StackGen has partnered with Google Cloud Platform (GCP) to bring its platform to the Google Cloud Marketplace.
API Breaches Persist as Fraud, Bot Attacks, and Generative AI Increase Risks
March 31, 2025
Organizations are failing to protect their APIs despite persistent breaches and increased awareness of security risks, according to 2025 Global State of API Security from Traceable AI.
Key Findings Include:
1. API-Related Data Breaches Continue to Wreak Havoc
57% of organizations suffered an API-related data breach in the past two years, with a staggering 73% of these experiencing three or more incidents. Even more concerning, 41% endured five or more breaches, revealing a systemic failure in API defenses and a clear need for investment in purpose-built API security solutions.
2. Traditional Security Solutions Fail to Deliver API Protection
Despite deploying an array of security tools—from legacy WAFs to CDNs and Gateways—only 19% of organizations rate their defenses as highly effective. Moreover, 53% admit that traditional solutions like WAFs and WAAPs are ineffective at identifying or preventing fraud at the API layer.
3. Generative AI Applications Create New Risks
65% of organizations state that generative AI applications pose a serious to extreme risk to APIs. 60% state that the additional API integrations required for generative AI applications expand their organization's attack surface; the same percentage cite concerns about sensitive data exposure and unauthorized access.
4. Bot Attacks and Fraud are Rampant
53% of organizations have experienced one or more bot attacks involving their APIs, and 44% say that bot mitigation is a top challenge. Fraud is equally concerning, emerging as the second most prevalent cause of API-related data breaches among survey respondents.
5. Third-Party APIs Are a Hidden Danger
Organizations now use an average of 131 third-party APIs, up slightly from last year's 127. Yet, only 16% have a "high ability" to mitigate these external risks, leaving a vast attack surface greatly exposed.
"API breaches are rampant, and the industry is in denial," said Richard Bird, Chief Security Officer of Traceable. "Organizations keep deploying the same solutions — Web Application Firewalls, API gateways, and lifecycle tools — yet only a small percentage report any real success. This cognitive dissonance is a ticking time bomb. The truth is, these traditional defenses are failing, and the more companies rely on them, the more they expose themselves to devastating attacks. We're also seeing a surge in bot attacks, increasing instances of API fraud, and new vulnerabilities emerging from the rapid adoption of generative AI applications. Companies must confront the uncomfortable truth: their current strategies are inadequate. Without a fundamental shift in how they secure APIs, breaches and their consequences will continue to escalate."
Methodology: The study incorporates insights from over 1,500 IT and cybersecurity experts across the US, UK, and EMEA.
Industry News
April 03, 2025
Tricentis announced its spring release of new cloud capabilities for the company’s AI-powered, model-based test automation solution, Tricentis Tosca.
April 03, 2025
Lucid Software has acquired airfocus, an AI-powered product management and roadmapping platform designed to help teams prioritize and build the right products faster.
April 03, 2025
AutonomyAI announced its launch from stealth with $4 million in pre-seed funding.
April 02, 2025
Kong announced the launch of the latest version of Kong AI Gateway, which introduces new features to provide the AI security and governance guardrails needed to make GenAI and Agentic AI production-ready.
April 02, 2025
Traefik Labs announced significant enhancements to its AI Gateway platform along with new developer tools designed to streamline enterprise AI adoption and API development.
April 02, 2025
Zencoder released its next-generation AI coding and unit testing agents, designed to accelerate software development for professional engineers.
April 02, 2025
Windsurf (formerly Codeium) and Netlify announced a new technology partnership that brings seamless, one-click deployment directly into the developer's integrated development environment (IDE.)
April 02, 2025
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, is making significant updates to its certification offerings.
April 01, 2025
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the Golden Kubestronaut program, a distinguished recognition for professionals who have demonstrated the highest level of expertise in Kubernetes, cloud native technologies, and Linux administration.
April 01, 2025
Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade internal developer portal based on the Backstage project.
April 01, 2025
Platform9 announced that Private Cloud Director Community Edition is generally available.
March 31, 2025
Sonatype expanded support for software development in Rust via the Cargo registry to the entire Sonatype product suite.
March 31, 2025
CloudBolt Software announced its acquisition of StormForge, a provider of machine learning-powered Kubernetes resource optimization.
