AI-Enhanced Attacks Are A Rising Threat

Uploaded on 2025-01-10 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

Research findings from cloud and API technologies development firm Kong focus on the  API security landscape and how recent developments in AI will impact it. 

In particular, Kong's findings put into perspective the importance of having a strong security strategy, noting that 1 in 5 respondents cited their organisation has experienced an API security incident costing more than $500k in the past 12 months. 

 To gather these insights, Kong surveyed 700 IT professionals and business leaders across two key markets: the United States and the United Kingdom and and have produced a report which examines the evolving landscape of API security by analysing expert opinions on current trends and dynamics.

Most notably, 25% of respondents have encountered AI-enhanced security threats related to APIs or LLMs, with 75% of respondents expressing serious concern about AI-enhanced attacks in the future.

While 85% say they’re confident in their organisation’s security capabilities, 55% of respondents cited they’ve experienced an API security incident in the past year, highlighting a notable disconnect.

While 92% of respondents say they are taking measures to counter AI-enhanced attacks and 88% of respondents citing API security as a top priority, it is clear that many organisations lack the comprehensive security measures needed to protect their API infrastructure in the AI era.  “Organisations cannot afford to underestimate their own security risks - especially in the age of AI,” said Marco Palladino, CTO and Co-Founder of Kong. 

“As AI continues to advance, not only will companies create more vulnerabilities within their own organisations, but attacks will become more sophisticated. Understanding the full threat landscape is crucial to maintaining a strong API security posture.” Palladino added. 

As might be expected 84% of respondents feel AI and LLMs will make securing APIs more difficult, but surprisingly, the research finds many basic API security tactics being left out of overall strategy.  Only 35% of organisations are adopting zero-trust architecture in order to mitigate API security risks and only 3% of respondents cite shadow APIs as a significant security threat to their organisation. With the convergence of APIs and AI, it is more important than ever to have a strong API security posture. 

Additional Information from the Report includes: 

  • The top three measures organisations are taking to secure APIs against AI-enhanced threats include increased monitoring and traffic analysis (66%), educating staff on AI-related threats (60%), and AI-driven threat detection systems (51%).
  • The top three steps being taken to mitigate API security risks are API monitoring and anomaly detection tools (63%), API gateway solutions (61%), and API encryption and tokenisation (58%).
  • 45% of organisations have dedicated at least 20% of their cybersecurity budgets to API security.
  • 41% are unsure or doubtful that their organisation's investment is enough to cover API security risks.
  • 66% of organisations are implementing API governance frameworks to ensure compliance with internal policies and external regulations (e.g., GDPR, HIPAA).

Kong's  Application Programming Interface (API) Security Perspectives 2025 as a AI-Enhanced Threats and API Security Report is available Here:

Image:  @thekonginc

You Might Also Read: 

Five Reasons Your Organization Needs API Security Testing:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« CISA Finds Serious Problems In Oracle & Mitel Systems
Q3 2024: Over Half A Million Cyber Attacks On Critical Infrastructure »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Spiceworks

Spiceworks

Spiceworks provide a range of free apps for IT professionals including network inventory, network monitor, and help desk.

Telos

Telos

Telos offers cybersecurity solutions and services that empower and protect the world’s most security-conscious enterprises.

SentryBay

SentryBay

SentryBay is a real-time data security company developing technology for PC, mobile, the cloud and IoT.

ShiftLeft

ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle.

Axiomtek

Axiomtek

Axiomtek is a leading design and manufacturing company in the industrial computer and embedded field.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

Venkon

Venkon

Venkon provides effective and unique solutions to cyber-security threats and IT compliance requirements of your organization.

AEWIN Technologies

AEWIN Technologies

AEWIN is professional in the fields of Network Appliance, Cyber Security, Server, Edge Computing and an ODM/OEM expert.

Harvey Nash

Harvey Nash

Harvey Nash is a leading global provider of talent and technology solutions.

Virtual Technologies Group (VTG)

Virtual Technologies Group (VTG)

Virtual Technologies Group is a single source, IT product and services provider for SMBs and IT departments, delivering reliable, cost-efficient service, maintenance and support solutions.

Center for Information Security Awareness (CFISA)

Center for Information Security Awareness (CFISA)

CFISA was formed by a group of academics, security and fraud experts to explore ways to increase security awareness among audiences, including consumers, employees, businesses and law enforcement.

Vertex Cyber Security

Vertex Cyber Security

Vertex provide Cyber Security Services to small to large businesses including Advise, Consulting, Adding Security Partnership, Penetration Testing, ISO 27001-2 and Audits.

Indevtech

Indevtech

Indevtech has been serving Hawaii since 2001, providing end-to-end managed IT services to small- and medium-businesses.

Intertec Systems

Intertec Systems

Intertec Systems is an award-winning, global IT solutions and services provider that specializes in digital transformation, cybersecurity, sustainability, and cloud services.

Ncontracts

Ncontracts

Our mission at Ncontracts is to continually improve our clients’ ability to manage risk and compliance.

Replica

Replica

Replica creates authentic virtual environments that ensure identities and assets are always protected no matter where or what work needs to get done.