A new study finds 25 percent of respondents have encountered AI-enhanced security threats related to APIs or LLMs, with 75 percent of respondents expressing serious concern about AI-enhanced attacks in the future.
The research from API specialist Kong shows that although 85 percent say they're confident in their organization's security capabilities, 55 percent of respondents have experienced an API security incident in the past year, highlighting a notable disconnect.
While 92 percent of respondents say they are taking measures to counter AI-enhanced attacks and 88 percent of respondents citing API security as a top priority, it is clear that many organizations lack the comprehensive security measures needed to protect their API infrastructure in the AI era.
"Organizations cannot afford to underestimate their own security risks -- especially in the age of AI," says Marco Palladino, CTO and co-founder of Kong, Inc. "The report showcases that API security is being taken seriously as part of overall cybersecurity strategy, but there are still some blind spots that can open an organization up to threats. As AI continues to advance, not only will companies create more vulnerabilities within their own organizations, but attacks will become more sophisticated. Understanding the full threat landscape is crucial to maintaining a strong API security posture."
As might be expected 84 percent of respondents feel AI and LLMs will make securing APIs more difficult, but surprisingly, the research finds many basic API security tactics being left out of overall strategy. Only 35 percent of organizations are adopting zero-trust architecture in order to mitigate API security risks and only three percent of respondents cite shadow APIs as a significant security threat to their organization.
The top three steps being taken to mitigate API security risks are API monitoring and anomaly detection tools (63 percent), API gateway solutions (61 percent), and API encryption and tokenization (58 percent), while 45 percent of organizations have dedicated at least 20 percent of their cybersecurity budgets to API security.
The full report is available from the Kong site.
Image credit: [email protected]/depositphotos.com