (56%), specialised AI safety instruments (37%), and code critiques and safety testing (40%).
Measuring the return on funding (ROI) of API safety is essential for aligning safety initiatives with organisational objectives. 37% of organisations consider enhancements in compliance posture, 25% measure value financial savings from stopping breaches, and 16% observe reductions in API-related safety incidents.
Lastly, the report uncovered important gaps in API monitoring and stock administration. Solely 15% of respondents expressed sturdy confidence within the accuracy of their API inventories, whereas 34% admitted an absence of visibility into delicate knowledge publicity by way of APIs. Worryingly, solely 20% have measures in place for steady API monitoring.
The publish Almost All Organisations Experienced API Security Issues in Past Year appeared first on IT Security Guru.
