AI-Enhanced Attacks Are A Rising Threat

Uploaded on 2025-01-10 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

Research findings from cloud and API technologies development firm Kong focus on the  API security landscape and how recent developments in AI will impact it. 

In particular, Kong's findings put into perspective the importance of having a strong security strategy, noting that 1 in 5 respondents cited their organisation has experienced an API security incident costing more than $500k in the past 12 months. 

 To gather these insights, Kong surveyed 700 IT professionals and business leaders across two key markets: the United States and the United Kingdom and and have produced a report which examines the evolving landscape of API security by analysing expert opinions on current trends and dynamics.

Most notably, 25% of respondents have encountered AI-enhanced security threats related to APIs or LLMs, with 75% of respondents expressing serious concern about AI-enhanced attacks in the future.

While 85% say they’re confident in their organisation’s security capabilities, 55% of respondents cited they’ve experienced an API security incident in the past year, highlighting a notable disconnect.

While 92% of respondents say they are taking measures to counter AI-enhanced attacks and 88% of respondents citing API security as a top priority, it is clear that many organisations lack the comprehensive security measures needed to protect their API infrastructure in the AI era.  “Organisations cannot afford to underestimate their own security risks - especially in the age of AI,” said Marco Palladino, CTO and Co-Founder of Kong. 

“As AI continues to advance, not only will companies create more vulnerabilities within their own organisations, but attacks will become more sophisticated. Understanding the full threat landscape is crucial to maintaining a strong API security posture.” Palladino added. 

As might be expected 84% of respondents feel AI and LLMs will make securing APIs more difficult, but surprisingly, the research finds many basic API security tactics being left out of overall strategy.  Only 35% of organisations are adopting zero-trust architecture in order to mitigate API security risks and only 3% of respondents cite shadow APIs as a significant security threat to their organisation. With the convergence of APIs and AI, it is more important than ever to have a strong API security posture. 

Additional Information from the Report includes: 

  • The top three measures organisations are taking to secure APIs against AI-enhanced threats include increased monitoring and traffic analysis (66%), educating staff on AI-related threats (60%), and AI-driven threat detection systems (51%).
  • The top three steps being taken to mitigate API security risks are API monitoring and anomaly detection tools (63%), API gateway solutions (61%), and API encryption and tokenisation (58%).
  • 45% of organisations have dedicated at least 20% of their cybersecurity budgets to API security.
  • 41% are unsure or doubtful that their organisation's investment is enough to cover API security risks.
  • 66% of organisations are implementing API governance frameworks to ensure compliance with internal policies and external regulations (e.g., GDPR, HIPAA).

Kong's  Application Programming Interface (API) Security Perspectives 2025 as a AI-Enhanced Threats and API Security Report is available Here:

Image:  @thekonginc

You Might Also Read: 

Five Reasons Your Organization Needs API Security Testing:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« CISA Finds Serious Problems In Oracle & Mitel Systems
Q3 2024: Over Half A Million Cyber Attacks On Critical Infrastructure »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ComTrue Technologies

ComTrue Technologies

ComTrue Technologies provides artificial intelligence solutions and information security solutions.

Flashpoint

Flashpoint

Flashpoint is a globally trusted leader in risk intelligence for organizations that demand the fastest, most comprehensive coverage of threatening activity on the internet.

HvS Consulting

HvS Consulting

HvS Consulting is a specialist information security company offering a full range of services including IT security architecture, ISO 27001 audits, Pentesting, Security monitoring and Training.

ERMProtect

ERMProtect

ERMProtect is a leading Information Security & Training Company that helps businesses improve their cybersecurity posture and comply with regulations.

DarkLight

DarkLight

DarkLight is a cybersecurity platform that mimics human thinking at scale to build resiliency to Advanced Persistent Threats.

Oceania Cyber Security Centre (OCSC)

Oceania Cyber Security Centre (OCSC)

OCSC engages with government and industry to conduct research, develop training opportunities and build capacity for responding to current and emerging cyber security issues.

African Cyber Security

African Cyber Security

African Cyber Security and it's partners, have the expertise and skills to provide holistic solutions for companies, institutions and government.

Sovereign Intelligence

Sovereign Intelligence

Sovereign Intelligence provides automated insight into the relative intensity of hidden Cyber, Brand, and Financial Risks to your company.

Hawk Network Defense

Hawk Network Defense

HAWK.io is the First Fully Automated, Multi-Tenant, Cloud-Based, MDR Service Company.

Cira Info Tech

Cira Info Tech

Cira InfoTech’s cyber security and network consulting and managed services deliver unmatched talented resources and capabilities required to design and build an agile and adaptive IT environment.

Vala Secure

Vala Secure

Vala Secure is a cybersecurity and compliance consultancy that always stays ahead of regulations, future threats and ever-changing security environments.

Novacoast

Novacoast

Novacoast helps organizations find, create & implement solutions for a powerful security posture through advisory, engineering, development & managed services.

Liquis Inc.

Liquis Inc.

Liquis, founded in 2002, is one of the largest facility decommissioning services companies in the U.S.

Logiq Consulting

Logiq Consulting

Logiq Consulting provide a full range of Cyber Security, Information Assurance and System Engineering services.

Internet Watch Foundation (IWF)

Internet Watch Foundation (IWF)

Since the early days of the internet, our job has been to help child victims of sexual abuse by hunting down and removing any online record of the abuse.

SpectrumWise

SpectrumWise

SpectrumWise is a business technology specialist that provides Managed Services and Managed Security for small and medium IT Networks.