Progress is offering over 50 enterprise-grade UI components from Progress® KendoReact™, a React UI library for business application development, for free.
The idea of embedding security into DevOps isn't new, and it's fair to say it's never been fully realized, but API security presents a particular challenge for DevOps that requires consideration. API adoption has been on the rise for years, but now that enterprises are accelerating their adoption of AI, there's an explosion of new integrations. APIs serve as the connective tissue for these integrations. Wallarm recently completed our annual API ThreatStats report for 2025. The findings reveal a sharp increase in both AI and API-related vulnerabilities.
The Expanding Attack Surface of APIs
In 2024, APIs emerged as the most targeted attack vector in cybersecurity, accounting for over 50% of recorded exploits in the CISA Known Exploited Vulnerabilities catalog. The complexity of modern software ecosystems, with interconnected services, third-party integrations, and AI-driven applications, has significantly increased the number of exposed API endpoints.
We can break down the most common challenges into a few categories:
■ Insecure Authentication and Authorization: Over 89% of AI-powered APIs were found relying on static keys or weak authentication methods.
■ API Misconfigurations: Shadow APIs and misconfigured endpoints remain a top security risk, often leading to data leaks.
■ Injection Attacks and Memory Corruption: The rise of AI-driven workloads has introduced new attack vectors, such as buffer overflows and model poisoning through API endpoints.
Additionally, the report highlighted that AI-related API vulnerabilities surged by 1,025% in 2024, with nearly 99% of AI CVEs tied directly to API weaknesses. A significant portion of these vulnerabilities stemmed from high-performance binary APIs, which introduced new memory corruption risks due to AI's reliance on hardware acceleration. Moreover, over 57% of AI-powered APIs were externally accessible, and 63% of enterprise leaders admitted that AI adoption had increased their overall API security risk profile.
Lessons from Recent API Breaches
The high-profile API breaches in 2024 highlight the urgent need for stronger API security measures:
■ Dell API Exploit: Attackers exploited weak registration processes to scrape data from 49 million customer records.
■ Twilio Authy Breach: API enumeration vulnerabilities led to the exposure of 33.4 million linked phone numbers, enabling phishing and SIM-swapping attacks.
■ Digi Yatra Data Leak: Misconfigured API endpoints exposed 1.74 million Aadhaar-linked personal details, emphasizing the risks of improper access control.
How Can DevOps Teams Strengthen API Security?
Given the current threat landscape, DevOps teams must become fluent in API security. Best practices include:
■ Comprehensive API Discovery and Inventory: Implement automated tools to detect and catalog all API endpoints, including shadow APIs.
■ Stronger Authentication and Access Controls: Shift from static keys to OAuth 2.0, JWTs with expiration, and fine-grained role-based access.
■ Real-Time API Monitoring and Threat Detection: Utilize AI-powered anomaly detection to identify and respond to suspicious API activity.
■ Secure CI/CD Pipelines: Integrate API security testing into the software development lifecycle to catch vulnerabilities before deployment.
■ Rate Limiting and Abuse Prevention: Enforce dynamic rate limiting to prevent API abuse and data scraping attempts.
Conclusion
API security can no longer be an afterthought. It has to be a core capability for DevOps teams. With APIs playing a critical role in enterprise infrastructure, securing them against evolving threats is essential to maintaining operational resilience and protecting sensitive data. By proactively addressing API vulnerabilities, DevOps teams can mitigate risks and ensure secure, reliable API and AI deployments in 2025 and beyond.
Industry News
Opsera announced a new Leadership Dashboard capability within Opsera Unified Insights.
Cycloid announced the introduction of Components, a new management layer enabling a modular, structured approach to managing cloud resources within the Cycloid engineering platform.
ServiceNow unveiled the Yokohama platform release, including ServiceNow Studio which provides a unified workspace for rapid application development and governance.
Sonar announced the upcoming availability of SonarQube Advanced Security.
ScaleOut Software introduces generative AI and machine-learning (ML) powered enhancements to its ScaleOut Digital Twins™ cloud service and on-premises hosting platform with the release of Version 4.
Kurrent unveiled a developer-centric evolution of Kurrent Cloud that transforms how developers and dev teams build, deploy and scale event-native applications and services.
ArmorCode announced the launch of two new apps in the ServiceNow Store.
Parasoft(link is external) is accelerating the release of its C/C++test 2025.1 solution, following the just-published MISRA C:2025 coding standard.
GitHub is making GitHub Advanced Security (GHAS) more accessible for developers and teams of all sizes.
ArmorCode announced the enhanced ArmorCode Partner Program, highlighting its goal to achieve a 100 percent channel-first sales model.
Parasoft(link is external) is showcasing its latest product innovations at embedded world Exhibition, booth 4-318(link is external), including new GenAI integration with Microsoft Visual Studio Code (VS Code) to optimize test automation of safety-critical applications while reducing development time, cost, and risk.
JFrog announced general availability of its integration with NVIDIA NIM microservices, part of the NVIDIA AI Enterprise software platform.
CloudCasa by Catalogic announce an integration with SUSE® Rancher Prime via a new Rancher Prime Extension.
MacStadium(link is external) announced the extended availability of Orka(link is external) Cluster 3.2, establishing the market’s first enterprise-grade macOS virtualization solution available across multiple deployment options.