API security was analyzed in a recent report by Traceable AI. The report analyzes API-related data breaches, API sprawl, the use of traditional solutions such as web application firewalls, API governance and the emerging role of zero trust security in fortifying API security. 

Within the last two years, 60% of organizations faced at least one API-related breach. Seventy-four percent of these endured three or more incidents, revealing a relentless threat landscape with 23% undergoing six or more breaches. Alongside fraud and known attacks, DDoS stands out as the primary API breach method. Compounding this, 58% agree that APIs substantially expand organizations’ attack surface.

According to the report, 38% can discern intricate context between API activity, user behaviors and data flow. Fifty-seven percent of respondents feel traditional security solutions, including web application firewalls, can't effectively distinguish genuine from fraudulent API activity.

With 61% anticipating rising API-related risks in the next two years, organizations are also wrestling with challenges like API sprawl (48%) and keeping an accurate inventory (39%).

While dealing with an average of 127 third-party API connections, 33% express confidence in managing these external threats.

Read the full report here.